0

I have someone trying to connect to a CenOS 7 server via Windows Remote Desktop (based on the instructions here: https://www.itzgeek.com/how-tos/linux/centos-how-tos/install-xrdp-remote-desktop-to-centos-6-rhel-6.html) using SSSD and their AD credentials (if relevant), but when they trying to connect all they see is a blue flashing screen (that blinks more when they click on it). An example of what they see is shown below (they did not have this problem a few weeks ago): enter image description here

Note that my own account is able to connect without issue. Comparing what I see in the .xsession-errors files, I see...

[root@myserver ~]# cat /home/problemuser/.xsession-errors 
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
generating cookie with syscall
generating cookie with syscall
generating cookie with syscall
generating cookie with syscall
** Message: 14:02:02.592: couldn't access control socket: /run/user/9010/keyring/control: No such file or directory
SSH_AUTH_SOCK=/run/user/9010/keyring/ssh
SSH_AUTH_SOCK=/run/user/9010/keyring/ssh
SSH_AUTH_SOCK=/run/user/9010/keyring/ssh
/usr/share/system-config-printer/applet.py:44: PyGIWarning: Notify was imported without specifying a version first. Use gi.require_version('Notify', '0.7') before import to ensure that the right version gets loaded.
  from gi.repository import Notify
system-config-printer-applet: failed to start NewPrinterNotification service
system-config-printer-applet: failed to start PrinterDriversInstaller service: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.390" is not allowed to own the service "com.redhat.PrinterDriversInstaller" due to security policies in the configuration file
Initializing caja-image-converter extension
Initializing caja-open-terminal extension
*** ERROR ***
TI:14:02:03 TH:0x2177860    FI:gpm-manager.c    FN:gpm_manager_systemd_inhibit,1784
 - Error in dbus - GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Permission denied
Traceback:
    mate-power-manager() [0x418b9f]
    mate-power-manager() [0x411220]
    /lib64/libgobject-2.0.so.0(g_type_create_instance+0x1fb) [0x7f300ceeb5cb]
    /lib64/libgobject-2.0.so.0(+0x152dd) [0x7f300cecf2dd]
    /lib64/libgobject-2.0.so.0(g_object_new_with_properties+0x27d) [0x7f300ced0b8d]
    /lib64/libgobject-2.0.so.0(g_object_new+0xc1) [0x7f300ced1571]
    mate-power-manager() [0x411a22]
    mate-power-manager() [0x4080b8]
    /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f300c2db445]
    mate-power-manager() [0x4083db]

(nm-applet:62027): Gdk-CRITICAL **: 14:02:03.554: gdk_window_thaw_toplevel_updates: assertion 'window->update_and_descendants_freeze_count > 0' failed
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
Window manager warning: last_focus_time (244936105) is greater than comparison timestamp (3337021795).  This most likely represents a buggy client sending inaccurate timestamps in messages such as _NET_ACTIVE_WINDOW.  Trying to work around...
Window manager warning: last_user_time (244936105) is greater than comparison timestamp (3337021795).  This most likely represents a buggy client sending inaccurate timestamps in messages such as _NET_ACTIVE_WINDOW.  Trying to work around...
Window manager warning: 0x1000003 (Top Expand) appears to be one of the offending windows with a timestamp of 244936370.  Working around...
Window manager warning: 0x1000024 (Bottom Exp) appears to be one of the offending windows with a timestamp of 244936375.  Working around...
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"5: Error occurred while executing method
2: [system] No such file or directory"
"5: Error occurred while executing method
2: [system] No such file or directory"
"5: Error occurred while executing method
2: [system] No such file or directory"
"5: Error occurred while executing method
2: [system] No such file or directory"
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
[root@myserver ~]# 
[root@myserver ~]#
[root@myserver ~]#
[root@myserver ~]#
[root@myserver ~]# 
[root@myserver ~]# #my own user that can log in fine
[root@myserver ~]# cat /home/myuser/.xsession-errors 
/usr/bin/id: cannot find name for group ID 10001
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
generating cookie with syscall
generating cookie with syscall
generating cookie with syscall
generating cookie with syscall
** Message: 16:51:42.373: couldn't access control socket: /run/user/10003/keyring/control: No such file or directory
SSH_AUTH_SOCK=/run/user/10003/keyring/ssh
SSH_AUTH_SOCK=/run/user/10003/keyring/ssh
SSH_AUTH_SOCK=/run/user/10003/keyring/ssh
/usr/share/system-config-printer/applet.py:44: PyGIWarning: Notify was imported without specifying a version first. Use gi.require_version('Notify', '0.7') before import to ensure that the right version gets loaded.
  from gi.repository import Notify
system-config-printer-applet: failed to start NewPrinterNotification service
system-config-printer-applet: failed to start PrinterDriversInstaller service: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.3946" is not allowed to own the service "com.redhat.PrinterDriversInstaller" due to security policies in the configuration file
Initializing caja-image-converter extension
Initializing caja-open-terminal extension
*** ERROR ***
TI:16:51:43 TH:0x1878670    FI:gpm-manager.c    FN:gpm_manager_systemd_inhibit,1784
 - Error in dbus - GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Permission denied
Traceback:
    mate-power-manager() [0x418b9f]
    mate-power-manager() [0x411220]
    /lib64/libgobject-2.0.so.0(g_type_create_instance+0x1fb) [0x7fc13da045cb]
    /lib64/libgobject-2.0.so.0(+0x152dd) [0x7fc13d9e82dd]
    /lib64/libgobject-2.0.so.0(g_object_new_with_properties+0x27d) [0x7fc13d9e9b8d]
    /lib64/libgobject-2.0.so.0(g_object_new+0xc1) [0x7fc13d9ea571]
    mate-power-manager() [0x411a22]
    mate-power-manager() [0x4080b8]
    /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fc13cdf4445]
    mate-power-manager() [0x4083db]
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast

(Both of our .Xclients are "mate-session" and not totally sure which parts are relevant here, sine the logs have no timestamps).

Note that the background does normally look like... enter image description here

Running the who command (in case perhaps there is a stale session that is interfering with them logging in again) all I see is my own user on the system and having them restart their client machine does not help either.

Anyone with more experience with this have any ideas what could be going on? More debugging steps to try to get more info about what could be happening?

lampShadesDrifter
  • 111
  • 4
  • Think I found the issue: To do with the fact that their AD property UNIX UID was changed recently, so their existing `/home` dirs were rejecting them now b/c were expecting a different owner UID. Running `sudo id myuser` and comparing with what I see in `ls -lh /home/myuser`, can see that the UIDs are different (plus the `ls -lh` command on the dir shows a number (the old UID) for the owner rather than the user name as it normally would). Jives with the "5: Error occurred while executing method 2: [system] No such file or directory" errors in the `.xsession-errors` file as well. – lampShadesDrifter Mar 13 '21 at 07:13
  • Note that in the future I would recommend anyone against using CentOS as a RDP client in most cases (especially for general users and even *most* devs (we do have devs that use this configuration plus `virtualenv`s to work on Apache Airflow pipelines and this like that)). General office users will run into issues that will **suck up more support time** than the money you'd save on Windows licenses. Any sort of **unified security/configuration** stance is going to be inherently more **difficult (and time-consuming)**, and compliance-level requirements can be problematic. – lampShadesDrifter Mar 14 '21 at 09:59

0 Answers0