Cannot create session directory

Forum / NoMachine for Mac / Cannot create session directory

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • July 15, 2019 at 16:01 #22936
    aristosv
    Participant

    I have a MacBook Pro running macOS Mojave, and it’s joined to a domain. NoMachine v6.7.6 is running on it.

    A local user can access the machine using the NX client. But when a domain user tries to access the machine the following error appears.

    The session negotiation failed.

    Error: Cannot create session directory: /Users/<username>/.nx Error is: Permission denied.

    This article explains the issue but doesn’t provide a solution.

    https://www.nomachine.com/TR10N07275

    July 16, 2019 at 09:36 #22950
    Britgirl
    Keymaster

    Do you use dynamic home directory mounting? If so, can you provide some details of how it’s configured? What authentication method do you use when connecting with NoMachine? Can you successfully establish SSH session for domain user to your MacBook?

    July 23, 2019 at 12:27 #23016
    allywilson
    Participant

    Same/similar issue here but on EL 7.6

    Linux domain joined machine. Local users are fine, domain users are fine, but if local user UID mapped to domain user then cannot logon, get the same error, but the path is different:

    <p style=”margin: 0px;”>Error: Cannot create session directory: /usr/NX/var/log/node/C-MachineName-1002-A81E7D1AD8392DB3A0591EAD90AA937F Error is: Operation not permitted</p>

    That directory (/usr/NX/var/log/node/) is owned by gdm and has 777 perms. It did also have the sticky bit specified, but I removed that (thinking it was the cause of the issue).

    Monitoring that directory with auditctl and can see that when connecting a “chown” is issued for the directory (even though it does not exist), aureport:

    448. 23/07/19 09:50:06 /usr/NX/var/log/node/C-MachineName-1002-A81E7D1AD8392DB3A0591EAD90AA937F chown no /usr/NX/bin/nxnode.bin LocalUsername 89729

    449. 23/07/19 09:50:06 /usr/NX/var/log/node/ rename yes /usr/NX/bin/nxnode.bin LocalUsername 89730

    450. 23/07/19 09:50:06 /usr/NX/var/log/node/ mkdir yes /usr/NX/bin/nxnode.bin LocalUsername 89728

    I can see the new directory created is an “F-C” dir:

    /usr/NX/var/log/node/F-C-MachineName-1002-A81E7D1AD8392DB3A0591EAD90AA937F

    The owner is the local user, the group is “domain users@our.domain” perms are rwxr-xr-x and the contents are empty.

    Oh, and currently using Free version (just getting it setup before moving to terminal server edition). Nomachine 6.7.6_11 x86_64

    July 25, 2019 at 12:40 #23053
    Cato
    Participant

    Hello allywilson,

    Please make sure that the local account mapping is correctly configured. Specifically, you should look into primary user’s group mapping: “domain users@our.domain” looks strange. It appears that user’s process doesn’t have rights to modify permissions on the directory it created.
    What’s the output of ‘id <user_name>’ command? Does it correctly report local ID for user, user’s primary group and all supplementary groups of user, including domain groups?

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.