Xpra: Ticket #1757: Can not open socket with Active Directory user

Hello, I am planning to deploy Xpra over 50-80 computers (Lubuntu 16.04) in order to be able to connect to a remote Firefox installed on a Lubuntu 16.04 "server". The user will be able to connect on his Lubuntu computer with his Active Directory account (connected via SSSD) and launch a Xpra session on the server also with his Active Directory account (server is also connected to the Active Directory via SSSD).

Unfortunately, it seems that Xpra is not able give a screen number. But, I can open ssh Xpra remote connection with a normal (non-active directory user) on the server. Also, I can connect through SSH on the server, create a session and back on the computer attach it.

In the following examples, I will be connected on the computer (Lubuntu 16.04 @IP 192.168.49.26) with the domain user "bateau", and I will try to open a Xpra session on the server (Lubuntu 16.04 @IP 192.168.49.25) with the same domain user "bateau" or with a server local user "test_local". On both the server and client, Xpra has been installed through the Xpra repository and are on version 2.2.3 revision 18043.

First test : Client Lubuntu 16.04 with domain user "bateau" connecting to Xpra server with domain user -> NOK

bateau@VM-VB-Ubuntu:~$ xpra start ssh:bateau@192.168.49.25 --start-child=firefox
2018-01-30 11:27:38,965 Xpra gtk2 client version 2.2.3-r18043 64-bit
2018-01-30 11:27:38,965  running on Linux Ubuntu 16.04 xenial
2018-01-30 11:27:40,091 GStreamer version 1.8.3 for Python 2.7.12 64-bit
2018-01-30 11:27:40,412 No OpenGL_accelerate module loaded: No module named OpenGL_accelerate
2018-01-30 11:27:40,422 Unable to load registered array format handler numeric:
2018-01-30 11:27:40,575 Error: gtkgl rendering failed its sanity checks:
2018-01-30 11:27:40,576  PyOpenGL version 3.0.2 is too old and buggy
2018-01-30 11:27:40,622 OpenGL support is missing:
2018-01-30 11:27:40,623  No module named _types
2018-01-30 11:27:40,658  keyboard settings: rules=evdev, model=pc105, layout=fr
2018-01-30 11:27:40,661  desktop size is 1920x975 with 1 screen:
2018-01-30 11:27:40,662   :1.0 (508x257 mm - DPI: 96x96) workarea: 1920x951
2018-01-30 11:27:40,663     monitor 1 (508x258 mm - DPI: 96x95)
bateau@192.168.49.25's password:
Error: displayfd failed
 did not provide a display number using displayfd
xpra initialization error:
 failed to identify the new server display!
2018-01-30 11:28:12,543 Error: failed to receive anything, not an xpra server?
2018-01-30 11:28:12,544   could also be the wrong protocol, username, password or port
2018-01-30 11:28:12,544 Connection lost
bateau@VM-VB-Ubuntu:~$

Second test : Client Lubuntu 16.04 with domain user "bateau" connecting to Xpra server with local user -> OK

bateau@VM-VB-Ubuntu:~$ xpra start ssh:test_local@192.168.49.25 --start-child=firefox
2018-01-30 11:30:22,426 Xpra gtk2 client version 2.2.3-r18043 64-bit
2018-01-30 11:30:22,426  running on Linux Ubuntu 16.04 xenial
2018-01-30 11:30:23,490 GStreamer version 1.8.3 for Python 2.7.12 64-bit
2018-01-30 11:30:23,808 No OpenGL_accelerate module loaded: No module named OpenGL_accelerate
2018-01-30 11:30:23,818 Unable to load registered array format handler numeric:
2018-01-30 11:30:23,973 Error: gtkgl rendering failed its sanity checks:
2018-01-30 11:30:23,974  PyOpenGL version 3.0.2 is too old and buggy
2018-01-30 11:30:24,028 OpenGL support is missing:
2018-01-30 11:30:24,029  No module named _types
2018-01-30 11:30:24,076  keyboard settings: rules=evdev, model=pc105, layout=fr
2018-01-30 11:30:24,080  desktop size is 1920x975 with 1 screen:
2018-01-30 11:30:24,080   :1.0 (508x257 mm - DPI: 96x96) workarea: 1920x951
2018-01-30 11:30:24,080     monitor 1 (508x258 mm - DPI: 96x95)
test_local@192.168.49.25's password:
seamless session now available on display :14
2018-01-30 11:30:34,005 Xpra X11 server version 2.2.3-r18043 64-bit
2018-01-30 11:30:34,005  running on Linux Ubuntu 16.04 xenial
2018-01-30 11:30:34,006 enabled remote logging
2018-01-30 11:30:34,067 server does not support xi input devices
2018-01-30 11:30:34,068  server uses: xtest
2018-01-30 11:30:35,368 sound output using pulseaudio device:
2018-01-30 11:30:35,368 sound output  'Built-in Audio Analog Stereo'
2018-01-30 11:30:36,419 sound output using audio codec opus
2018-01-30 11:30:36,419 sound output using container format ogg
^C
got signal SIGINT, exiting
2018-01-30 11:30:44,902 sound output stopping

