Authentication Failed?

Forum / NoMachine for Linux / Authentication Failed?

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #1563
    hchan
    Participant

    Hi,

    I did:

    – used nomachine client 4 to connect to Linux machine

    – ran passwd to change my password

    – sudo reboot

     

    After rebooting, I used the new password to logon, and my nomachine client said, “Authentication failed, please try again”.

    I ssh-ed into my machine and looked at /usr/NX/var/log/nxserver.log:

    21:37:54:072.258 NXNODE-4.0.367[24792] WARNING: Socket to nxclient –monitor was closed.

    21:37:54:196.630 NXNODE-4.0.367[24792] ERROR: shutdown: cannot remove agent authority cookies, giving up

    21:37:54:196.887 NXNODE-4.0.367[24792] ERROR: Cannot rename directory ‘/home/[my username]/.nx/C-localhost.localdomain-0-C8146493C6772DD6DCE14C3970F51B34’ moved into ‘/home/[my username]/.nx/T-C-localhost.localdomain-0-C8146493C6772DD6DCE14C3970F51B34’: No such file or directory

    21:37:55:746.580 NXSERVER-4.0.367[27473] User ‘[my username]’ from ‘192.168.5.1’ logged out.

    21:38:02:087.513 NXSERVER-4.0.367[10546] ERROR: process with pid ‘27821’ has died because signal: 13

    21:39:01:598.449 NXSERVER-4.0.367[2785] Starting NoMachine server and services.

    21:39:08:538.627 NXSERVER-4.0.367[2820] WARNING: username [gdm] do not match local session type [desktop].

    21:39:34:928.982 NXSERVER-4.0.367[2896] ERROR: Reached timeout of 20s while trying nxexec authentication for user ‘[my username]’, to ‘127.0.0.1’, port ’22’.

    21:39:34:930.925 NXSERVER-4.0.367[2896] ERROR: process with pid ‘3113’ has died because signal: 9

    21:39:34:931.135 NXSERVER-4.0.367[2896] ERROR: Error while trying to authenticate user:[my username]. NXNssUserManager::auth returned 1

    21:39:34:931.355 NXSERVER-4.0.367[2896] ERROR: wrong ‘nxexec authentication’ for user ‘[my username]’ from ‘192.168.5.1’.

    21:40:01:666.863 NXSERVER-4.0.367[3115] ERROR: Reached timeout of 20s while trying nxexec authentication for user ‘[my username]’, to ‘127.0.0.1’, port ’22’.

    21:40:01:673.925 NXSERVER-4.0.367[3115] ERROR: process with pid ‘3127’ has died because signal: 9

    21:40:01:674.153 NXSERVER-4.0.367[3115] ERROR: Error while trying to authenticate user:[my username]. NXNssUserManager::auth returned 1

    21:40:01:674.447 NXSERVER-4.0.367[3115] ERROR: wrong ‘nxexec authentication’ for user ‘[my username]’ from ‘192.168.5.1’.

    21:40:27:164.047 NXSERVER-4.0.367[3135] ERROR: Reached timeout of 20s while trying nxexec authentication for user ‘[my username]’, to ‘127.0.0.1’, port ’22’.

    21:40:27:165.883 NXSERVER-4.0.367[3135] ERROR: process with pid ‘3147’ has died because signal: 9

    21:40:27:166.079 NXSERVER-4.0.367[3135] ERROR: Error while trying to authenticate user:[my username]. NXNssUserManager::auth returned 1

    21:40:27:166.297 NXSERVER-4.0.367[3135] ERROR: wrong ‘nxexec authentication’ for user ‘[my username]’ from ‘192.168.5.1’.

    21:41:47:680.651 NXSERVER-4.0.367[3151] ERROR: Reached timeout of 20s while trying nxexec authentication for user ‘[my username]’, to ‘127.0.0.1’, port ’22’.

    21:41:47:682.988 NXSERVER-4.0.367[3151] ERROR: process with pid ‘3198’ has died because signal: 9

    21:41:47:683.263 NXSERVER-4.0.367[3151] ERROR: Error while trying to authenticate user:[my username]. NXNssUserManager::auth returned 1

    21:41:47:683.530 NXSERVER-4.0.367[3151] ERROR: wrong ‘nxexec authentication’ for user ‘[my username]’ from ‘192.168.5.1’.

    21:42:54:566.707 NXSERVER-4.0.367[3202] ERROR: Reached timeout of 20s while trying nxexec authentication for user ‘[my username]’, to ‘127.0.0.1’, port ’22’.

