Can’t login “Authentication failed, please try again.”

[Zenith]

Hello everybody,

I’m trying to remotely access a Linux machine (server, Mint 19.2 (Tina) Cinnamon) through my (gaming) PC which is a Windows machine (client, 10 Pro x64). So if this is supposed to be in the Windows subforum I’m sorry. Maybe a mod or admin could place it there if this is the case!?

So I can’t login on my Linux machine from my Windows machine. NoMachine (I’m using the free version) shows the Linux machine, so that’s not the problem. Just when I try to login with the credentials of my Linux machine I get the error: “Authentication failed, please try again.”.

So I edited the server.cfg file (first only on the Linux machine, later both) and changed these settings:
#EnableUserDB 1
#
EnablePasswordDB 1

at the bottom of the server.cfg file:
# Host      192.168.1.12
# Port      4000
# User      *****
# Password  *********

But I’m still getting the same error. I also added a new user on the Linux machine in the terminal with this command:
sudo /usr/NX/bin/nxserver –useradd *****

I also restarted the server in between each change. What am I still missing?

And also, how can I restore the settings.cfg file back to default? I know… I should have made a duplicate (back up) before editing it, but I forgot.

Reason I’m asking this last thing, is because I think I used the wrong username of my Linux machine when I tried to login. So I could also still try that with the parameters in the settings.cfg returned to default. But I would like to learn how to change the login credentials regardless as I feel this might be useful in the future.

Hope somebody can help me out, thanks in advance! 🙂

[Zenith]

So someone on Reddit told that I should remove the brackets, so I did and now it looks like this:

#
# When WebRTC is enabled, set parameters for STUN/TURN utilities to
# permit NAT traversal for peer to peer direct video, audio and data
# streaming. Replace ‘hostname’ and ‘portnumber’ with the ip or host
# name of the network server; replace ‘username’ and ‘password’ with
# username and password to be used for authenticating to such server.
# If a TURN server has to be contacted, duplicate section below, set
# it to Section “TURN” and provide the appropriate values for Host,
# Port, User and Password parameters. Define multiple sections for
# different STUN or TURN servers to provide an alternative server
# in case the first of the list is not reachable.
#
# Section “STUN”
#
Host          192.168.1.12
Port           4000
User          username
Password  password
#
# EndSection

But it still doesn’t work. So I must still be doing something wrong. Even the server on my Linux Machine gives the authentication error now:

Hope somebody can help me out…

[Mth]

Hello

First thing about NoMachine config, the information you got is correct, when you set it like that:

#EnableUserDB 1
#
EnablePasswordDB 1

Even if you change the EnableUserDB key to 1, the whole line is still treated as comment line and ignored. You need to get rid of ‘#’ character for config line to be parsed.

Second, at the bottom of the config file, the Section “Server” and Section “STUN” are only when you are connecting to the server using web interface (usually through a web browser) and not NoMachine player application. And for standard usage the modifications here are usually
not required.

Also if you are using free version, the HTTP protocol is disabled, so those fragments can be simply ignored.

Then for the config file backups, I’m afraid there is no way to restore it in easy way. We provide some generic cfg.sample files, but the main .cfg are created during the installation procedure depending of operating system configuration. In other words, you can restore some of the keys by comparing
.cfg to .cfg-sample files, but the most important ones have to be created on installation.

And for the problem. Part of it of course may be that currently you have EnableUserDB key commented and by default it is set to 0. Although when EnablePasswordDB is set to 1 it should not provide the problem with login.

First what does EnablePasswordDB do. If it is set to 0, you can connect to the NoMachine server using any user account that is on that operating system by providing its username and system password.
When you set it to 1, by default you will not be able to connect at all.

So by doing ‘sudo /usr/NX/bin/nxserver –useradd *****’ you have provided the NoMachine database with the user.
When doing so you should have been prompted by the:

nxserver --useradd test
NX> 906 Setting password for user: test.
NX> 251 Password:
NX> 102 Confirm password:
NX> 110 Password for user 'test' has been added to the NX password DB.

And now, as long as EnablePasswordDB is set to 1, you need to provide this new password to connect.

There is a problem though, if you added that user before setting EnablePasswordDB to 1, there would have
been no new password prompt, and the user would not have its NoMachine password provided.
You would need to do the useraddd command again to fix it.

There is one exception to this, when using SSH connection protocol you still need to provide system password as per the SSH configuration, then after this you will be again prompted by the NoMachine password question.

