You are not logged in.
Hi
I have successfully been connecting to my arch machine at work using xrdp, but that has stopped working within the last couple of weeks. I have done some digging and it seems that maybe it is related to updates to pam and/or systemd, but I'm totally out of my depth here, so any help is appreciated!
Local logins work, ssh logins work. I'm using X/kde
In my rdp client I'm presented with the usual xrdp connect screen (Xorg/username/password) after entering username and password, the screen goes black and after a little while a box pops up saying: "Could not sync environment to dbus." - When I acknowledge that error, the remote session closes.
In my journald I think that things fail due to this, but I may be mistaken:
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: pam_systemd(xrdp-sesman:session): Failed to create session: No child processes
I have been unable to google anything on that particular variant of "Failed to create session".
It looks like the pam_systemd module is supposed to set the variables that the KDE stuff is missing in the log. That is why I think that it is somehow involved. I have also tried nomachine, login on that one also fail. I have looked for .pacnew files in /etc, but nothing stands out.
The journal around the login attempt looks like this with pam_systemd debugging enabled (I did not acknowledge the dbus error, so the disconnect isn't included):
Sep 02 10:12:18 chris-linux xrdp[36512]: (36512)(139782012856704)[INFO ] starting xrdp with pid 36512
Sep 02 10:12:18 chris-linux xrdp[36512]: (36512)(139782012856704)[INFO ] address [0.0.0.0] port [3389] mode 1
Sep 02 10:12:18 chris-linux xrdp[36512]: (36512)(139782012856704)[INFO ] listening to port 3389 on 0.0.0.0
Sep 02 10:12:18 chris-linux xrdp[36512]: (36512)(139782012856704)[INFO ] xrdp_listen_pp done
Sep 02 10:20:10 chris-linux xrdp[36512]: (36512)(139782012856704)[INFO ] Socket 12: AF_INET connection received from 10.0.0.4 port 3332
Sep 02 10:20:10 chris-linux xrdp[36512]: (36512)(139782012856704)[DEBUG] Closed socket 12 (AF_INET 10.0.0.97:3389)
Sep 02 10:20:10 chris-linux xrdp[40642]: (40642)(139782012856704)[DEBUG] Closed socket 11 (AF_INET 0.0.0.0:3389)
Sep 02 10:20:10 chris-linux xrdp[40642]: (40642)(139782012856704)[INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
Sep 02 10:20:10 chris-linux xrdp[40642]: (40642)(139782012856704)[INFO ] Using default X.509 key file: /etc/xrdp/key.pem
Sep 02 10:20:10 chris-linux xrdp[40642]: (40642)(139782012856704)[DEBUG] TLSv1.3 enabled
Sep 02 10:20:10 chris-linux xrdp[40642]: (40642)(139782012856704)[DEBUG] TLSv1.2 enabled
Sep 02 10:20:10 chris-linux xrdp[40642]: (40642)(139782012856704)[DEBUG] Security layer: requested 11, selected 1
Sep 02 10:20:10 chris-linux xrdp[40642]: (40642)(139782012856704)[DEBUG] Closed socket 12 (AF_INET 10.0.0.97:3389)
Sep 02 10:20:11 chris-linux xrdp[36512]: (36512)(139782012856704)[INFO ] Socket 12: AF_INET connection received from 10.0.0.4 port 3333
Sep 02 10:20:11 chris-linux xrdp[36512]: (36512)(139782012856704)[DEBUG] Closed socket 12 (AF_INET 10.0.0.97:3389)
Sep 02 10:20:11 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] Closed socket 11 (AF_INET 0.0.0.0:3389)
Sep 02 10:20:11 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
Sep 02 10:20:11 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] Using default X.509 key file: /etc/xrdp/key.pem
Sep 02 10:20:11 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] TLSv1.3 enabled
Sep 02 10:20:11 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] TLSv1.2 enabled
Sep 02 10:20:11 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] Security layer: requested 11, selected 1
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] connected client computer name: DESKTOP-7GSAN55
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] adding channel item name rdpdr chan_id 1004 flags 0x80800000
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] adding channel item name rdpsnd chan_id 1005 flags 0xc0000000
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] adding channel item name cliprdr chan_id 1006 flags 0xc0a00000
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] adding channel item name drdynvc chan_id 1007 flags 0xc0800000
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] TLS connection established from 10.0.0.4 port 3333: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] xrdp_00009ec3_wm_login_mode_event_00000001
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] Cannot find keymap file /etc/xrdp/km-d0010409.ini
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
Sep 02 10:20:12 chris-linux xrdp[40643]: (40643)(139782012856704)[WARN ] local keymap file for 0xd0010409 found and doesn't match built in keymap, using local keymap file
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] xrdp_wm_log_msg: connecting to sesman ip 127.0.0.1 port 3350
Sep 02 10:20:17 chris-linux xrdp-sesman[36510]: (36510)(140498268055360)[INFO ] A connection received from 127.0.0.1 port 56662
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] xrdp_wm_log_msg: sesman connect ok
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] xrdp_wm_log_msg: sending login info to session manager, please wait...
