- This topic has 2 replies, 2 voices, and was last updated 1 day, 3 hours ago by
.
-
Posts
-
Hi All, apologies for asking this and if it’s in the wrong forum. I’m very new to Linux and NoMachine but I do have reasonable experience in a Windows environment. I’m in the process of setting up some laptops for users using Linux Mint for the purpose or remote working. We were previously using Windows 10 but rather than update the hardware for Windows 11 it’s more cost effective to move to Linux. The laptops are no more than a console solely for the purpose of connecting in via [removed] to a Windows desktop.
I use google-authenticator and multiOTP successfully in our Windows environment so want to use the same for the Linux laptops. I can successfully get google-authenticator to work locally on the Linux laptops but when using NoMachine to connect to the Laptops it automatically asks for TOTP codes which always fail. I’ve not setup anything to use google-authenticator in NoMachine it just automatically uses it as soon as the .google_authenticator file is present in the Linux users home directory.
I try to connect with NoMachine and am asked for the TOTP code which fails with “Authentication failed, please try again.”
For information I’m only using NoMachine for laptop setup but could potentially use it for remote support if I can get MFA to work via google authenticator. If it’s possible to get just the Linux desktop logins to require MFA and the NoMachine to use a username and password only this would be acceptable.
Attachments:
Hi,
I’ve not setup anything to use google-authenticator in NoMachine it just automatically uses it as soon as the .google_authenticator file is present in the Linux users home directory.
Indeed, NoMachine does not need any configuration, but you will need to make some changes to the PAM configuration. There is an article in the knowledge base that explains how to set up Google Authenticator with NoMachine https://kb.nomachine.com/AR12L00828#3.2. If you have installed the free version on the server side, after steps 1-3, skip step 4 (which is for SSH connections which are not supported in the free version) and go to step 5 (Enable two-factor authentication for NX protocol.) I’ve linked you to the section dedicated to Google Authenticator directly, but it’s worth reading the earlier sections 1 and 2.
Does that help?
Hi, thanks for the response.
I’ve setup and confirmed google-authenticator works locally with 2 users. I did look at the guide you linked prior to posting here and have the same issue after following the steps specifically point 5. As soon as I add “auth required pam_google_authenticator.so” to the nx file I can’t connect with NoMachine to any user where google-authenticator is enabled. NoMachine prompts for the username and password and I if I use either of the local users it will ask for a verification code which fails every time.
See screenshot of the nx file with “auth required pam_google_authenticator.so” added. Unless I’m missing something else from the PAM config this appears to be all that’s required for Ubuntu?
For reference I’ve also attached a screenshot of the common-auth file incase this is where the issue lies but as said I’m able to connect locally just not via NoMachine.
You must be logged in to reply to this topic. Please login here.