Unable to login to Cockpit, timeout

Support
1

Hi,

Creating a new Nethserver install, Email/SOGo, DC, Nextcloud as a simple server for me. Everything is working but now when I try to log in to cockpit I get timeout/no response. Webserver, SOGo still working.

Running journalctl -u cockpit gives.

-- Logs begin at Sun 2021-01-03 23:13:52 GMT, end at Mon 2021-01-04 09:03:24 GMT. --
Jan 03 23:14:36 nethserver.[blocked].co.uk systemd[1]: Starting Cockpit Web Service...
Jan 03 23:14:36 nethserver.[blocked].co.uk systemd[1]: Started Cockpit Web Service.
Jan 03 23:14:36 nethserver.[blocked].co.uk cockpit-ws[3219]: Using certificate: /etc/cockpit/ws-certs.d/99-nethserver.cert
Jan 04 08:53:58 nethserver.[blocked].co.uk systemd[1]: Starting Cockpit Web Service...
Jan 04 08:53:58 nethserver.[blocked].co.uk systemd[1]: Started Cockpit Web Service.
Jan 04 08:53:58 nethserver.[blocked].co.uk cockpit-ws[25591]: Using certificate: /etc/cockpit/ws-certs.d/99-nethserver.cert
Jan 04 08:54:07 nethserver.[blocked].co.uk cockpit-session[25630]: pam_listfile(cockpit:auth): Refused user root for service cockpit
Jan 04 08:54:07 nethserver.[blocked].co.uk cockpit-session[25630]: pam_ssh_add: Failed adding some keys
Jan 04 08:54:08 nethserver.[blocked].co.uk cockpit-ws[25591]: logged in user session
Jan 04 08:54:24 nethserver.[blocked].co.uk cockpit-ws[25591]: session timed out

What should I check next?

Thanks

John

2

See this on all my systems too, does not seem to be an issue that prevents you from logging in.

Maybe something to look in to ? cc/@giacomo

Do not know… However because I do a lot of test installs on the same hardware (arm SBC’s) the browser (especially firefox) can get confused somehow. the usual fix is:

  1. restart cockpit: systemctl restart cockpit.socket
  2. clear browser chache
  3. remove all accepted certificate exceptions for the particular machine /IP

I’m pretty sure the problem I encounter (many installs over and over again) is not yours,
it may help to get cockpit up and running again.

3

Hi Mark,

I’ve tried what you suggest and still no response. Even after a reboot it is unresponsive.

Is there any thing else I can check or shall I rebuild the server again?

4

Try a different browser and/or a different pc.
Sometimes also an incognito browser session.

1 Like
5

The error seems relative to this part of /etc/pam.d/cockpit:

# select group allowed to login to cockpit (root & domain admins alway OK)
auth    required       pam_listfile.so \
        onerr=fail  item=group  sense=allow  file=/etc/nethserver/cockpit.allow

Could you please post the content of /etc/nethserver/cockpit.allow?
It should look like this:

================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
# 

#
# Allow groups to use cockpit 
#

root
domain admins
6

Do you mean the non critical error ? or the issue @kiemosan is experiencing?

If it is the non-critical (NOTE: this does not prevent me from logging in !).
looks like it’s the caused by one of the the opt (2FA) auth lines below the lines of your suspicion.
With those lines marked out the non-critical error is gone.

7

I thought it was the same thing.

1 Like
8

Hi All,

I ended up wiping and rebuilding the server as I had to get my email working somehow, but used LDAP as directory this time. Don’t know if that made a difference.

I will try to build a test server to see if I can reproduce the problem in test and try @giacomo suggestion.