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] return value from xrdp_mm_connect 0
Sep 02 10:20:17 chris-linux audit[36510]: USER_AUTH pid=36510 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_shells,pam_faillock,pam_permit,pam_faillock acct="chris" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=xrdp-sesman res=success'
Sep 02 10:20:17 chris-linux kernel: audit: type=1100 audit(1599034817.320:606): pid=36510 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_shells,pam_faillock,pam_permit,pam_faillock acct="chris" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=xrdp-sesman res=success'
Sep 02 10:20:17 chris-linux xrdp-sesman[36510]: pam_systemd_home(xrdp-sesman:account): Not a user managed by systemd-homed: No home for user chris known
Sep 02 10:20:17 chris-linux audit[36510]: USER_ACCT pid=36510 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_access,pam_permit,pam_time acct="chris" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=xrdp-sesman res=success'
Sep 02 10:20:17 chris-linux xrdp-sesman[36510]: (36510)(140498268055360)[INFO ] ++ created session (access granted): username chris, ip 10.0.0.4:3333 - socket: 12
Sep 02 10:20:17 chris-linux xrdp-sesman[36510]: (36510)(140498268055360)[INFO ] starting Xorg session...
Sep 02 10:20:17 chris-linux xrdp-sesman[36510]: (36510)(140498268055360)[DEBUG] Closed socket 10 (AF_INET 0.0.0.0:5910)
Sep 02 10:20:17 chris-linux xrdp-sesman[36510]: (36510)(140498268055360)[DEBUG] Closed socket 10 (AF_INET 0.0.0.0:6010)
Sep 02 10:20:17 chris-linux xrdp-sesman[36510]: (36510)(140498268055360)[DEBUG] Closed socket 10 (AF_INET 0.0.0.0:6210)
Sep 02 10:20:17 chris-linux kernel: audit: type=1101 audit(1599034817.323:607): pid=36510 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_access,pam_permit,pam_time acct="chris" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=xrdp-sesman res=success'
Sep 02 10:20:17 chris-linux xrdp-sesman[36510]: (36510)(140498268055360)[DEBUG] Closed socket 8 (AF_INET 127.0.0.1:3350)
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] xrdp_wm_log_msg: login successful for display 10
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: (40745)(140498268055360)[INFO ] calling auth_start_session from pid 40745
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] xrdp_wm_log_msg: started connecting
Sep 02 10:20:17 chris-linux audit[40745]: CRED_ACQ pid=40745 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_shells,pam_faillock,pam_permit,pam_faillock acct="chris" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=:10 res=success'
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: pam_unix(xrdp-sesman:session): session opened for user chris(uid=1000) by (uid=0)
Sep 02 10:20:17 chris-linux kernel: audit: type=1103 audit(1599034817.327:608): pid=40745 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_shells,pam_faillock,pam_permit,pam_faillock acct="chris" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=:10 res=success'
Sep 02 10:20:17 chris-linux kernel: audit: type=1006 audit(1599034817.327:609): pid=40745 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=15 res=1
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: pam_systemd(xrdp-sesman:session): pam-systemd initializing
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: pam_systemd(xrdp-sesman:session): Asking logind to create session: uid=1000 pid=40745 service=xrdp-sesman type=x11 class=user desktop= seat= vtnr=0 tty= display=:10 remote=no remote_user= remote_host=
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: pam_systemd(xrdp-sesman:session): Session limits: memory_max=n/a tasks_max=n/a cpu_weight=n/a io_weight=n/a runtime_max_sec=n/a
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: pam_systemd(xrdp-sesman:session): Failed to create session: No child processes
Sep 02 10:20:17 chris-linux audit[40745]: USER_START pid=40745 uid=0 auid=1000 ses=15 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_env acct="chris" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=:10 res=success'
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: (40745)(140498268055360)[DEBUG] Closed socket 7 (AF_INET 127.0.0.1:3350)
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: (40745)(140498268055360)[DEBUG] Closed socket 8 (AF_INET 127.0.0.1:3350)
Sep 02 10:20:17 chris-linux kernel: audit: type=1105 audit(1599034817.330:610): pid=40745 uid=0 auid=1000 ses=15 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_env acct="chris" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=:10 res=success'
Sep 02 10:20:17 chris-linux xrdp-sesman[40747]: (40747)(140498268055360)[INFO ] Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
Sep 02 10:20:17 chris-linux systemd-logind[21229]: Got message type=method_call sender=:1.349 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=GetSessionByPID cookie=2 reply_cookie=0 signature=u error-name=n/a error-message=n/a