Third test : Client Lubuntu 16.04 with domain user "bateau" connecting via SSH with domain user on the Xpra server, opening a Xpra connection and attach it to the client -> OK

bateau@VM-VB-Ubuntu:~$ ssh bateau@192.168.49.25
bateau@192.168.49.25's password:
bateau@SV-Infra-RemoteApp:~$ xpra start :100
bateau@SV-Infra-RemoteApp:~$ DISPLAY=:100 firefox
bateau@VM-VB-Ubuntu:~$ xpra attach ssh:192.168.49.25:100
2018-01-30 11:41:14,011 Xpra gtk2 client version 2.2.3-r18043 64-bit
2018-01-30 11:41:14,011  running on Linux Ubuntu 16.04 xenial
2018-01-30 11:41:15,131 GStreamer version 1.8.3 for Python 2.7.12 64-bit
2018-01-30 11:41:15,454 No OpenGL_accelerate module loaded: No module named OpenGL_accelerate
2018-01-30 11:41:15,464 Unable to load registered array format handler numeric:
2018-01-30 11:41:15,623 Error: gtkgl rendering failed its sanity checks:
2018-01-30 11:41:15,623  PyOpenGL version 3.0.2 is too old and buggy
2018-01-30 11:41:15,672 OpenGL support is missing:
2018-01-30 11:41:15,672  No module named _types
2018-01-30 11:41:15,710  keyboard settings: rules=evdev, model=pc105, layout=fr
2018-01-30 11:41:15,714  desktop size is 1920x975 with 1 screen:
2018-01-30 11:41:15,714   :1.0 (508x257 mm - DPI: 96x96) workarea: 1920x951
2018-01-30 11:41:15,715     monitor 1 (508x258 mm - DPI: 96x95)
bateau@192.168.49.25's password:
2018-01-30 11:41:20,475 Xpra X11 server version 2.2.3-r18043 64-bit
2018-01-30 11:41:20,475  running on Linux Ubuntu 16.04 xenial
2018-01-30 11:41:20,476 enabled remote logging
2018-01-30 11:41:20,485 Attached to 192.168.49.25 via ssh
2018-01-30 11:41:20,488  (press Control-C to detach)
2018-01-30 11:41:20,497 server does not support xi input devices
2018-01-30 11:41:20,498  server uses: xtest
2018-01-30 11:41:21,699 sound output using pulseaudio device:
2018-01-30 11:41:21,700 sound output  'Built-in Audio Analog Stereo'
2018-01-30 11:41:22,726 sound output using audio codec opus
2018-01-30 11:41:22,727 sound output using container format ogg


Tue, 30 Jan 2018 08:50:41 GMT - lofy: attachment set

FirstTest?-DomainUser?-DebugOutput?


Tue, 30 Jan 2018 09:36:54 GMT - Antoine Martin: owner, description changed

First, I am trimming your log sample to make things more readable. Removing this recurring error:

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/OpenGL/arrays/formathandler.py", line 35, in loadPlugin
    plugin_class = entrypoint.load()
  File "/usr/lib/python2.7/dist-packages/OpenGL/plugins.py", line 14, in load
    return importByName( self.import_path )
  File "/usr/lib/python2.7/dist-packages/OpenGL/plugins.py", line 28, in importByName
    module = __import__( ".".join(moduleName), {}, {}, moduleName)
  File "/usr/lib/python2.7/dist-packages/OpenGL/arrays/numeric.py", line 15, in <module>
    raise ImportError( """No Numeric module present: %s"""%(err))
ImportError: No Numeric module present: No module named Numeric
2018-01-30 11:27:40,423 Unable to load registered array format handler vbo:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/OpenGL/arrays/formathandler.py", line 35, in loadPlugin
    plugin_class = entrypoint.load()
  File "/usr/lib/python2.7/dist-packages/OpenGL/plugins.py", line 14, in load
    return importByName( self.import_path )
  File "/usr/lib/python2.7/dist-packages/OpenGL/plugins.py", line 28, in importByName
    module = __import__( ".".join(moduleName), {}, {}, moduleName)
  File "/usr/lib/python2.7/dist-packages/OpenGL/arrays/vbo.py", line 33, in <module>
    from OpenGL import GL
ImportError: cannot import name GL
2018-01-30 11:27:40,424 Unable to load registered array format handler vbooffset:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/OpenGL/arrays/formathandler.py", line 35, in loadPlugin
    plugin_class = entrypoint.load()
  File "/usr/lib/python2.7/dist-packages/OpenGL/plugins.py", line 14, in load
    return importByName( self.import_path )
  File "/usr/lib/python2.7/dist-packages/OpenGL/plugins.py", line 28, in importByName
    module = __import__( ".".join(moduleName), {}, {}, moduleName)
  File "/usr/lib/python2.7/dist-packages/OpenGL/arrays/vbo.py", line 33, in <module>
    from OpenGL import GL
ImportError: cannot import name GL

Which is due to the woefully out of date packages found in Debian and Ubuntu (ie: pyopengl 3.1 was released 2 years before Ubuntu 16.04..). This is also not relevant to the problems in this ticket.

Note however that the client performance will be substantially lower when running without opengl acceleration.


xpra start :100 DISPLAY=:100 firefox

Always use this form instead: xpra start :100 --start=firefox Also, when debugging issues, don't use "firefox", use a plain "xterm" for testing. A heavyweight application like firefox often introduces its own problems. (ie: firefox only supports one running instance per user account)


Now, on to your domain user problems. There is another ticket with similar issues: #1616 Domain users can not start a session, which was resolved by using sssd instead of winbind.

Since you're hitting a "displayfd" error, you may want to try with a specific display number:

xpra start ssh://username@serverip/100 --start-child=xterm

Your first and third tests aren't the same because in the latter case you are specifying the display to use.

If that doesn't help you resolve the problems, please provide steps to reproduce with a simple setup. (ie: without requiring multiple networked computers or using microsoft systems)


Tue, 30 Jan 2018 11:48:29 GMT - lofy:

Replying to Antoine Martin:

Which is due to the woefully out of date packages found in Debian and Ubuntu (ie: pyopengl 3.1 was released 2 years before Ubuntu 16.04..). This is also not relevant to the problems in this ticket.

Thank you, I planned to upgrade the version og PyOpenGL soon. Just need to find a good how-to :)

Always use this form instead: xpra start :100 --start=firefox Also, when debugging issues, don't use "firefox", use a plain "xterm" for testing. A heavyweight application like firefox often introduces its own problems. (ie: firefox only supports one running instance per user account)

Allright, I will LXTerminal since Xterm is not installed on Lubuntu. I did use Firefox because it will be the application the users will be using remotely.

Now, on to your domain user problems. There is another ticket with similar issues: #1616 Domain users can not start a session, which was resolved by using sssd instead of winbind.

I found this ticket and also #1621. I did use SSSD instead of WinBind? to connect my server & clients to the Active Directory.

Since you're hitting a "displayfd" error, you may want to try with a specific display number:

xpra start ssh://username@serverip/100 --start-child=xterm

It works ! That's awesome ! Thank you.

Your first and third tests aren't the same because in the latter case you are specifying the display to use.

OK. I didn't know how to start xpra server without specifying a display. Is that possible ?

If that doesn't help you resolve the problems, please provide steps to reproduce with a simple setup. (ie: without requiring multiple networked computers or using microsoft systems)

Unfortunately, I don't think it will be possible since the purpose is having a central authentication server. In my case, it's Microsoft Active Directory. The bug may be reproducible with a simple LDAP but, at the moment, I don't have the time to explore this option.

But I you want, I can test different things if that's help you resolve this bug ?