So for now please try those things:

1. Remove the ‘#’ from server.cfg ‘#EnableUserDB 1’ line.

2. Run ‘sudo /usr/NX/bin/nxserver –useradd <username>’ again and see if you have password prompt, if yes, please
provide it and use that password to login. Be sure you are using NX protocol.

3. If still no use please run ‘sudo /usr/NX/bin/nxserver –passwd <username>’ and set new password again, just to rule
out there was no typos, and use that password to login.

4. If it still does not work, please set in server.cfg

EnableUserDB 0
EnablePasswordDB 0

And try to login using the system credentials.

5. If that attempt also fails, there may be more to this problem, and we would like to see the logs as there might me unexpected bug behind this.

Article on how to collect logs:

https://www.nomachine.com/DT10O00163 (“How to gather debug logs for support requests”)

Please enable the debug and then try to login again and send the logs to forum[at]nomachine[dot]com using the title of that forum’s thread as the mail’s subject.

/Mth

[Zenith]

Hello,

Thanks for the reply! I’m aware of the differences between STUN and Server, I just copied the wrong part. But since every post has to await moderation I couldn’t edit it anymore.

Logging in with system credentials simply doesn’t work (with EnableUserDB and EnablePasswordDB set to: 0). I want to control my Linux machine remotely, so I checked my username with the command: whoami (= oem (no clue why, haven’t chosen this myself)

I have to use my password often in Linux for certain proceedings, so there can’t really go much wrong there I feel (nothing?).

2. Run ‘sudo /usr/NX/bin/nxserver –useradd <username>’ again and see if you have password prompt, if yes, please
provide it and use that password to login. Be sure you are using NX protocol.

After that I get:
[sudo] password for oem:

Once I set that it seems to be good. I get a lot of info, but no errors or such it seems. At the bottom it says: Run a new nxserver shell.
When I run NoMachine server on the Linux machine it looks like this:

So it does mention ‘Changes disabled’ at the left bottom. I don’t feel that always has been there.

When I try to login on the Windows client now I get the same error. Just to be clear… I edited the server.cfg fiel on both machines the same way! I assume that this is correct?!

4. If it still does not work, please set in server.cfg

When changing EnableUserDB and EnablePasswordDB back to 0 (zero) and try to login using the system credentials (so user: oem + password) I also still get the same error.
Again to be sure, I changed both server.cfg files. The one on the Linux machine (server) and the Windows machine (client). And only before EnableUserDB, EnablePasswordDB and the server details I removed the # symbol. All the other text still has the # symbol in front of each line.

I made a compressed archive of the .nx directory and I will e-mail this. There is no nxtrace.log present/generated.

[Zenith]

I just now see that I get an error for this command:
sudo /usr/NX/bin/nxserver –useradd <username>

After I try to set the password I get the following error:
NX> 500 ERROR: Invalid command: ‘-useradd’

And then followed by a lot info about the various commands and options. So in hindsight, something has gone wrong at this step it seems…

[Mth]

Hello

I’m sorry, this forum seems to change double “-” signs to this big “–” when not written in code tags. The commands to use are:

sudo /usr/NX/bin/nxserver --useradd <username>
sudo /usr/NX/bin/nxserver --passwd <username>

But it seems this does not matter in this case.

I’m sorry I have not noticed before, but on that screenshot you sent you are in a completely wrong page.

This is not an connection attempt to the remote machine. This is an attempt to change settings on the server for the local machine.
If you click on this “lock icon” and the “Changes disabled”, you should get prompt for the local administrator account and password to enable the
settings changes, same if you try to change anything.

I am really not sure what is the case here, but to connect to another machine please use “New connection” instead of “Service status”
screen from the monitor tray icon, or use ‘nxplayer’ application.

/Mth

[Zenith]

I’m sorry I have not noticed before

No problem of course!

This is not an connection attempt to the remote machine. This is an attempt to change settings on the server for the local machine.

That is correct, but since I noticed that “Changes disabled” lock icon there. Which I never seen before, I thought I made a screenshot of that.

A screenshot of the Windows Client saying “Authentication failed, please try again.” didn’t seem necessary to post here.

I’m not quite sure what you mean with “use New connection” or the “nxplayer” application. Here are two screenshots of what I’m seeing in the Windows client:

So nothing strange there, except the error of course. I emailed the log like you said. Have you any idea what kind of ETA I can expect on an answer?

Thanks again for the reply!

Attachments:

1. 

   2019-01-14-NoMachine-Windows-client-screenshot-1.jpg
   

2. 

   2019-01-14-NoMachine-Windows-client-screenshot-2.jpg
   

[Mth]

Hello.

The player logs had nothing really meaningful, so I think we need the server side logs here.

