Hi,
In my searching before coming to the mailing list, I read somewhere (I
can't find the reference now) that remote gdm login wasn't allowed
without tcp wrappers being enabled. Also, if I check the list if
services being controlled by inetadm I don't see anything I recognize
as being for gdm login, which seems odd. Anyways, I commented the
"ALL: ALL" line in hosts.deny and retried the connection, it worked.
It does seem like something is awry in inetd/tcp wrappers. From my
reading of the man pages, having ALL: 192.168. in hosts.allow should
take effect before the ALL: ALL in hosts.deny. If I try, ALL: ALL
EXCEPT 192.168. in hosts.deny, the connection fails. Its as if inetd/
tcp wrappers isn't recognising the IP address (I tried ALL: ALL EXCEPT
192.168.0.0/255.255.255.0 too). For now, I've set ALL EXCEPT gdm: ALL
and things keep working.
Thanks for your help.
Chris
On 24 Sep 2009, at 21:38, Brian Cameron wrote:
Christopher:
Looking at the GDM code, it only prints out the "XDMCP: Sending
UNWILLING to %s" message if the function gdm_xdmcp_host_allow()
function in daemon/gdm-xdmcp-manager.c returns FALSE.
This only happens if the following call returns FALSE:
ret = hosts_ctl("gdm", client, host, "");
In this case client would be "192.168.0.105" and host is a
value returned from the gdm_address_get_info () call, which
would be the "host" value returned from a call to getnameinfo().
Since hosts_ctl is a a libwrap() function (see "man libwrap"),
I think that the problem is likely with either your tcp wrappers
configuration, or perhaps a problem with your system configuration
not returning a good "host" value when getnameinfo() is called?
You say you see the same error regardless of how tcp wrappers is
configured, which seems odd. I'd think that you should be
able to configure tcp wrappers to always make hosts_ctl return
TRUE. If so, I'd think you'ld see a different error message
in this case. As I say above the "Sending UNWILLING" message
should not appear if hosts_ctl returns TRUE, and you should
see some other error message if it is still failing.
Just speculating, but from looking at the code, this hopefully
narrows down what you should be looking at.
Brian
On 24 Sep 2009, at 20:32, Brian Cameron wrote:
Christopher:
Hello Brian, thanks for replying.
options/tcp_listen is set to true. That is what I meant by
enabled tcp-listen for x11. After changing that particular
setting, port 6000 opened, but the connection would still
breakdown with "Manager unwilling, Host unwilling" error.
You could try setting Enable=true in the [debug] section of the
GDM configuration file (/usr/share/gdm/defaults.conf), and restart
GDM. Then try to connect and check your syslog (/var/adm/messages)
and see if there is any useful information about what might be
happening.
I did that and with tcpwrappers off, the five log messages were
esssentially the same, see below.
supernova is the machine name of the opensolaris box.
192.168.0.105 is the IP address of the computer attempting to make
the connection.
Sep 24 21:01:48 supernova gdm-binary[750]: [ID 702911
daemon.warning] DEBUG: decode_packet: GIOCondition 1
Sep 24 21:01:48 supernova gdm-binary[750]: [ID 702911
daemon.warning] DEBUG: XDMCP: Received opcode QUERY from
client ::ffff:192.168.0.105 : 49642
Sep 24 21:01:48 supernova gdm-binary[750]: [ID 702911
daemon.warning] DEBUG: gdm_xdmcp_host_allow: client->hostname is
192.168.0.105
Sep 24 21:01:48 supernova gdm-binary[750]: [ID 702911
daemon.warning] DEBUG: XDMCP: Sending UNWILLING to ::ffff:
192.168.0.105
Sep 24 21:01:48 supernova gdm-binary[750]: [ID 702911
daemon.warning] DEBUG: Denied XDMCP query from host ::ffff:
192.168.0.105
_______________________________________________
opensolaris-discuss mailing list
[email protected]
