Forum / NoMachine for Mac / AD authentication on Mac
- This topic has 5 replies, 2 voices, and was last updated 4 years, 1 month ago by ccnapier.
-
AuthorPosts
-
August 26, 2020 at 14:53 #29163ccnapierParticipant
Hi,
I am having trouble getting users to connect to Mac if they have never logged into the Mac before.
- The Mac is AD domain connected, and users are to log in with AD credentials.
- Running latest evaluation of NoMachine Enterprise Server on Mac Catalina.
- Attempting connection from Windows 10 Home using latest Enterprise Client.
Particularly this error appears:
The session negotiation failed.
Error: Cannot create session directory: /Users/<username>/.nx Error is: Permission denied.The /Users/<username> path does not exist on the remote device, as the user has never logged in to have it created.
The same error is seen with NoMachine whether using NX or SSH connection.
Standard SSH connections (using Putty, etc) work fine.
I have seen this post, but it doesn’t help me:
https://forums.nomachine.com/topic/cannot-create-session-directory-2
I can log onto a device with an account if the user folder exists, but that requires the user to log on at least once without using NoMachine to ensure the user folders are created.
Running id <username> in terminal correctly shows the AD uid, gid and groups.
Any ideas of how to overcome this issue? If we can’t resolve this, then we may not be able to use the product!
August 27, 2020 at 15:12 #29211ccnapierParticipantFixed with this:
August 28, 2020 at 09:40 #29217og00rContributorI’m glad that it helps temporarly, but could you post your configuration that it can be reproduced and fixed correctly? What AD server is used? And is it default configuration on osx? Or something were changed?
September 3, 2020 at 08:15 #29335ccnapierParticipantFairly straightforward:
- The device is registered with Active Directory.
- An AD user is attempting to login to the device.
- They have never logged in before, so no “profile directory” exists on the device.
The default settings for NoMachine is to create the .nx file in the /Users/<username> directory. Since they don’t have a profile, this directory doesn’t exist, and so the file fails to be created.
To resolve this, we change the default settings in the node.cfg:
UserNXDirectoryPath=”/tmp/nx/”
Do you need any more details?
September 7, 2020 at 09:57 #29377og00rContributorCould tell which version of Windows domain server are you using?
And what values are set on mac osx in users and groups settings:
Create mobile account
Force local home directory
?Did you leave default values or did you edit them?
September 16, 2020 at 07:43 #29486ccnapierParticipantWe are using Windows Server 2016 for AD.
Only settings applied on my test device are:
- Force local home directory on startup disk
- Default user shell: /bin/bash
- Allow authentication from any domain in the forest
Think was left as default. We don’t change them anywhere in our deployment
-
AuthorPosts
This topic was marked as solved, you can't post.