Cato

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 92 total)
  • Author
    Posts
  • in reply to: Authentication failed with error 7 #25050
    AvatarCato
    Contributor

    Hello munsen70,

    Please, check permissions on nxexec file in <NoMachine_install_dir>/bin directory. Proper permissions should look like this:

    -r-sr-xr-x 1 root  root

    If the ‘s’ permission is missing you can fix this by running ‘chmod u+s nxexec’ from terminal as root user.

    If permissions are correct and the problem persists, see what’s logged inside /var/log/secure or /var/log/messages after failed authentication attempt.
    You can also try reusing sshd’s PAM configuration with NX protocol. To do so, run the following commands in terminal:

    sudo cp /etc/pam.d/nx /etc/pam.d/nx.ori
    sudo cp /etc/pam.d/sshd /etc/pam.d/nx

    in reply to: Authentication problems again #24380
    AvatarCato
    Contributor

    Hello jowski,

    For some reason permissions on your nxexec binary are incorrect. To fix the issue you need run ‘chmod u+s nxexec’ from terminal, inside NoMachine\bin directory, as root. Proper permissions look like this:

    -r-sr-xr-x 1 root  root

     

     

    in reply to: Authentication problems again #24356
    AvatarCato
    Contributor

    Hello jowski,

    What’s the output of ‘ls -la nxexec’ command executed in terminal in bin subdirectory of NoMachine installation directory?

    in reply to: Two-factor on Windows #23951
    AvatarCato
    Contributor

    Hello palmersu,

    NoMachine doesn’t currently support two-factor authentication to Windows machines. We suggest using public-key authentication which provides better security than password auth. This article describes how to set it up:

    https://www.nomachine.com/AR02L00785

    in reply to: Authentication error after update to 6.8.1 #23719
    AvatarCato
    Contributor

    Hello munsen70,

    Can you show us the output of following command ran in terminal on affected machine:

    stat /Applications/NoMachine.app/Contents/Frameworks/bin/nxexec

    You can also try to reuse SSH PAM configuration with NX protocol.
    To do so, run as root in terminal:

    cp /etc/pam.d/nx /etc/pam.d/nx.bak
    cp /etc/pam.d/sshd /etc/pam.d/nx

    Does it solve the issue?

    in reply to: Cannot open a virtual desktop #23549
    AvatarCato
    Contributor

    Hello cngc,

    may you please answer to the following questions?

    1) Do you use dynamic mounting of user’s home directory?

    2) If yes, can you share some details about your configuration?

    3) Do you use pam_mount or perhaps AFS?

    4) Does the problem occur when SELinux is disabled?

    5) Does the problem occur when you’are physically logged-in on the account of the problematic user on server host?

    6) To rule out possible problems with domain accounts binding, please execute in a terminal on the server host:

    id <user_name>

    Does it correctly report local ID for user, user’s primary group and all supplementary groups of user, including domain groups?

    AvatarCato
    Contributor

    Hello Thonno,

    NoMachine does not make a distinction between domain and local users during authentication process. If you want to perform authentication against LDAP server your system needs to be configured properly. These two articles describe how to setup OpenLDAP server and configure client machine for LDAP authentication.

    https://www.howtoforge.com/linux_ldap_authentication

    https://www.tecmint.com/configure-ldap-client-to-connect-external-authentication/

    It’s also possible to integrate Linux with Windows AD domain. Winbind and sssd are examples
    of technologies you can use to achieve that.

    in reply to: Windows-10: Failed to start nxserver process #23436
    AvatarCato
    Contributor

    Hello bpowell,

    Logs indicate that there’s a problem with obtaining security context of user nx. This might be related to incorrectly installed nxlsa module.

