Jump to content
Welcome to our new Citrix community!
  • 0

Linux VDA : Issues when launching published Desktop from FAS store.


MBi

Question

Hello,

 

Users are unable to authenticate to Linux RHEL 8.4 single-session VDI using FAS.

The error is "Invalid Login".

 

I have followed troublshooting steps described in CTX235532 but no luck.

 

Thanks in advance for your help.

 

 

 

Link to comment

6 answers to this question

Recommended Posts

  • 0

Yes I did.

I have check certificats as well.

 


2023-02-27 09:03:40.754 <P5341:S4> citrix-ctxlogin: : pam_authenticate err[7],can retry for user XXXX@YYYY.YY.Y
2023-02-27 09:03:40.755 <P5341:S4> citrix-ctxlogin: : failed validation of user 'XXXX@YYYY.YY.Y', INVALID_PASSWORD

Link to comment
  • 0

cred_rype[2] seems to be for password authentification

According to this doc :

const readonly int CRED_TYPE_GENERIC = 1;

const readonly int CRED_TYPE_DOMAIN_PASSWORD = 2;
const readonly int CRED_TYPE_DOMAIN_CERTIFICATE = 3;
const readonly int CRED_TYPE_DOMAIN_VISIBLE_PASSWORD = 4;
const readonly int CRED_TYPE_MAXIMUM = 5; // Maximum supported cred type

 

 

cred_type should not have a value of 3  (certificate) with FAS ?

Can maybe somebody share to me a working FAS authentication log on Linux ?

 

Thanks.

 

 

2023-02-27 13:08:34.134 <P4567:S3> citrix-ctxlogin: : Not yet implemented
2023-02-27 13:08:34.134 <P4567:S3> citrix-ctxlogin: : FAS login...
2023-02-27 13:08:34.134 <P4567:S3> citrix-ctxlogin: : The input username is XXXX@yyyy.yy.yy.
2023-02-27 13:08:34.134 <P4567:S3> citrix-ctxlogin: : The parsed name is 'XXXX', domain is 'XXXX' and realm is 'yyyy.yy.yy'.
2023-02-27 13:08:34.134 <P4567:S3> citrix-ctxlogin: : Workaround passwd entry is XXXX\XXXX.
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : Passwd entry found : pPwd->(name='XXXX\XXXX'; dir='/home/XXXX@XXXX'')
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : The output username is XXXX@yyyy.yy.yy.
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : workaround username is XXXX@yyyy.yy.yy
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : cred_type [2],about to validate user 'XXXX@yyyy.yy.yy'
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : username=XXXX@yyyy.yy.yy, password[Not NULL], client_addr=xx.yy.zz.zz, credType=2
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : Entry, uid=974, euid=974.
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : [Logon Type] Federated Authentication Logon.
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : entry
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : start connect to server 0
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : entry
2023-02-27 13:08:34.136 <P4567:S3> citrix-ctxlogin: : waiting for response...
2023-02-27 13:08:34.359 <P4567:S3> citrix-ctxlogin: : query to server success
2023-02-27 13:08:34.359 <P4567:S3> citrix-ctxlogin: : exit
2023-02-27 13:08:34.359 <P4567:S3> citrix-ctxlogin: : entry
2023-02-27 13:08:34.359 <P4567:S3> citrix-ctxlogin: : waiting for response...
2023-02-27 13:08:34.449 <P4567:S3> citrix-ctxlogin: : query to server success
2023-02-27 13:08:34.449 <P4567:S3> citrix-ctxlogin: : exit
2023-02-27 13:08:34.449 <P4567:S3> citrix-ctxlogin: : connect to server 0 success
2023-02-27 13:08:34.449 <P4567:S3> citrix-ctxlogin: : entry
2023-02-27 13:08:34.450 <P4567:S3> citrix-ctxlogin: : waiting for response...
2023-02-27 13:08:34.467 <P4567:S3> citrix-ctxlogin: : query to server success
2023-02-27 13:08:34.467 <P4567:S3> citrix-ctxlogin: : exit
2023-02-27 13:08:34.467 <P4567:S3> citrix-ctxlogin: : waiting for response...
2023-02-27 13:08:34.467 <P4567:S3> citrix-ctxlogin: : verification pass
2023-02-27 13:08:34.467 <P4567:S3> citrix-ctxlogin: : exit, 0
2023-02-27 13:08:34.467 <P4567:S3> citrix-ctxlogin: : disconnect to server success
2023-02-27 13:08:34.467 <P4567:S3> citrix-ctxlogin: : disconnect to server success
2023-02-27 13:08:34.473 <P4567:S3> citrix-ctxlogin: : pam_set_item PAM_TTY OK for user 'XXXX@yyyy.yy.yy'
2023-02-27 13:08:34.474 <P4567:S3> citrix-ctxlogin: : Entry 1 messages
2023-02-27 13:08:34.474 <P4567:S3> citrix-ctxlogin: : msg 0, style 1
2023-02-27 13:08:35.856 <P4567:S3> citrix-ctxlogin: : pam_authenticate err[7],can retry for user XXXX@yyyy.yy.yy
2023-02-27 13:08:35.857 <P4567:S3> citrix-ctxlogin: : failed validation of user 'XXXX@yyyy.yy.yy', INVALID_PASSWORD
2023-02-27 13:08:35.857 <P4567:S3> citrix-ctxlogin: : Not yet implemented
2023-02-27 13:08:35.857 <P4567:S3> citrix-ctxlogin: : Exit SUCCESS
2023-02-27 13:08:35.857 <P4567:S3> citrix-ctxlogin: : Entry

Link to comment
  • 0

If I delete root CA and Intermediate Certificat from folder /etc/pki/CA/certs then it looks I have the same behaviour.

I wonder if VDA  or krb5 really read pem files from this folder..

 

krb5.conf contains :

 

 pkinit_anchors = DIR:/etc/pki/CA/certs

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...