Question

Cannot Open Display localhost:0.0, but can open :0.0

Asked by: deanabb

We just rebuilt 3 Fedora systems (kernel 2.4.22-1), and all are having the following problem (problems that we didn't have before they were just rebuilt). None of them can throw x windows to other displays of these 3 systems (I'll call them Sys0, Sys1, and Sys2). They all can throw windows to other linux (Fedora) systems on our network (DualDell for example).  In fact, Sys0 has the following interesting behavior. It has 2 monitors attached, :0.0 and :0.1 by default. xclock can be thrown to each of these from the other. However, if I say #export DISPLAY=localhost:0.0 on either, I cannot throw up xclock as it gives "refused by server" error. I can ping localhost successfully (it is in /etc/hosts). The same problems occur for setting the display to Sys0:0.0.

I have looked for differences between dualdell and Sys0 in /etc/X11/gdm , /etc/X11/xdm, /etc/pam.d and have not found any differences. I've done this lots of times (and have had to do the ol' xhost + trick), but have never been stumped. It looks like some kind of X11 permissions / security issue, but I'm at a loss for where to look now.

Thanks for any help.

Dean

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2005-07-25 at 15:35:45ID21503871
Tags

open

,

display

,

cannot

,

linux

Topic

X-Windows Window Manager

Participating Experts
2
Points
500
Comments
28

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. x11 and xfree86
    What is x11 and also xfree86 ? What is the use of both of them ?
  2. Kernel
    Hi all, I welcome everyone to join this discussion about kernels. Points will be split equally between all good comments. This question has been posted in the MS-DOS section so that we start from the most basic kernel of DOS, io.sys and msdos.sys. My understanding of...
  3. Can't connect to X11 window server using 'localhost:…
    0-28-27AM. Please wait ...[oracle@NegusII Disk1]$ Oracle Universal Installer, Version 10.1.0.3.0 Production Copyright (C) 1999, 2004, Oracle. All rights reserved. Can't connect to X11 window server using 'localhost:0.0' as the value of the DISPLAY variable. localhost:0....
  4. Can't connect to X11 window server using
    I get this message when trying to install Oracle 10g on Fedora 3: Starting Oracle Universal Installer... Checking installer requirements... Checking operating system version: must be redhat-2.1, redhat-3, SuSE-9, SuSE-8 or UnitedLinux-1.0 ...
  5. Microsoft.SharePoint.SoapServer.SoapServerExceptio…
    Hi I try to get listitem from Sharepoint, and I receive this message Exception of type Microsoft.SharePoint.SoapServer.SoapServerException was thrown This is my code. I have a reference to my Sharepoint Server and I work on my localhost on my work computer. I hav...
  6. X11 forwarding problem with certain accounts on Fedora
    I have recently noticed an X11 problem with certain users accounts on Fedora 4/5 machines. I have a small network with NIS authentication and a variety of Sun, SGI, Linux, Mac and Windows systems. For most system, if I log onto one of my servers X11 works fine. However, in th...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: gheistPosted on 2005-07-26 at 14:04:25ID: 14531666

X server does not listen on localhost:6000, so all connections via internet socket fail ( which is security measure)

 

by: deanabbPosted on 2005-07-28 at 10:41:12ID: 14548146

I did a
  > netstat -an | grep 6000

and nothing showed up, so it sounds like you're right. How do I setup to listen on port 6000?

 

by: gheistPosted on 2005-07-28 at 22:44:47ID: 14552171

Are you sure you need that ???
It is possible, but explain what advantages you will get etc, maybe there is more secure solution available.

 

by: deanabbPosted on 2005-07-29 at 07:19:50ID: 14554798

It is a secure environment (not on the net), so we don't really care about security. I'm mostly looking at simplicity. More than that, we don't really need to throw X around in the final app, just for testing components.