Sep 02 10:20:17 chris-linux systemd-logind[21229]: Sent message type=error sender=n/a destination=:1.349 path=n/a interface=n/a member=n/a cookie=145 reply_cookie=2 signature=s error-name=org.freedesktop.login1.NoSessionForPID error-message=PID 40747 does not belong to any known session
Sep 02 10:20:17 chris-linux systemd-logind[21229]: Failed to process message type=method_call sender=:1.349 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=GetSessionByPID cookie=2 reply_cookie=0 signature=u error-name=n/a error-message=n/a: PID 40747 does not belong to any known session
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[INFO ] lib_mod_log_peer: xrdp_pid=40643 connected to X11rdp_pid=40747 X11rdp_uid=1000 X11rdp_gid=1000 client_ip=10.0.0.4 client_port=3333
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] xrdp_wm_log_msg: connected ok
Sep 02 10:20:17 chris-linux xrdp-sesman[40745]: (40745)(140498268055360)[CORE ] waiting for window manager (pid 40746) to exit
Sep 02 10:20:17 chris-linux gnome-keyring-daemon[40788]: couldn't connect to dbus session bus: Cannot spawn a message bus when setuid
Sep 02 10:20:17 chris-linux gnome-keyring-daemon[40788]: couldn't connect to dbus session bus: Cannot spawn a message bus when setuid
Sep 02 10:20:17 chris-linux gnome-keyring-daemon[40788]: couldn't connect to dbus session bus: Cannot spawn a message bus when setuid
Sep 02 10:20:17 chris-linux kapplymousetheme[40792]: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-chris'
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] xrdp_mm_connect_chansrv: chansrv connect successful
Sep 02 10:20:17 chris-linux xrdp[40643]: (40643)(139782012856704)[DEBUG] Closed socket 18 (AF_INET 127.0.0.1:56662)
Sep 02 10:20:17 chris-linux systemd-logind[21229]: Got message type=signal sender=:1.0 destination=n/a path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager member=UnitRemoved cookie=9687 reply_cookie=0 signature=so error-name=n/a error-message=n/a
Sep 02 10:20:17 chris-linux startplasma-x11[40746]: "dbus-update-activation-environment" ("--systemd", "--all") exited with code 71
Sep 02 10:20:17 chris-linux ksplashqml[40795]: QCoreApplication::arguments: Please instantiate the QApplication object first
Sep 02 10:20:17 chris-linux ksplashqml[40795]: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-chris'
Sep 02 10:20:17 chris-linux ksplashqml[40795]: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-chris'
Offline
Does this help?
Offline
Hi
I have stumbled over that link earlier and given it a few shots, without much success.
- But I decided to give it another go and adding:
export $(dbus-launch)
to my .xinitrc made kde start again!
This is probably not the correct fix (or even the correct place for the export) - but it got things going again. Thanks!
Any insights on how/why this suddenly happened and where to properly fix/report this issue?
Offline
The workaround is not correct, there are things here and there that does not work anymore when logging in remotely.
For example kde discover, which looks for updates, complains about missing authentication and is unable to do anything. Starting gui applications from a terminal fails because DISPLAY is not set etc.
Basically it looks like the user session is not properly setup.
Offline
Post your .xinitrc, do you do the necessary sourcings as mentioned in: https://wiki.archlinux.org/index.php/Xinit#xinitrc that would properly set up your session?
Offline
Post your .xinitrc, do you do the necessary sourcings as mentioned in: https://wiki.archlinux.org/index.php/Xinit#xinitrc that would properly set up your session?
I have followed the linked article Everything has been working for about a year until it didn't - So I'm pretty sure that some combination of upgrades ruined my day. I can not exclude that it has been a coincidence that things did work previously.
My .xinitrc:
#!/bin/sh
userresources=$HOME/.Xresources
usermodmap=$HOME/.Xmodmap
sysresources=/etc/X11/xinit/.Xresources
sysmodmap=/etc/X11/xinit/.Xmodmap
# merge in defaults and keymaps
if [ -f $sysresources ]; then
xrdb -merge $sysresources
fi
if [ -f $sysmodmap ]; then
xmodmap $sysmodmap
fi
if [ -f "$userresources" ]; then
xrdb -merge "$userresources"
fi
if [ -f "$usermodmap" ]; then
xmodmap "$usermodmap"
fi
# start some nice programs
if [ -d /etc/X11/xinit/xinitrc.d ] ; then
for f in /etc/X11/xinit/xinitrc.d/?*.sh ; do
[ -x "$f" ] && . "$f"
done
unset f
fi
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK
export $(dbus-launch)
exec startplasma-x11
Offline
I have the same problem as you. It worked the last time on 2020-08-18 and broke a day later. Luckily I run full system upgrades daily and have backups. I could boil it down to these days by leveraging the great work of the Arch Linux Archive project. I followed the description on rolling all packages to a specific date using the /etc/pacman.d/mirrorlist .
