July 26, 2017 at 07:24 #15326elad.azaryParticipant
In order to authenticate users with Active Directory I’ve configured a redhat instance with Winbind.
Currently AD users can authenticate using ssh, but it doesn’t work with NXClient.
* I can login using ssh public key
I’ve configured a connection on the NXClient using Kerberos authentication, but when I try to access the server with my username I receive the following error:
NXSERVER WARNING! gssOpenAuth: Default kerberos ticket is absent.
NXSERVER ERROR! Sending error message ‘NX> 500 ERROR: Kerberos GSS token is not verified.’
auth include su
account include su
password include su
session optional pam_loginuid.so
session include su
workgroup = MYDOMAIN
password server = dc-server.mydomain.com
realm = MYDOMAIN.COM
security = ads
idmap config * : range = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
kerberos method = secrets only
winbind use default domain = true
winbind offline logon = false
; workgroup = SAMBA
; security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
passwd: files sss winbind
shadow: files sss winbind
group: files sss winbind
#initgroups: files sss
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
Any other configuration files will be added by request.
Please assist.August 1, 2017 at 15:06 #15377CatoParticipant
When you authenticate using SSH from terminal, is it Kerberos authentication or public-key authentication?
If you used public-key authentication with terminal SSH client so far, please try Kerberos authentication to check if it’s not just Winbind configuration issue.August 2, 2017 at 08:25 #15383elad.azaryParticipant
Thank you for your reply.
Yes, I managed to authenticate through ssh using Kerberos.
If you are using NoMachine for the same use case can you please share your config files? I want compare them with mine.
Thanks,August 8, 2017 at 07:15 #15410CatoParticipant
Make sure that you start nxplayer on the desktop of user who currently owns a valid Kerberos ticket. You also need to enable Kerberos authentication in /usr/NX/etc/server.cfg on NoMachine server host.
You need to change:
If this doesn’t help, gather NoMachine server logs according to
and send them to forum[at]nomachine[dot]com.
This topic was marked as solved, you can't post.