 

by: deanabbPosted on 2005-07-29 at 13:43:11ID: 14558465

So, I don't care if the solution is a /etc/X11/xdm or gdm config file, if it is an xauth list kind of solution, or something else that is simple. :)

 

by: gheistPosted on 2005-07-30 at 08:15:19ID: 14561782

So what is the problem ???

 

by: deanabbPosted on 2005-08-01 at 09:30:21ID: 14571425

I can't throw an X window to another machine--that's the problem. I don't care how I solve it as long as it can be solved (that was the point of the 7/29/2005 posting)--sorry if that wasn't clear. What I don't care about is the security issue as the machines are in a closed environment. But we still have the problem that we  can't display an X window (like xclock) from Sys1 onto the Sys0 display.

The latest thing someone tried, but I have fully verified it working or not, is to run on machine called "Sys0":

     iptables -I INPUT -p tcp --dport 6000 -j ACCEPT

or try to put this kind of statements into /etc/sysconfig/iptables_config. The firewall is disabled, so I didn't expect to have to do this, but running nmap and netstat it is clear that the machines (none of them) are listening to port 6000. I'm no expert here (obviously!) so I don't know why the machines are not listening.

Hope that clarifies the situation...

 

by: gheistPosted on 2005-08-01 at 22:16:50ID: 14576485

The problem is not with firewall currently.
You have to enable Xserver to listen on tcp.
Probably /etc/X11/Xservers, or some other file named Xservers has obvious configuration directive "-nolisten tcp" which has to be removed before Xserver restarted.

 

by: GnsPosted on 2005-08-03 at 07:44:13ID: 14589105

(Pretty much what Andrew is saying, but perhaps a bit more verbose:-):

I'm "guessing" that the X server on Sys0 gets started with the "-nolisten <port(s)>" or "-nolisten tcp" flag, perhaps in /etc/X11/xdm/Xservers (xdm and kdm) or /etc/X11/gdm/gdm.conf (in the [servers] section (which might point on to "subsection"). This is not something that can be set in XF86Configure or xorg.conf.

This would definitely have the effect you describe, since DISPLAY=:0 would use unix domain sockets (local FIFOs) while DISPLAY=localhost:0 would use network sockets for the same communication.

-- Glenn

 

by: GnsPosted on 2005-08-03 at 07:45:44ID: 14589124

Oh, incidentally, when you've found where it's set, just remove the "-nolisten ..." parameter and restart the display manager... Perhaps simplest and safest via a reboot.... and you're done.

-- Glenn

 

by: deanabbPosted on 2005-08-03 at 09:44:07ID: 14590527

What you both are saying makes sense (and I have looked previously for the nolisten option anywhere) and haven't found it. I wonder if "nolisten" is a default condition in X for this kernel? Or is there some other Xauthority file that this could be in?

Thanks again--sounds like we're all on the same page, but I still have to find who is closing the port or forcing "nolisten".

Dean

This is my entire Xservers file from /etc/X11/xdm/Xservers:

# $Xorg: Xserv.ws.cpp,v 1.3 2000/08/17 19:54:17 cpqbld Exp $
#
# Xservers file, workstation prototype
#
# This file should contain an entry to start the server on the
# local display; if you have more than one display (not screen),
# you can add entries to the list (one per line).  If you also
# have some X terminals connected which do not support XDMCP,
# you can add them here as well.  Each X terminal line should
# look like:
#   XTerminalName:0 foreign
#
:0 local /usr/X11R6/bin/X


-----------------------------------------------

Here is the gdm.conf file (/etc/X11/gdm/gdm.conf) without comment lines:

[daemon]
AutomaticLoginEnable=false
AutomaticLogin=

TimedLoginEnable=false
TimedLogin=
TimedLoginDelay=30

Greeter=/usr/bin/gdmgreeter

DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin
RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin


User=gdm
Group=gdm
LogDir=/var/log/gdm
PidFile=/var/run/gdm.pid
PostLoginScriptDir=/etc/X11/gdm/PostLogin/
PreSessionScriptDir=/etc/X11/gdm/PreSession/
PostSessionScriptDir=/etc/X11/gdm/PostSession/
DisplayInitDir=/etc/X11/gdm/Init
XKeepsCrashing=/etc/X11/gdm/XKeepsCrashing
ServAuthDir=/var/gdm
BaseXsession=/etc/X11/xdm/Xsession
DefaultSession=default.desktop
UserAuthDir=
UserAuthFBDir=/tmp
UserAuthFile=.Xauthority
StandardXServer=/usr/X11R6/bin/X
Xnest=/usr/X11R6/bin/Xnest -audit 0 -name Xnest

[security]
AllowRoot=true
AllowRemoteRoot=true
AllowRemoteAutoLogin=false
RelaxPermissions=0
RetryDelay=1
UserMaxFile=65536

[xdmcp]
Enable=true
HonorIndirect=true
Willing=/etc/X11/gdm/Xwilling

[gui]
GtkRC=/usr/share/themes/Bluecurve/gtk-2.0/gtkrc

[greeter]
TitleBar=false
ConfigAvailable=false
Browser=false
MinimalUID=500
Logo=
BackgroundColor=#20305a
ShowGnomeFailsafeSession=false
ShowLastSession=false
GraphicalTheme=Bluecurve
GraphicalThemeDir=/usr/share/gdm/themes/

[chooser]
HostImageDir=/usr/share/hosts/
Hosts=

[debug]
Enable=true

[servers]
0=Standard


[server-Standard]
name=Standard server
command=/usr/X11R6/bin/X -audit 0
flexible=true

[server-Terminal]
name=Terminal server
command=/usr/X11R6/bin/X -audit 0 -terminate
flexible=false
handled=false

[server-Chooser]
name=Chooser server
command=/usr/X11R6/bin/X -audit 0
flexible=false
chooser=true

 

by: gheistPosted on 2005-08-03 at 10:42:24ID: 14591202

Newer kdm uses own config file (3.4+). This has to be noted for example for Mandriva(or -ake)

 

by: deanabbPosted on 2005-08-03 at 11:09:55ID: 14591451

Interesting...I hadn't thought to look for kdm config files in particular. I didn't know where to find them, so did a quick Vivisimo search and found that they are in /usr/share/config/kdm, most of its files linking to /etc/X11/xdm. If found the file kdmrc which looks like it's the same format as xdm-config. I found settings in kdmrc there that said:

[Xdmcp]
# Whether KDM should listen to XDMCP requests. Default is true.
Enable=false

and changed it to
Enable=true

I'll let you know how it works once I'm allow to interrupt development to try it out.

Dean

 

by: gheistPosted on 2005-08-03 at 11:32:25ID: 14591634

xdmcp is network listener, so you can connect from anywhere in network and get login display (subject to Xaccess restrictions)

 

by: deanabbPosted on 2005-08-03 at 15:59:07ID: 14594001

So what is the recommendation? I did try turning Enable to true in the 'kdmrc" file to no avail. If the display is using Gnome, will kdmrc be used at all anyway?
As you can see from the gdm.conf file, -nolisten is not set. What else could it be? Or, alternatively, could you post or know where I can find a set of gdm.conf / xdm config files that will allow tcp:6000 listening?

 

by: gheistPosted on 2005-08-03 at 22:25:54ID: 14595470

kdm does not apply to Fedora
gdm has to be configured
so
what does natstat -an | grep 6000 show ???

 

by: gheistPosted on 2005-08-03 at 22:26:09ID: 14595471

netstat -an | grep 6000

 

by: GnsPosted on 2005-08-04 at 00:46:29ID: 14595918

Arhum, this is probably gdm, yes. Let's find out:
ps xww|grep dm|grep -v grep
.... should show one of gdm, kdm or xdm (or in rare cases like Mdk/Mdv you might have bastards like mdkkdm:).

