Authentication failed with error 6

Forums / NoMachine for Linux / Authentication failed with error 6

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #2653
    Maccas
    Participant

    I’m connecting from a Windows 7 machine running NXSERVER-4.1.29 to a CentOS 6.5 virtual machine server running NXSERVER-4.1.29 with GNOME.

    I’m unable to connect to the server, I keep getting “Authentication Failed. This is despite using account details that I know are definitely correct.

    SELinux and IPTables are disabled.  I see the following in the nxerror.log:

    Info: Handler started with pid 2778 on Wed Mar 5 21:33:33 2014.
    Info: Handling connection from 10.50.0.9 port 49649 on Wed Mar 5 21:33:33 2014.
    nxexecPAMCheckCredentials: Authentication failed with error 6.
    Info: Connection from 10.50.0.9 port 49649 closed on Wed Mar 5 21:33:41 2014.
    Info: Handler with pid 2778 terminated on Wed Mar 5 21:33:41 2014.
    Info: Handler started with pid 2797 on Wed Mar 5 21:33:42 2014.
    Info: Handling connection from 10.50.0.9 port 49654 on Wed Mar 5 21:33:42 2014.

    Any ideas what authentication failed with error 6 means?

    Thanks

    #2669
    adp
    Participant

    Hello,

     

    Error 6 means that permission is denied for the user. If you say that you enter the proper credentials then we might need some more info to figure out what goes wrong. If you could send us to issues [at] nomachine [dot] com the following information from your CentOS host:

     

    1) /etc/pam.d/nx, /etc/pam.d/su, /etc/pam.d/system-auth, /etc/pam.d/sshd, /etc/pam.d/password-auth files

    2) output of the command (after reproducing the issue):

    sudo grep -r nxexec /var/log/*

    Thank you.

    #2738
    Maccas
    Participant

    Just to update this – we discussed this further offline and the developers found the issue is because PAM had been configured to enforce membership of the wheel group to allow su usage. /etc/pam.d/su contained:

    auth required pam_wheel.so use_uid

    The information I received was:

    Our user “nx” is not in the wheel group while this PAM configuration requires
    that nx is in that group to allow authentication working properly.

    We now ship our own /etc/pam.d/nx module which can separate PAM
    configuration that is used by NoMachine from the one used by SU service.

    So, possible solutions are:

    1) Comment out the problematic line in /etc/pam.d/su.

    2) If you don’t want to change the su configuration,  please replace the
    /etc/pam.d/nx module with the file attached to this mail.

    It’s a clean copy of your  “su” configuration file just with the problematic line removed.
    In this way you can use a custom policy only for NoMachine and don’t need to change
    your “su” configuration.  Feel free to edit the nx file according to your needs.

    I wanted this restriction to remain so I created the specific nx module suggested, which contained:

    auth            sufficient      pam_rootok.so
    auth            include         system-auth
    account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
    account         include         system-auth
    password        include         system-auth
    session         include         system-auth
    session         optional        pam_xauth.so

    Can’t fault the developers who responded. Excellent support to help troubleshoot this issue.

Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as solved, you can't post.