NoMachine 4.0.369 PAM and Kerberos authentication problem

Forums / NoMachine Cloud Server Products / NoMachine 4.0.369 PAM and Kerberos authentication problem

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #1866
    johnv2
    Participant

    Hello,

    The server is running Ubuntu Precise 12.04.3 LTS and has NoMachine 4.0.369-2 installed.  I’m using the evaluation NoMachine Enterprise Client for Windows running on Windows 7.

    We use PAM+Kerberos for authentication and it’s already setup and working on the server.  NoMachine 3.5 was previously setup and working just fine.  Now I have an interest in using NoMachine 4 and the NX protocol.

    After installing the server, making the necessary changes to server.cfg, and manually starting nxd, when I try to authenticate I get the message “The connection to the server was lost”.

    Here are what I think are the important settings in server.cfg that have been configured.

    EnableUserDB 0

    EnablePasswordDB 0

    EnableGSSAPIAuthentication 1

    When I start the server and try to authenticate I see the following in the NX logs.

    10:40:07:539.747 NXSERVER-4.0.369[1274] DEBUG: sent request message ‘NX> 250 Properties: password required for MYHOSTNAME port: 22 service login: ‘
    10:40:07:540.041 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:541.439 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:541.544 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:541.641 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:541.730 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:541.823 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:541.912 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:542.038 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:542.134 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:542.228 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:542.323 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:542.416 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:542.505 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:542.599 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:542.707 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:542.800 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:542.890 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:542.982 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:543.071 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:543.164 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:543.269 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead nxselect delay – 5
    10:40:07:543.390 NXSERVER-4.0.369[1274] DEBUG: NXParser: checkCanRead have: 11
    10:40:07:543.485 NXSERVER-4.0.369[1274] DEBUG: received response ‘**********’
    10:40:07:546.963 NXSERVER-4.0.369[1274] DEBUG: kinit pid is: 1286
    10:40:07:547.190 NXSERVER-4.0.369[1274] ERROR: NXSelector: trying to add empty descriptor from (NXNssUserManager, (eval 94), 231, NXNssUserManager::handle_kinit).
    10:40:07:547.282 NXSERVER-4.0.369[1274] DEBUG: Finalize process.
    10:40:07:547.433 NXSERVER-4.0.369[1286] WARNING: Trying to add wrong pid ‘0’.
    10:40:07:547.551 NXSERVER-4.0.369[1274] DEBUG: NXClose, arg: 4 from Common::NXCore, (eval 63), 1483, NXBegin::finalizeProcess
    10:40:07:547.667 NXSERVER-4.0.369[1274] DEBUG: NXClose, arg: 11 from Common::NXCore, (eval 63), 1483, NXBegin::finalizeProcess
    10:40:07:547.742 NXSERVER-4.0.369[1274] DEBUG: NXClose, arg: 5 from Common::NXCore, (eval 63), 1483, NXBegin::finalizeProcess
    10:40:07:548.221 NXSERVER-4.0.369[1286] DEBUG: sent response message ‘NX> 598 ERROR: Can’t call method “slave” on an undefined value .’
    10:40:07:548.311 NXSERVER-4.0.369[1286] DEBUG: NXPL was already loaded.
    10:40:07:548.365 NXSERVER-4.0.369[1286] DEBUG: NXPL::NXGetRandomString start.
    10:40:07:548.478 NXSERVER-4.0.369[1286] DEBUG: NXPL::NXGetRandomString stop.
    10:40:07:548.566 NXSERVER-4.0.369[1286] DEBUG: Finalize process.
    10:40:07:548.791 NXSERVER-4.0.369[1286] DEBUG: NXClose, arg: 4 from Common::NXCore, (eval 63), 1483, NXBegin::finalizeProcess
    10:40:07:548.893 NXSERVER-4.0.369[1286] DEBUG: NXClose, arg: 11 from Common::NXCore, (eval 63), 1483, NXBegin::finalizeProcess
    10:40:07:548.957 NXSERVER-4.0.369[1286] DEBUG: NXClose, arg: 5 from Common::NXCore, (eval 63), 1483, NXBegin::finalizeProcess

    Unfortunately Google hasn’t been helpful when searching for “Nomachine nxselector”.  🙁

    I assume I missed some steps, or have something setup incorrectly, however I haven’t been able to identify what even after reading through the NoMachine Guide to Authentication Methods.

    Does anyone have ideas or suggestions I should try?

    Thanks in advance.

    #1894
    adp
    Participant

    Dear johnv2,
    NoMachine should suit your needs out of the box without any additional server configuration. Please excuse the confusion caused by the EnableGSSAPIAuthentication key of our server’s config file. This key is obsolete and should no longer be used. This will be corrected in the upcoming 4.1 release.

    And to answer your question – to use PAM with Kerberos in NoMachine the only steps you need to carry out are:

    1) If you have already changed EnableGSSAPIAuthentication in server.cfg to 1, please change it back to 0 or comment it out. If you’ve just installed the server, you don’t have to do anything.

    2) In the Player please be sure you’ve chosen NX protocol with password authorization.

    3) Start the connection, enter your username and Kerberos password. That’s it. This procedure should have you authenticated with Kerberos using PAM.

Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.