AD authentication on Mac

Forum / NoMachine for Mac / AD authentication on Mac

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • August 26, 2020 at 14:53 #29163
    ccnapier
    Participant

    Hi,

    I am having trouble getting users to connect to Mac if they have never logged into the Mac before.

    • The Mac is AD domain connected, and users are to log in with AD credentials.
    • Running latest evaluation of NoMachine Enterprise Server on Mac Catalina.
    • Attempting connection from Windows 10 Home using latest Enterprise Client.

    Particularly this error appears:
    The session negotiation failed.
    Error: Cannot create session directory: /Users/<username>/.nx Error is: Permission denied.

    The /Users/<username>  path does not exist on the remote device, as the user has never logged in to have it created.

    The same error is seen with NoMachine whether using NX or SSH connection.

    Standard SSH connections (using Putty, etc) work fine.

    I have seen this post, but it doesn’t help me:

    https://forums.nomachine.com/topic/cannot-create-session-directory-2

     

    can log onto a device with an account if the user folder exists, but that requires the user to log on at least once without using NoMachine to ensure the user folders are created.

    Running id <username> in terminal correctly shows the AD uid, gid and groups.

     

    Any ideas of how to overcome this issue? If we can’t resolve this, then we may not be able to use the product!

    August 27, 2020 at 15:12 #29211
    ccnapier
    Participant

    Fixed with this:

    https://www.nomachine.com/TR04R09659

    August 28, 2020 at 09:40 #29217
    og00r
    Contributor

    I’m glad that it helps temporarly, but could you post your configuration that it can be reproduced and fixed correctly? What AD server is used? And is it default configuration on osx? Or something were changed?

    September 3, 2020 at 08:15 #29335
    ccnapier
    Participant

    Fairly straightforward:

    • The device is registered with Active Directory.
    • An AD user is attempting to login to the device.
    • They have never logged in before, so no “profile directory” exists on the device.

    The default settings for NoMachine is to create the .nx file in the /Users/<username> directory. Since they don’t have a profile, this directory doesn’t exist, and so the file fails to be created.

    To resolve this, we change the default settings in the node.cfg:

    UserNXDirectoryPath=”/tmp/nx/”

     

    Do you need any more details?

    September 7, 2020 at 09:57 #29377
    og00r
    Contributor

    Could tell which version of Windows domain server are you using?

    And what values are set on mac osx in users and groups settings:
    Create mobile account
    Force local home directory
    ?

    Did you leave default values or did you edit them?

    September 16, 2020 at 07:43 #29486
    ccnapier
    Participant

    We are using Windows Server 2016 for AD.

    Only settings applied on my test device are:

    • Force local home directory on startup disk
    • Default user shell: /bin/bash
    • Allow authentication from any domain in the forest

    Think was left as default. We don’t change them anywhere in our deployment

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)

This topic was marked as solved, you can't post.