NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir

Forums / NoMachine for Linux / NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir

Tagged: , ,

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #40221
    fractal-admin
    Participant

    Hi,

    We are trying to NX to a Linux machine that’s directly integrated with SSSD-AD with NFSv4 (sec=krb5) mounted home directories. While doing so we are running into the below errors, can you please help fix this?

    /usr/NX/var/log/nxerror.log

    Info: Handler started with pid 2319 on Tue Sep 20 21:44:44 2022.
    Info: Handling connection from 192.168.0.214 port 38094 on Tue Sep 20 21:44:44 2022.
    2349 2349 21:44:57 797 nxexecPAMCheckCredentials: ERROR! Authentication failed.
    2349 2349 21:44:57 797 nxexecPAMCheckCredentials: Error code ‘7’, ‘Authentication failure’.
    Info: Connection from 192.168.0.214 port 38094 closed on Tue Sep 20 21:44:57 2022.

    /usr/NX/var/log/nxserver.log

    2354 2354 2022-09-20 21:44:58 022.714 NXSERVER Connected from remote machine ‘192.168.0.214’ using protocol ‘NX’.
    2354 2354 2022-09-20 21:45:06 690.856 NXSERVER User ‘contoso’ logged in from ‘192.168.0.214’ using authentication method NX-password.
    2417 2417 2022-09-20 21:45:09 586.763 NXSERVER Connected from remote machine ‘192.168.0.214’ using protocol ‘NX’.
    2417 2417 2022-09-20 21:45:09 938.212 NXSERVER ERROR! Received error message from node ‘:’, ‘Cannot write to .Xauthority file in /fs/althome/contoso on the local host. Please verify permission attributes for that file.’.
    1850 1850 2022-09-20 21:45:09 966.009 NXSERVER ERROR! NXFrameBuffer failed to start.
    1850 1850 2022-09-20 21:45:09 966.067 NXSERVER ERROR! Received error message from nxserver NX> 598 ERROR: Cannot write to .Xauthority file in /fs/althome/contoso on the local host. Please verify permission attributes for that file.
    2354 2354 2022-09-20 21:45:09 966.428 NXSERVER ERROR! Received error from nxserver –daemon NX> 598 ERROR: Cannot write to .Xauthority file in /fs/althome/contoso on the local host. Please verify permission attributes for that file.
    2354 2354 2022-09-20 21:45:09 976.354 NXSERVER Remote machine ‘192.168.0.214’ disconnected.
    2354 2354 2022-09-20 21:45:09 980.352 NXSERVER User ‘contoso’ from ‘192.168.0.214’ logged out.
    2354 2354 2022-09-20 21:45:09 980.806 NXSERVER Remote machine ‘192.168.0.214’ disconnected.

    sssd.conf is configured to allow ad_gpo_map_permit = +nx

    Also, node.cfg is modified to use:

    UsersDirectoryPath “/tmp/nxdir”

    Please let us know if we might be missing something obvious and silly as there are log mo components with SSSD-AD and not sure if that OR Kerberos authentication OR some of the NX settings would be required to be tuned to get this working. So, any help will be greatly appreciated.

    Rocky Linux 8.6, NXServer LS 8.0.168

    Thanks,

    #40232
    fractal-admin
    Participant

    More debugging leads to this being prevented for some reason and we are not sure what is causing this! Any thoughts on debugging this further OR how can we fix/workaround it?

    6057 6057 2022-09-21 03:39:33 882.951 NXSERVER ERROR! Received error message from node ‘:’, ‘Cannot write to .Xauthority file in /fs/althome/contoso on the local host. Please verify permission attributes for that file.’.

     

    #40284
    Cato
    Contributor

    Hello fractal-admin,

    When krb5 option is used, process accessing mounted directories need to have valid Kerberos credentials. This means that you either need to connect using Kerberos authentication with ‘Forward authentication’ enabled or password authentication with PAM stack for NX procotol configured so that it correctly obtains Kerberos ticket during authentication. The second option only works with virtual desktops.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.