Forum / NoMachine for Linux / Authenticate NX server with Winbind (Redhat)
- This topic has 3 replies, 2 voices, and was last updated 7 years, 4 months ago by Cato.
-
AuthorPosts
-
July 26, 2017 at 07:24 #15326elad.azaryParticipant
Hi,
In order to authenticate users with Active Directory I’ve configured a redhat instance with Winbind.
Currently AD users can authenticate using ssh, but it doesn’t work with NXClient.
* I can login using ssh public key
I’ve configured a connection on the NXClient using Kerberos authentication, but when I try to access the server with my username I receive the following error:
NXSERVER WARNING! gssOpenAuth: Default kerberos ticket is absent.
NXSERVER ERROR! Sending error message ‘NX> 500 ERROR: Kerberos GSS token is not verified.’
Configuration files:
/etc/pam.d/nx:
auth include su
account include su
password include su
session optional pam_loginuid.so
session include su
/etc/samba/smb.conf:workgroup = MYDOMAIN
password server = dc-server.mydomain.com
realm = MYDOMAIN.COM
security = ads
idmap config * : range = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
kerberos method = secrets only
winbind use default domain = true
winbind offline logon = false
#–authconfig–end-line–
; workgroup = SAMBA
; security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
/etc/nsswitch.conf:
passwd: files sss winbind
shadow: files sss winbind
group: files sss winbind
#initgroups: files sss
/etc/pam.d/sshd:
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
Any other configuration files will be added by request.
Please assist.
August 1, 2017 at 15:06 #15377CatoParticipantHello elad.azary,
When you authenticate using SSH from terminal, is it Kerberos authentication or public-key authentication?
If you used public-key authentication with terminal SSH client so far, please try Kerberos authentication to check if it’s not just Winbind configuration issue.
August 2, 2017 at 08:25 #15383elad.azaryParticipantHi Cato,
Thank you for your reply.
Yes, I managed to authenticate through ssh using Kerberos.
If you are using NoMachine for the same use case can you please share your config files? I want compare them with mine.
Thanks,
August 8, 2017 at 07:15 #15410CatoParticipantHello elad.azary,
Make sure that you start nxplayer on the desktop of user who currently owns a valid Kerberos ticket. You also need to enable Kerberos authentication in /usr/NX/etc/server.cfg on NoMachine server host.
You need to change:
#EnableNXKerberosAuthentication 0
to:
EnableNXKerberosAuthentication 1
If this doesn’t help, gather NoMachine server logs according to
https://www.nomachine.com/DT07M00098#1
and send them to forum[at]nomachine[dot]com.
-
AuthorPosts
This topic was marked as solved, you can't post.