If it is gdm, then you have the DisallowTCP option in gdm.conf that defaults to true on most distros... Set it explicitly to false and see what happens when you restart gdm...

It is easy to see if X gets spawned off with the nolisten flag too:
ps xww|grep X11|grep -v grep
... would show it nicely;-).

-- Glenn

 

by: GnsPosted on 2005-08-04 at 00:49:19ID: 14595929

Oh and incidentally, Andrew is quite correct that XDMCP is _not_ needed, unless you want Sys0s gdm to be able to MANAGE "foreign" displays. Not really what we're aiming at here;-/

-- Glenn

 

by: GnsPosted on 2005-08-04 at 00:53:02ID: 14595946

.... just to be clear:
The sole function of the DisallowTCP setting is to "automagically" add "-nolisten tcp" to any X server commandline handled by gdm _except_ those handling XDMCP things (-query and -indirect basically).

-- Glenn

 

by: deanabbPosted on 2005-08-04 at 08:33:52ID: 14599302

netstat -an | grep 6000 shows nothing. Thanks for the info on XDMCP--that eliminates those options.  So, if something is happening "automagically" (I love that term), how can I not so automagically Allow TCP?

Also, in case it is of interest,

[root@Sys0 xdm]# nmap -sT localhost

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2005-08-04 11:28 AST
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1648 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
22/tcp    open  ssh
25/tcp    open  smtp
111/tcp   open  rpcbind
513/tcp   open  login
514/tcp   open  shell
631/tcp   open  ipp
783/tcp   open  hp-alarm-mgr
32774/tcp open  sometimes-rpc11
32775/tcp open  sometimes-rpc13

Nmap run completed -- 1 IP address (1 host up) scanned in 0.363 seconds
[root@Sys0 xdm]# nmap -sT 204.100.186.247

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2005-08-04 11:29 AST
Interesting ports on Sys0 (204.100.186.247):
(The 1652 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
22/tcp    open  ssh
111/tcp   open  rpcbind
513/tcp   open  login
514/tcp   open  shell
32774/tcp open  sometimes-rpc11

Nmap run completed -- 1 IP address (1 host up) scanned in 0.363 seconds

 

by: deanabbPosted on 2005-08-04 at 08:37:20ID: 14599348

Do I just put in

DisallowTCP=false

in gdm.conf?

Does it matter where?

 

by: gheistPosted on 2005-08-04 at 09:56:47ID: 14600143

 

by: GnsPosted on 2005-08-04 at 12:30:43ID: 14601754

... For clarity.... It goes in the [security] section...

And don't forget that you need restart gdm (perhaps by a reboot, or a simple "telinit 3; telinit 5" cycle).

-- Glenn

 

by: gheistPosted on 2005-08-04 at 12:54:00ID: 14601970

telinit sequence on terminal that does not run X ... for example gnu screen or one accessed by Ctrl-Alt-F1 keypress

 

by: deanabbPosted on 2005-08-04 at 13:31:11ID: 14602349

FYI: whenever I tried to make the change (DisallowTCP=false) and then reboot the server (via ctr-alt-backspace), it didn't take. Rebooting did.

 

by: gheistPosted on 2005-08-04 at 22:05:11ID: 14604971

As if I did non knew....

 

by: GnsPosted on 2005-08-05 at 01:37:49ID: 14605663

> FYI: whenever I tried to make the change (DisallowTCP=false) and then reboot the server (via ctr-alt-backspace), it
> didn't take. Rebooting did.

This is because then you only restart _the X server_, not the gdm process that is spawning X.

Come to think of it, perhaps FC3 has moved on from having prefdm (the script that actually starts the display manager) in /etc/inittab, unto having it as a separate init-script (the "dm" service)... In that case one could have just done "service dm restart" ... Well, no matter, a reboot would do nicely:-).

Anyway, glad to see your problem is solved!

-- Glenn

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...