    21:42:54:569.154 NXSERVER-4.0.367[3202] ERROR: process with pid ‘3216’ has died because signal: 9

    21:42:54:569.335 NXSERVER-4.0.367[3202] ERROR: Error while trying to authenticate user:[my username]. NXNssUserManager::auth returned 1

    21:42:54:569.526 NXSERVER-4.0.367[3202] ERROR: wrong ‘nxexec authentication’ for user ‘[my username]’ from ‘192.168.5.1’.

     

     

    Any idea what goes wrong?

    #1591
    graywolf
    Participant

    Hello.

    Could you post the messages printed in /usr/NX/var/log/nxerror.log? They would give us hints about the reason of the authentication failure.

    #1609
    hchan
    Participant

    Thanks for your reply.

    Here is the log:

    Info: Handler with pid 27473 terminated on Mon Jan  6 21:26:52 2014.

    24792 24792 21:37:54 201.416 System/System: WARNING! Child pid 27718 not handled in system at 0x7ff8bb2fa780.

    NX> 900 Session id: 0ED64C30C13C214CC0763D3D303E141A terminated.

    NX> 900 Session id: 52CF01FA3BDA9628769432EC4840C163 terminated.

    NX> 900 Session id: 0ED64C30C13C214CC0763D3D303E141A terminated.

    NX> 900 Session id: 52CF01FA3BDA9628769432EC4840C163 terminated.

    2785 2785 21:39:02 187.407 System/System: WARNING! Child pid 2809 not handled in system at 0x7f002f555780.

    Info: Handler started with pid 2896 on Mon Jan  6 21:39:04 2014.

    Info: Handling connection from 192.168.5.1 port 61510 on Mon Jan  6 21:39:04 2014.

    Info: Connection from 192.168.5.1 port 61510 closed on Mon Jan  6 21:39:34 2014.

    Info: Handler with pid 2896 terminated on Mon Jan  6 21:39:34 2014.

    Info: Handler started with pid 3115 on Mon Jan  6 21:39:35 2014.

    Info: Handling connection from 192.168.5.1 port 45123 on Mon Jan  6 21:39:35 2014.

    Info: Connection from 192.168.5.1 port 45123 closed on Mon Jan  6 21:40:01 2014.

    Info: Handler with pid 3115 terminated on Mon Jan  6 21:40:01 2014.

    Info: Handler started with pid 3135 on Mon Jan  6 21:40:02 2014.

    Info: Handling connection from 192.168.5.1 port 8280 on Mon Jan  6 21:40:02 2014.

    Info: Connection from 192.168.5.1 port 8280 closed on Mon Jan  6 21:40:27 2014.

    Info: Handler with pid 3135 terminated on Mon Jan  6 21:40:27 2014.

    Info: Handler started with pid 3151 on Mon Jan  6 21:40:27 2014.

    Info: Handling connection from 192.168.5.1 port 16468 on Mon Jan  6 21:40:27 2014.

    Info: Connection from 192.168.5.1 port 16468 closed on Mon Jan  6 21:41:47 2014.

    Info: Handler with pid 3151 terminated on Mon Jan  6 21:41:47 2014.

    Info: Handler started with pid 3202 on Mon Jan  6 21:41:48 2014.

    Info: Handling connection from 192.168.5.1 port 20589 on Mon Jan  6 21:41:48 2014.

    Info: Connection from 192.168.5.1 port 20589 closed on Mon Jan  6 21:42:54 2014.

    Info: Handler with pid 3202 terminated on Mon Jan  6 21:42:54 2014.

    Info: Handler started with pid 3220 on Mon Jan  6 21:42:55 2014.

    Info: Handling connection from 192.168.5.1 port 36964 on Mon Jan  6 21:42:55 2014.

     

    #1623
    Geekazoid
    Participant

    Hello,

    I’m also having troubles with the authentication when using NX 4.

    Setup – NX client Ubuntu 12.04 nomachine_4.0.369_1_i386 / NX server SLES10SP2 nomachine_4.0.369_1_i686. I’m using the standard setup after installation without any modifications:

    — Client logs:

    connection

    HELLO NXSERVER – Version 4.0.369 – NoMachine

    NX> 105 Hello NXCLIENT – Version 4.0.369

    NX> 134 Accepted protocol: 4.0.369

    NX> 105 Set shell_mode: shell

    NX> 105 Set auth_mode: password

    NX> 105 Login

    NX> 250 Properties: username required for mcs-master port: 22 service login: cgsadmin

    NX> 250 Properties: password required for mcs-master port: 22 service login:

    session

    Info: Starting NoMachine version 4.0.369.

    Info: Loading settings from ‘.nx/config/nxplayer.cfg’.

    28893 28893 14:54:25 551.723 Main: Creating the client session.

    28893 28893 14:54:25 551.799 ClientSession: Initializing session at 0x9151a68.

    28893 28893 14:54:25 551.845 ClientSession: Change state to ‘Initializing’.

