On Thu, Mar 19, 2009 at 10:44 AM, Joseph <syscon...@gmail.com> wrote: > On 03/19/09 10:03, Paul Hartman wrote: > [snip] >>> >>> log/messages prints: >>> user nx not allowed because account is locked >>> >>> How to unlock the account? >> >> passwd -u nx >> >> I had to do the same thing. >> >> Paul > > > Yes, I tried it already: > > passwd -u nx > passwd: unlocking the user would result in a passwordless account. > You should set password with usermod -p to unlock this user account. > Password changed. > > What do you do next? > > When I try to run again: > nxsetup --install --setup-nomachine-key --clean --purge > > I get: > ... > Setting up /var/log/nxserver.log ...done > Setting up special user "nx" ...passwd: unlocking the user would result in a > passwordless account. > You should set a password with usermod -p to unlock this user account. > Password changed. > done. > ... > ----> Testing your nxserver connection ... > Permission denied (publickey,keyboard-interactive). > Fatal error: Could not connect to NX Server. > > Please check your ssh setup: > > The following are _examples_ of what you might need to check. > > - Make sure "nx" is one of the AllowUsers in sshd_config. > (or that the line is outcommented/not there) > - Make sure "nx" is one of the AllowGroups in sshd_config. > (or that the line is outcommented/not there) > - Make sure your sshd allows public key authentication. > - Make sure your sshd is really running on port 22. > - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set > to authorized_keys2. > (this should be a filename not a pathname+filename) > - Make sure you allow ssh on localhost, this could come from some > restriction of: > -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost > -the iptables. add to it: > $ iptables -A INPUT -i lo -j ACCEPT > $ iptables -A OUTPUT -o lo -j ACCEPT > > > So at this point I'm back to square one in log/messages I get: > User nx not allowed because account is locked
Oh, try to give user nx a password on your system. It uses ssh keys to login, so it doesn't even matter what the password is. Just don't make it something easily guessed/brute-force like "nx" or "1234" or else you might have some unwanted guests in your system :)