Please check the system logs. For mint system the /var/log/auth.log should
say if the logging attempt was blocked by the system (entries for nx:auth).

Also as the nx service uses su module for authorization, please provide us the /etc/pam.d/su module
configuration. Also please note that if authorization uses Kerberos tool, you need to specify it before
connecting in the player (connection details -> advanced).

And at last please provide the NoMachine server logs. As your server is on Linux, please refer to point
‘1.1. Server on Linux’ of the article
https://www.nomachine.com/DT10O00163

Please enable logs, try to connect and then gather the logs. Send them to us just like before.

/Mth

 

[Zenith]

Hi,

Sorry for the late response.

I tried to do what you said. In var/log there is no auth.log file…

I can’t find ‘connection details/advanced’ in the player (that is the Windows client right?)

I used the following command as mentioned in the ‘How to gather debug logs for support requests’ from the Knowledge Base.:

oem@Zenith:~$ sudo tar cvfz NoMachine-log.tar.gz /usr/NX/var/log
[sudo] password for oem:
tar: Removing leading `/’ from member names
/usr/NX/var/log/
/usr/NX/var/log/archives/
/usr/NX/var/log/nxd.log
/usr/NX/var/log/logrotate/
/usr/NX/var/log/node/
/usr/NX/var/log/nxinstall.log
/usr/NX/var/log/nxserver.log
/usr/NX/var/log/nxerror.log
oem@Zenith:~$

This produced the following files and folders (if not already present before I executed the command):

folders: archives, logrotate, node
files: nxd, nxerror, nxinstall, nxserver (all .log)

I can’t copy/paste nxerror.log and nxserver.log to my NAS or Windows machine. I get the following error:
Error opening file /usr/NX/var/log/nxerror.log: Permission Denied. Despite elevated privileges in the log folder.

I also can’t find the /usr/NX/etc/pam.d/su module configuration. There is nothing located with the name ‘pam.d’ in the etc folder.

Where do I go from here?

Thanks in advance

[Mth]

Hello.

Unfortunately NoMachine logs cannot be read by a normal user, even if the directory
rights are proper. You will need sudoer or root account to access and copy them.
You can also use the command

etc/NX/nxserver --debug --collect

to make NoMachine collect and package them itself, but this command also requires
the sudo/root access.

As for the pam.d directory, it is not NoMachine configuration, but rather system
configuration, so it will not be in ‘/usr/NX’, but in system directory ‘/etc’.

/Mth

[Zenith]

Thanks for the reply!

I tried the commands:

etc/NX/nxserver --debug --collect

and

etc/NX/server --debug --collect

since there’s no ‘nxserver’ folder in NX, just ‘server’. Both give me this outcome:

bash: etc/NX/(nx)server: No such file or directory

I also tried both commands with sudo in front of it, but that gives me this message:

sudo etc/NX/(nx)server: command not found

The only folder present in the ‘server’ folder (in etc/NX) is ‘localhost’.

 

I DID find the /etc/pam.d folder and found a file called ‘su’. So I copied that to a folder where I save the files needed to provide. But still no luck on collecting the logs from the Linux server… and since I doubt I have a root account or sudoer (?) how will I ever be able to collect the files/logs that you need to be able to help me out?

I CAN provide the files: nxd.log, nxinstall.log and su. Would that be of any help?

Thanks in advance

 

[Mth]

Hello

Sorry for the confusion, the proper command would be:

sudo /etc/NX/nxserver --debug --collect

This command should point you to the generated archive, like:

NX> 900 Archive is: /usr/NX/var/log/archives/NoMachine-log-2020.02.12-10.28.14.zip

Please send this archive and the ‘su’ file to forum[at]nomachine[dot]com using the title of that forum’s thread as the mail’s subject.

/Mth

[Zenith]

Sorry for the late response, I was able to collect the debug archive this time. I feel so stupid for forgetting the forward slash before ‘etc’… complete Linux newbie here.

I mailed the files like you said, can’t wait for the response 🙂

Thanks in advance

[Britgirl]

Zenith, did you not send the logs in the end? We haven’t received them.

[Zenith]

Hello Britgirl,

I did send the e-mail on 25 February 2020 on 14:53u (or 02:53 pm) to forum[at]nomachine.com and it’s marked as sent. I didn’t receive an error, so it seems it has arrived. I used this as title: ‘Can’t login “Authentication failed, please try again.” (Linux forums)’.

So I added the ‘(Linux forums)’ part to the title, could that be the problem? Should I send it again?

Please let me know, thanks in advance!

[Author]

Posts