    28893 28893 14:54:25 551.943 ClientSession: Created new view at 0x9152578 with label ‘MainWindowView’ and value ‘0x8271150’.

    28893 28893 14:54:25 611.678 ClientSession: Created new view at 0x9153e68 with label ‘MenuPanelView’ and value ‘0x8271150’.

    28893 28893 14:54:25 965.884 ClientSession: Created new view at 0x9371ae0 with label ‘SessionWizardView’ and value ‘0x8271150’.

    28893 28893 14:54:26 078.223 ClientSession: Change state to ‘Initialized’.

    28893 28893 14:54:26 078.460 ClientSession: Initialized session at 0x9151a68.

    28893 28893 14:54:26 078.486 Main: Entering the GUI event loop.

    28893 28893 14:54:26 862.282 ClientSession: Going to handle running children.

    28893 28893 14:54:28 326.439 ClientSession: Going to handle running children.

    28893 28893 14:54:29 736.994 ClientSession: Going to handle running children.

    28893 28893 14:54:30 358.753 ClientSession: Starting session at 0x9151a68.

    28893 28893 14:54:30 358.783 ClientSession: Change state to ‘Starting’.

    28893 28893 14:54:30 359.277 ClientSession: Going to start session ‘/home/user/Documents/NoMachine/Connection to 192.168.169.191.nxs’.

    28893 28893 14:54:30 368.457 Connection: Disabling interactive session.

    28893 28893 14:54:30 368.510 ClientSession: Created local ’10’ and remote ’11’ descriptors for the connection signaling.

    28893 28893 14:54:30 368.573 Connection: Initializing connection at 0x9443c38.

    28893 28893 14:54:30 368.635 Connection: Initialized connection at 0x9443c38.

    28893 28893 14:54:30 368.650 Connection: Starting connection at 0x9443c38.

    28893 28893 14:54:30 368.662 ClientDaemonConnector: Starting a new connection to host ‘192.168.169.191’ on port ‘4000’.

    28893 28893 14:54:30 368.777 Connection: Started connection at 0x9443c38.

    Info: Connection to 192.168.169.191 port 4000 started at 14:54:30 370.491.

    28893 28893 14:54:30 373.453 ClientSession: Change state to ‘Started’.

    28893 28893 14:54:30 373.470 ClientSession: Started session at 0x9151a68.

    28893 28893 14:54:30 389.104 ClientSession: Created new view at 0x9398a38 with label ‘ProgressView’ and value ‘0x8271150’.

    28893 28929 14:54:31 465.775 ClientSession: A valid certificate for this server was found.

    28893 28893 14:54:31 501.973 ClientSession: Created new view at 0x9428608 with label ‘AuthenticationView’ and value ‘0x8271150’.

    28893 28893 14:54:33 653.696 ClientSession: Destroying view at 0x9428608.

    Info: Connection to 192.168.169.191 port 4000 closed at 14:54:33 669.872.

    28893 28893 14:54:33 675.503 Connection: Connection at 0x9443c38 failed.

    28893 28893 14:54:33 675.515 ClientSession: Runnable at 0x9443c38 caused the session at 0x9151a68 to fail.

    28893 28893 14:54:33 675.531 ClientSession: Failing reason is ‘Authentication failed for user cgsadmin’.

    28893 28893 14:54:33 675.547 ClientSession: Ignoring failure and restarting the connection.

    28893 28893 14:54:33 675.561 Connection: Finishing connection at 0x9443c38.

    28893 28893 14:54:33 675.570 Connection: Stopping connection at 0x9443c38.

    28893 28893 14:54:33 675.591 ClientDaemonConnector: Stopping the current connection.

    28893 28893 14:54:33 675.814 Connection: Disabling interactive session.

    28893 28893 14:54:33 675.835 Connection: Stopped connection at 0x9443c38.

    28893 28893 14:54:33 675.844 ClientDaemonConnector: Stopping the current connection.

    28893 28893 14:54:33 675.866 Connection: Finished connection at 0x9443c38.

    28893 28893 14:54:33 675.876 Connection: Initializing connection at 0x9443c38.

    28893 28893 14:54:33 675.924 Connection: Initialized connection at 0x9443c38.

    28893 28893 14:54:33 675.940 Connection: Starting connection at 0x9443c38.

    28893 28893 14:54:33 675.951 ClientDaemonConnector: Starting a new connection to host ‘xx.xx.xx.xx’ on port ‘4000’.

    28893 28893 14:54:33 676.046 Connection: Started connection at 0x9443c38.

    28893 28893 14:54:33 676.058 Connection: Stop reading because of parser request.

    Info: Connection to xx.xx.xx.xx port 4000 started at 14:54:33 676.798.

    28893 28944 14:54:34 725.979 ClientSession: A valid certificate for this server was found.

