Creating a new Nethserver install, Email/SOGo, DC, Nextcloud as a simple server for me. Everything is working but now when I try to log in to cockpit I get timeout/no response. Webserver, SOGo still working.
Running journalctl -u cockpit gives.
-- Logs begin at Sun 2021-01-03 23:13:52 GMT, end at Mon 2021-01-04 09:03:24 GMT. --
Jan 03 23:14:36 nethserver.[blocked].co.uk systemd[1]: Starting Cockpit Web Service...
Jan 03 23:14:36 nethserver.[blocked].co.uk systemd[1]: Started Cockpit Web Service.
Jan 03 23:14:36 nethserver.[blocked].co.uk cockpit-ws[3219]: Using certificate: /etc/cockpit/ws-certs.d/99-nethserver.cert
Jan 04 08:53:58 nethserver.[blocked].co.uk systemd[1]: Starting Cockpit Web Service...
Jan 04 08:53:58 nethserver.[blocked].co.uk systemd[1]: Started Cockpit Web Service.
Jan 04 08:53:58 nethserver.[blocked].co.uk cockpit-ws[25591]: Using certificate: /etc/cockpit/ws-certs.d/99-nethserver.cert
Jan 04 08:54:07 nethserver.[blocked].co.uk cockpit-session[25630]: pam_listfile(cockpit:auth): Refused user root for service cockpit
Jan 04 08:54:07 nethserver.[blocked].co.uk cockpit-session[25630]: pam_ssh_add: Failed adding some keys
Jan 04 08:54:08 nethserver.[blocked].co.uk cockpit-ws[25591]: logged in user session
Jan 04 08:54:24 nethserver.[blocked].co.uk cockpit-ws[25591]: session timed out
Do not know… However because I do a lot of test installs on the same hardware (arm SBC’s) the browser (especially firefox) can get confused somehow. the usual fix is:
restart cockpit: systemctl restart cockpit.socket
clear browser chache
remove all accepted certificate exceptions for the particular machine /IP
I’m pretty sure the problem I encounter (many installs over and over again) is not yours,
it may help to get cockpit up and running again.
The error seems relative to this part of /etc/pam.d/cockpit:
# select group allowed to login to cockpit (root & domain admins alway OK)
auth required pam_listfile.so \
onerr=fail item=group sense=allow file=/etc/nethserver/cockpit.allow
Could you please post the content of /etc/nethserver/cockpit.allow?
It should look like this:
================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
#
# Allow groups to use cockpit
#
root
domain admins
Do you mean the non critical error ? or the issue @kiemosan is experiencing?
If it is the non-critical (NOTE: this does not prevent me from logging in !).
looks like it’s the caused by one of the the opt (2FA) auth lines below the lines of your suspicion.
With those lines marked out the non-critical error is gone.
I ended up wiping and rebuilding the server as I had to get my email working somehow, but used LDAP as directory this time. Don’t know if that made a difference.
I will try to build a test server to see if I can reproduce the problem in test and try @giacomo suggestion.