    To reinstall nxlsa module:

    1. Start cmd as Administrator.
    2. Change directory to bin subdirectory of NoMachine installation directory:

    ‘cd <path_to_nomachine_installation>\bin’

    3. Execute:

    nxservice64.exe –uninstall nxlsa

    4. Restart Windows.
    5. Repeat points 1. and 2.
    6. Execute:

    nxservice64.exe –install nxlsa

    7. Restart Windows.

    Alternatively you can simply uninstall NoMachine, perform restart, install NoMachine and restart Windows again.
    Let us know if you still experience the issue.

    in reply to: Cannot create session directory #23053
    AvatarCato
    Contributor

    Hello allywilson,

    Please make sure that the local account mapping is correctly configured. Specifically, you should look into primary user’s group mapping: “domain users@our.domain” looks strange. It appears that user’s process doesn’t have rights to modify permissions on the directory it created.
    What’s the output of ‘id <user_name>’ command? Does it correctly report local ID for user, user’s primary group and all supplementary groups of user, including domain groups?

    in reply to: Kerberos auth for Linux #22929
    AvatarCato
    Contributor

    Hello Jim,

    It’s not necessary for your workstation to be running kerberos server. It’s only required that NoMachine client host and NoMachine server host are properly configured members of the same, already existing, kerberos realm. Make sure that NoMachine player has access to valid kerberos ticket and that kerberos authentication is enabled in server.cfg on NoMachine server host.

    in reply to: Everytime I restart my Windows Event Viewer error #22647
    AvatarCato
    Contributor

    Hello x8009,

    We reproduced the issue with slow Windows reboot and created the TR:

    https://www.nomachine.com/TR03Q09214

    We’re also keen to fix it 🙂 We’re currently investigating how much faster can we make NoMachine services respond to Windows preshutdown event.

    in reply to: Using keys on a AD domain issues #22375
    AvatarCato
    Contributor

    Hello neal,

    NoMachine’s key authentication can’t be used for domain accounts. This limitation comes from the fact that it’s not possible to create domain user’s security context inside LSA (Local Security Authority) module. The alternative which you could use is Kerberos authentication method. However, this can only work if your client machine is part of the domain. We hope to add support for fingerprint authentication on Windows 10 later this year.

    in reply to: Problem with SSH access #22355
    AvatarCato
    Contributor

    Hello ebrandsberg,

    Please execute md5 command on private key files on both client NoMachine hosts, make sure that the results are exactly the same. With the release of version 7.8p1-1, openSSH introduced a new private key format (which is not currently compatible with NoMachine). We have opened a Trouble  Report, which you can see here and it includes a workaround.

    https://www.nomachine.com/TR02Q09140

    What’s the header of private key on your Mojave host? On which host did you generate key-pair?

    in reply to: Cannot write to .Xauthority #22137
    AvatarCato
    Contributor

    Hello Armaggedon,

    There are few possible reasons of problem with accessing .Xauthority file. Check if you can establish NoMachine session after following instructions for each of the listed scenarios separately.

    1. The home directory is not mounted.

    Start terminal ssh session to remote node host, to make sure that home directory is mounted.

    2. Home directory is mounted, but SELinux is preventing access.

    Follow this article to temporarily disable selinux or set it to permissive mode:

    https://linuxize.com/post/how-to-disable-selinux-on-centos-7

    3. The file has correct permission, but not the correct owner.

    Make sure that the owner of the file is the same as user who attempts to establish NoMachine session.

    4. There’s some difference in configuration between server machine and remote node machine.

    Look for potential differences in /etc/pam.d directories on ETS and TSN.

    AvatarCato
    Contributor

    Hello dhfrx,

    Can you connect to the NoMachine server host using terminal ssh client? Is it possible to establish ssh session for user experiencing the problem with NX? From information gathered so far, it appears that the host is part of the domain. What exact technology do you use? Is it Windows AD, LDAP server or something else? If this is Windows AD, did you make sure that domain group policy settings like, NetworkLogonRight are properly set in domain controller? Does the problem affect all domain users or just this one specific user?

Viewing 15 posts - 1 through 15 (of 92 total)