     

    — server logs:

    nxerror.log

    Info: Handler started with pid 10105 on Wed Jan  8 13:54:31 2014.

    Info: Handling connection from 10.61.15.135 port 47099 on Wed Jan  8 13:54:31 2014.

    nxexecPAMCheckCredentials: Authentication failed with error 28.

    Info: Connection from 10.61.15.135 port 47099 closed on Wed Jan  8 13:54:33 2014.

    nxserver.log

    13:51:48:223.287 NXSERVER-4.0.369[9789] Starting NoMachine server and services.

    13:51:59:768.183 NXSERVER-4.0.369[9909] ERROR: Error while trying to authenticate user:cgsadmin. NXNssUserManager::auth returned 1

    13:51:59:768.463 NXSERVER-4.0.369[9909] ERROR: wrong ‘nxexec authentication’ for user ‘cgsadmin’ from ‘xx.xx.xx.xx’.

    13:53:49:334.153 NXNODE-4.0.369[9856] ERROR: NXUpdate: Unable to copy [/usr/NX/var/log/nxnode/C-mcs-master-1001-93F1D893442677AEFEE52CB4C763E3D0/authority] to [/var/NX/nx/.nx/temp/autho

    rity]

    13:54:17:013.699 NXSERVER-4.0.369[9940] ERROR: Error while trying to authenticate user:cgsadmin. NXNssUserManager::auth returned 1

    13:54:17:013.937 NXSERVER-4.0.369[9940] ERROR: wrong ‘nxexec authentication’ for user ‘cgsadmin’ from ‘xx.xx.xx.xx’.

    13:54:33:666.545 NXSERVER-4.0.369[10105] ERROR: Error while trying to authenticate user:cgsadmin. NXNssUserManager::auth returned 1

    13:54:33:666.811 NXSERVER-4.0.369[10105] ERROR: wrong ‘nxexec authentication’ for user ‘cgsadmin’ from ‘xx.xx.xx.xx’.

     

    #1631
    Geekazoid
    Participant

    I checked the error “nxexecPAMCheckCredentials: Authentication failed with error 28.” on the nxerror.log which I think is the hint for the problem (at least mine). The /var/log/messages shows:

    Jan  9 08:49:25 server nxexec: PAM unable to dlopen(/lib/security/pam_unix2.so)

    Jan  9 08:49:25 server nxexec: PAM [error: /lib/security/pam_unix2.so: undefined symbol: pam_syslog]

    Jan  9 08:49:25 server nxexec: PAM adding faulty module: /lib/security/pam_unix2.so

    NX added a PAM configuration in /etc/pam.d/nxsshd which look fine for me. From what I understood about PAM it should be able to use local /etc/passwd,/etc/shadow, NIS and LDAP.

    #1641
    graywolf
    Participant

    hchan, it looks that authentication stage simply hangs and it is killed after a 20 seconds timeout. Do you have SELinux or similar protection running on your server? You can try to temporary set SELinux in permissive mode using the command:

    # setenforce 0

    Geekazoid, we are investigationg your issue to find why the load of PAM module fails. Could you check the PAM configuration of command “su” (look at files /etc/pam.d/su or /etc/security/pam.d/su) and if the “su” command works as expected?

    #1652
    Geekazoid
    Participant

    Thanks for the answer. “su” is working fine, I could switch from root to user, from user to user etc. with su – <username>. Here’s the default /etc/pam.d/su config used on the SLES10SP2 server:

    #%PAM-1.0

    auth     sufficient     pam_rootok.so

    auth     include        common-auth

    account  include        common-account

    password include        common-password

    session  include        common-session

    session  optional       pam_xauth.so

    #1653
    Geekazoid
    Participant

    I’ve done an strace incl. childs could see that the pam modules seem to be properly loaded. Username and password are correct and also correctly transmitted from client to server. Please find the strace as txt attached. Maybe it helps.

    #1775
    graywolf
    Participant

    Geekazoid,

    this issue looks very specific to some SUSE Linux distribution versions. For some reason, modules pam_unix.so and pam_unix2.so are not
    linked to libpam.so. This looks solved in more recent versions of SUSE.

    It will be fixed in the next release.

    #1778
    Geekazoid
    Participant

    Good morning,

    many thanks for the feedback. Unfortuantely I’m limited to SLES10SP2 in my environment but I’m very much looking forward to a fix in the next release of the nx software.

    #1881
    hchan
    Participant

    Graywolf, thanks for your tip.

    I didn’t expect SELinux turned back on after I turned it off long time back.

    Now, I edited /etc/sysconfig/selinux to make it off completely, and it works!

    Thanks!

    #2041
    Britgirl
    Participant
Viewing 12 posts - 1 through 12 (of 12 total)

This topic was marked as solved, you can't post.