Tue, 30 Jan 2018 12:20:08 GMT - Antoine Martin:

Thank you, I planned to upgrade the version of PyOpenGL soon. Just need to find a good how-to :)

IIRC, this has been discussed on the mailing list. In hindsight, we should probably just bypass Ubuntu and provide up to date packages in our repository.

OK. I didn't know how to start xpra server without specifying a display. Is that possible ?

Yes, just the way you did it should have worked, but maybe not on Ubuntu 16.04 or something on your setup breaks it. For a local start, that's just:

xpra start --start=xterm

And it will print the display chosen.

The bug may be reproducible with a simple LDAP but, at the moment, I don't have the time to explore this option.

I would be able to investigate that if you provide the steps.

But I you want, I can test different things if that's help you resolve this bug ?

Sorry, no idea. I would need to reproduce the bug to make progress.


Tue, 30 Jan 2018 12:48:10 GMT - lofy:

Replying to Antoine Martin:

For a local start, that's just:

xpra start --start=xterm

And it will print the display chosen.

OK. It works as well :

bateau@SV-Infra-RemoteApp:~$ xpra start --start=lxterminal
Warning: cannot use the system proxy for 'start' subcommand,
 failed to connect to '/run/xpra/system':
 [Errno 2] No such file or directory
Entering daemon mode; any further errors will be reported to:
  /run/user/1034806579/xpra/S14261.log
Actual display used: :3
Actual log file name is now: /run/user/1034806579/xpra/:3.log

I can attach the screen also.

The bug may be reproducible with a simple LDAP but, at the moment, I don't have the time to explore this option.

I would be able to investigate that if you provide the steps.

If you don't have a Microsoft Active Directory, it will be difficult. I can give you the steps to connect a Lubuntu to an Active Directory though.


Tue, 30 Jan 2018 13:30:09 GMT - Antoine Martin:

If you don't have a Microsoft Active Directory, it will be difficult.

I don't think the sssd backend should matter much as long as it is configured to lookup virtual users which don't have local accounts. (ldap, AD or other) Unless I can reproduce the problem here, I will have to close this ticket as "needinfo".


Tue, 30 Jan 2018 14:07:59 GMT - lofy:

Replying to Antoine Martin:

If you don't have a Microsoft Active Directory, it will be difficult.

I don't think the sssd backend should matter much as long as it is configured to lookup virtual users which don't have local accounts. (ldap, AD or other) Unless I can reproduce the problem here, I will have to close this ticket as "needinfo".

Maybe, it's a problem with rights given to domain users. I don't know how to check that.

Also, since I don't find any good way to upgrade PyOpenGL on Ubuntu 16.04, I will migrate to 17.10 and see if the "bug" still exists.


Tue, 30 Jan 2018 14:31:45 GMT - Antoine Martin:

Also, since I don't find any good way to upgrade PyOpenGL on Ubuntu 16.04, I will migrate to 17.10 and see if the "bug" still exists.

There are now up to date python-opengl packages in the Ubuntu Xenial repository. If you encounter any issues with that, please record them in #1758.


Wed, 31 Jan 2018 08:42:47 GMT - lofy:

Replying to Antoine Martin:

Also, since I don't find any good way to upgrade PyOpenGL on Ubuntu 16.04, I will migrate to 17.10 and see if the "bug" still exists.

There are now up to date python-opengl packages in the Ubuntu Xenial repository. If you encounter any issues with that, please record them in #1758.

Yes, I just found out that the package python-opengl is at his latest version 3.1.1a

For future reference, this is my procedure on how to install Xpra on Ubuntu 16.04 :

wget -q http://winswitch.org/gpg.asc -O- | sudo apt-key add -
echo "deb http://winswitch.org/ xenial main" > /etc/apt/sources.list.d/winswitch.list
apt-get update && apt-get upgrade
apt-get install xpra python-netifaces python-pip
pip install pyopengl_accelerate==3.1.1a1

Last command will installed this specific version according to the installed version of the python-opengl package (obtained with apt-cache policy python-opengl)

You can close this ticket since you helped me found a workaround.

Thank you.


Wed, 31 Jan 2018 08:56:09 GMT - Antoine Martin: status changed; resolution set

Thanks.

I'm closing as needinfo since the issue is still present. Ideally we should fix that rather than rely on the workaround.


Sat, 23 Jan 2021 05:32:59 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1757