These packages are updated on my system between those two dates. Below are the last versions that are known working WITHOUT the issue (e.g. BEFORE the breaking upgrade):
Packages (39) fuse-common-3.9.2-1 fuse3-3.9.2-1 ghc-libs-8.10.1-2 haskell-aeson-1.5.3.0-2 haskell-assoc-1.0.2-4
haskell-attoparsec-0.13.2.4-12 haskell-base-compat-0.11.1-7 haskell-base-compat-batteries-0.11.1-34
haskell-base-orphans-0.8.2-37 haskell-bifunctors-5.5.7-23 haskell-comonad-5.0.6-30 haskell-data-fix-0.3.0-4
haskell-diff-0.4.0-5 haskell-distributive-0.6.2-11 haskell-dlist-0.8.0.8-11 haskell-erf-2.0.0.0-17
haskell-hashable-1.3.0.0-12 haskell-integer-logarithms-1.0.3-6 haskell-primitive-0.7.1.0-5 haskell-quickcheck-2.14.1-6
haskell-random-1.1-21 haskell-regex-base-0.94.0.0-4 haskell-regex-tdfa-1.3.1.0-4 haskell-scientific-0.3.6.2-29
haskell-splitmix-0.1.0.1-4 haskell-strict-0.4-5 haskell-tagged-0.8.6-10 haskell-th-abstraction-0.3.2.0-4
haskell-these-1.1.1.1-5 haskell-time-compat-1.9.3-13 haskell-transformers-compat-0.6.5-5
haskell-unordered-containers-0.2.12.0-4 haskell-uuid-types-1.0.3-35 haskell-vector-0.12.1.2-30 hwids-20200306-1
pam-1.3.1-2 perl-libwww-6.46-1 shellcheck-0.7.1-109 strace-5.7-1
I strongly think that pam has something to do with it. I don't have much time the next days to look into it but I deeply hope it brings you a bit further in discovering the source of the problem. As already said, I have it as well and I look forward to getting it fixed with you.
Edit: I just confirmed that pambase (which provides the files in /etc/pam.d) is the problem. Even pam itself can be upgraded. So there must something be wrong in those pam config files.
I now have a completely up-to-date system and as soon as I upgrade pambase 20190105.1-2 => 20200721.1-2 it breaks. What exactly is "breaking" for me? I have these symptoms:
After logging in with xrdp (xordxrdp) some important environment variables are not set.
DBUS_SESSION_BUS_ADDRESS
is missing as well as all
XDG_*
environment variables. This breaks Gnome keyring, pulseaudio and so much other stuff. Some desktop environments can't even start. I only have a windows manager (i3) that has no problems with that.
Can you try and reproduce this?
Last edited by gersilex (2020-09-04 20:20:47)
Offline
Another newbie here, thanks for figuring this out! The problem is /etc/pam.d/system-auth. The broken version in pambase 20200721.1-2 is:
#%PAM-1.0
auth required pam_faillock.so preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth [success=2 default=ignore] pam_unix.so try_first_pass nullok
-auth [success=1 default=ignore] pam_systemd_home.so
auth [default=die] pam_faillock.so authfail
auth optional pam_permit.so
auth required pam_env.so
auth required pam_faillock.so authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.
-account [success=1 default=ignore] pam_systemd_home.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
-password [success=1 default=ignore] pam_systemd_home.so
password required pam_unix.so try_first_pass nullok shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so
The working version from pambase 20190105.1-2 is:
#%PAM-1.0
auth required pam_unix.so try_first_pass nullok
auth optional pam_permit.so
auth required pam_env.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
password required pam_unix.so try_first_pass nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so
Not sure what exactly is breaking xrdp, though.
Offline
I've confirmed that the problem is
-account [success=1 default=ignore] pam_systemd_home.so
in /etc/pam.d/system-auth. Commenting it out solves the problem. I have a feeling this is not an Arch-only issue, so I've reported it as an issue to the xrdp team: https://github.com/neutrinolabs/xrdp/issues/1684.
Offline
If anyone else can provide his/her experience with this issue at https://github.com/neutrinolabs/xrdp/issues/1684, that would be great. I don't think I have the knowledge to help much more.
Offline
I've confirmed that the problem is
-account [success=1 default=ignore] pam_systemd_home.so
in /etc/pam.d/system-auth. Commenting it out solves the problem. I have a feeling this is not an Arch-only issue, so I've reported it as an issue to the xrdp team: https://github.com/neutrinolabs/xrdp/issues/1684.
not work for me.
Offline