Authenticate NX server with Winbind (Redhat)

Forum / NoMachine for Linux / Authenticate NX server with Winbind (Redhat)

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #15326


    In order to authenticate users with Active Directory I’ve configured a redhat instance with Winbind.

    Currently AD users can authenticate using ssh, but it doesn’t work with NXClient.

    * I can login using ssh public key

    I’ve configured a connection on the NXClient using Kerberos authentication, but when I try to access the server with my username I receive the following error:

    NXSERVER WARNING! gssOpenAuth: Default kerberos ticket is absent.

    NXSERVER ERROR! Sending error message ‘NX> 500 ERROR: Kerberos GSS token is not verified.’


    Configuration files:


    auth       include       su

    account    include       su

    password   include       su

    session    optional

    session    include       su

    workgroup = MYDOMAIN

    password server =

    realm = MYDOMAIN.COM

    security = ads

    idmap config * : range = 16777216-33554431

    template homedir = /home/%U

    template shell = /bin/bash

    kerberos method = secrets only

    winbind use default domain = true

    winbind offline logon = false



    ;       workgroup = SAMBA

    ;       security = user


    passdb backend = tdbsam


    printing = cups

    printcap name = cups

    load printers = yes

    cups options = raw



    passwd:     files sss winbind

    shadow:     files sss winbind

    group:      files sss winbind

    #initgroups: files sss




    auth       include      system-auth

    account    required

    account    include      system-auth

    password   include      system-auth

    session    optional force revoke

    session    include      system-auth

    session    required


    Any other configuration files will be added by request.


    Please assist.


    Hello elad.azary,

    When you authenticate using SSH from terminal, is it Kerberos authentication or public-key authentication?

    If you used public-key authentication with terminal SSH client so far, please try Kerberos authentication to check if it’s not just Winbind configuration issue.


    Hi Cato,


    Thank you for your reply.

    Yes, I managed to authenticate through ssh using Kerberos.

    If you are using NoMachine for the same use case can you please share your config files? I want compare them with mine.




    Hello elad.azary,

    Make sure that you start nxplayer on the desktop of user who currently owns a valid Kerberos ticket. You also need to enable Kerberos authentication in /usr/NX/etc/server.cfg on NoMachine server host.

    You need to change:

    #EnableNXKerberosAuthentication 0


    EnableNXKerberosAuthentication 1

    If this doesn’t help, gather NoMachine server logs according to

    and send them to forum[at]nomachine[dot]com.

Viewing 4 posts - 1 through 4 (of 4 total)

This topic was marked as solved, you can't post.