Cannot create session directory

Forums / NoMachine for Mac / Cannot create session directory

This topic contains 3 replies, has 4 voices, and was last updated by Avatar Cato 3 weeks, 5 days ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #22936
    Avatar
    aristosv
    Participant

    I have a MacBook Pro running macOS Mojave, and it’s joined to a domain. NoMachine v6.7.6 is running on it.

    A local user can access the machine using the NX client. But when a domain user tries to access the machine the following error appears.

    The session negotiation failed.

    Error: Cannot create session directory: /Users/<username>/.nx Error is: Permission denied.

    This article explains the issue but doesn’t provide a solution.

    https://www.nomachine.com/TR10N07275

    #22950
    Avatar
    Britgirl
    Keymaster

    Do you use dynamic home directory mounting? If so, can you provide some details of how it’s configured? What authentication method do you use when connecting with NoMachine? Can you successfully establish SSH session for domain user to your MacBook?

    #23016
    Avatar
    allywilson
    Participant

    Same/similar issue here but on EL 7.6

    Linux domain joined machine. Local users are fine, domain users are fine, but if local user UID mapped to domain user then cannot logon, get the same error, but the path is different:

    <p style=”margin: 0px;”>Error: Cannot create session directory: /usr/NX/var/log/node/C-MachineName-1002-A81E7D1AD8392DB3A0591EAD90AA937F Error is: Operation not permitted</p>

    That directory (/usr/NX/var/log/node/) is owned by gdm and has 777 perms. It did also have the sticky bit specified, but I removed that (thinking it was the cause of the issue).

    Monitoring that directory with auditctl and can see that when connecting a “chown” is issued for the directory (even though it does not exist), aureport:

    448. 23/07/19 09:50:06 /usr/NX/var/log/node/C-MachineName-1002-A81E7D1AD8392DB3A0591EAD90AA937F chown no /usr/NX/bin/nxnode.bin LocalUsername 89729

    449. 23/07/19 09:50:06 /usr/NX/var/log/node/ rename yes /usr/NX/bin/nxnode.bin LocalUsername 89730

    450. 23/07/19 09:50:06 /usr/NX/var/log/node/ mkdir yes /usr/NX/bin/nxnode.bin LocalUsername 89728

    I can see the new directory created is an “F-C” dir:

    /usr/NX/var/log/node/F-C-MachineName-1002-A81E7D1AD8392DB3A0591EAD90AA937F

    The owner is the local user, the group is “domain users@our.domain” perms are rwxr-xr-x and the contents are empty.

    Oh, and currently using Free version (just getting it setup before moving to terminal server edition). Nomachine 6.7.6_11 x86_64

    #23053
    Avatar
    Cato
    Contributor

    Hello allywilson,

    Please make sure that the local account mapping is correctly configured. Specifically, you should look into primary user’s group mapping: ‚Äúdomain users@our.domain” looks strange. It appears that user’s process doesn’t have rights to modify permissions on the directory it created.
    What’s the output of ‘id <user_name>’ command? Does it correctly report local ID for user, user’s primary group and all supplementary groups of user, including domain groups?

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.