AD authentication on Mac

Forum / NoMachine for Mac / AD authentication on Mac

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #29163


    I am having trouble getting users to connect to Mac if they have never logged into the Mac before.

    • The Mac is AD domain connected, and users are to log in with AD credentials.
    • Running latest evaluation of NoMachine Enterprise Server on Mac Catalina.
    • Attempting connection from Windows 10 Home using latest Enterprise Client.

    Particularly this error appears:
    The session negotiation failed.
    Error: Cannot create session directory: /Users/<username>/.nx Error is: Permission denied.

    The /Users/<username>  path does not exist on the remote device, as the user has never logged in to have it created.

    The same error is seen with NoMachine whether using NX or SSH connection.

    Standard SSH connections (using Putty, etc) work fine.

    I have seen this post, but it doesn’t help me:


    can log onto a device with an account if the user folder exists, but that requires the user to log on at least once without using NoMachine to ensure the user folders are created.

    Running id <username> in terminal correctly shows the AD uid, gid and groups.


    Any ideas of how to overcome this issue? If we can’t resolve this, then we may not be able to use the product!


    I’m glad that it helps temporarly, but could you post your configuration that it can be reproduced and fixed correctly? What AD server is used? And is it default configuration on osx? Or something were changed?


    Fairly straightforward:

    • The device is registered with Active Directory.
    • An AD user is attempting to login to the device.
    • They have never logged in before, so no “profile directory” exists on the device.

    The default settings for NoMachine is to create the .nx file in the /Users/<username> directory. Since they don’t have a profile, this directory doesn’t exist, and so the file fails to be created.

    To resolve this, we change the default settings in the node.cfg:



    Do you need any more details?


    Could tell which version of Windows domain server are you using?

    And what values are set on mac osx in users and groups settings:
    Create mobile account
    Force local home directory

    Did you leave default values or did you edit them?


    We are using Windows Server 2016 for AD.

    Only settings applied on my test device are:

    • Force local home directory on startup disk
    • Default user shell: /bin/bash
    • Allow authentication from any domain in the forest

    Think was left as default. We don’t change them anywhere in our deployment

Viewing 6 posts - 1 through 6 (of 6 total)

This topic was marked as solved, you can't post.