"Authentication failed" connecting to v6.4.6 on Ubuntu 18.04.2 LTS

Forum / NoMachine for Linux / "Authentication failed" connecting to v6.4.6 on Ubuntu 18.04.2 LTS

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #21458
    dhfrx
    Participant

    I installed 6.4.6 on a Linux box running Ubuntu 18.04.2 LTS. When attempting from two other systems to log in to a connection, I get “Authentication failed; please try again.” Both the other systems (one Win10, one Linux Mint 17.2) are running 6.4.6 also.

    I looked in the logs and found “Authentication failed with error 6.” Searching on this led me to a forum entry from March 6,2014 opened by Maccas. This mentioned the  /etc/pam.d/nx  file; I looked at mine (on the Ubuntu 18.04 box) and saw
    auth       include       su
    account    include       su
    password   include       su
    session    include       su

    Following a suggestion in the Maccas post thread, I tried replacing this with

    auth       include       system-auth
    account    include       system-auth
    password   include       system-auth
    session    include       system-auth

    which had no effect.

    Following the procedure in  https://www.nomachine.com/DT10O00163  I gathered the logs – see attached. Any assistance will be appreciated.

     

    #21508
    Cato
    Participant

    Hello dhfrx,

    Is your Ubuntu host part of Active Directory domain? If that’s the case, you are most likely experiencing the problem with AD Group Policy described here:

    https://www.nomachine.com/AR12P01007

    If that’s not the case, please check system authentication log (/var/log/auth.log) for entries referencing nxexec. Could you post auth log messages added during failed authentication attempt? You can also send them to forum[at]nomachine[dot]com.

    #21523
    dhfrx
    Participant

    Tried a new authentication event, then checked  /var/log/auth.log  and found the line

    Feb 20 16:32:07 JN561T2 nxexec: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth

    In  /usr/NX/var/log/nxerror.log  for the same timestamp I found:

    Info: Handler started with pid 2695 on Wed Feb 20 16:31:58 2019.
    Info: Handling connection from 10.14.232.108 port 61193 on Wed Feb 20 16:31:58 2019.
    2714 2714 16:32:07 579 nxexecPAMCheckCredentials: ERROR!Authentication failed with error 6.
    Info: Connection from 10.14.232.108 port 61193 closed on Wed Feb 20 16:32:07 2019.
    Info: Handler with pid 2695 terminated on Wed Feb 20 16:32:07 2019.

    When I entered “ls -l /etc/pam.d/system-auth” I got

    ls: cannot access ‘/etc/pam.d/system-auth’: No such file or directory

    Repeating the command with sudo gave the same response.

    Hope this is helpful.    – dhfrx

     

     

    #21538
    Cato
    Participant

    Hello dhfrx,

    Please, run this command from terminal as root user:

    cp /etc/pam.d/sshd /etc/pam.d/nx

    Reproduce the problem and check again auth.log for nxexec entries.

    #21547
    dhfrx
    Participant

    Ran the  cp  command with sudo, tried again to connect from the Win10 machine, found the following in auth.log:

    Feb 21 17:51:10 JN561T2 nxexec: pam_unix(nx:auth): authentication failure; logname= uid=127 euid=0 tty= ruser= rhost=  user=dfriedman
    Feb 21 17:51:10 JN561T2 nxexec: pam_sss(nx:auth): authentication success; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
    Feb 21 17:51:10 JN561T2 nxexec: pam_sss(nx:account): Access denied for user dfriedman: 6 (Permission denied)
    Feb 21 17:51:10 JN561T2 nxexec: pam_unix(nx:session): session opened for user dfriedman by (uid=127)
    Feb 21 17:51:10 JN561T2 nxexec: pam_unix(nx:session): session closed for user dfriedman

    Hope this helps; thanks for your efforts so far.   – dhfrx

     

    #21557
    Cato
    Participant

    Hello dhfrx,

    So now we can see that the problem is ‘access denied’ from pam_sss.
    Please apply the instructions from:

    https://www.nomachine.com/AR12P01007

    and see if this helps.

    #21567
    dhfrx
    Participant

    Edited  /etc/sssd/sssd.conf  to add the  “ad_gpo_map_network = +nx”  line to the  [sssd}  section (hope this is correct).

    Tried connecting to NoMachine from the Win10 box. Still get “Authentication failed.” Looked at  /var/log/auth.log  and found

    Feb 22 10:24:44 JN561T2 nxexec: pam_unix(nx:auth): authentication failure; logname= uid=127 euid=0 tty= ruser= rhost=  user=dfriedman
    Feb 22 10:24:44 JN561T2 nxexec: pam_sss(nx:auth): authentication success; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
    Feb 22 10:24:44 JN561T2 nxexec: pam_sss(nx:account): Access denied for user dfriedman: 6 (Permission denied)
    Feb 22 10:24:44 JN561T2 nxexec: pam_unix(nx:session): session opened for user dfriedman by (uid=127)
    Feb 22 10:24:44 JN561T2 nxexec: pam_unix(nx:session): session closed for user dfriedman

    Tried adding the  “ad_gpo_map_network = +nx”  command to the  [domain/  ]  section of   /etc/sssd/sssd.conf  as well;

    still get “Authentication failed.” – /var/log/auth.log  again has

    Feb 22 10:36:34 JN561T2 nxexec: pam_unix(nx:auth): authentication failure; logname= uid=127 euid=0 tty= ruser= rhost=  user=dfriedman
    Feb 22 10:36:34 JN561T2 nxexec: pam_sss(nx:auth): authentication success; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
    Feb 22 10:36:34 JN561T2 nxexec: pam_sss(nx:account): Access denied for user dfriedman: 6 (Permission denied)
    Feb 22 10:36:34 JN561T2 nxexec: pam_unix(nx:session): session opened for user dfriedman by (uid=127)
    Feb 22 10:36:34 JN561T2 nxexec: pam_unix(nx:session): session closed for user dfriedman

    Below is a copy of the edited  sssd.conf  file (slightly redacted to remove domain identification):

    [sssd]
    domains = ####
    config_file_version = 2
    services = nss, pam
    override_storage = _
    ad_gpo_map_network = +nx

    [domain/####]
    ad_domain = ####
    krb5_realm = ####
    realmd_tags = manages-system joined-with-adcli
    cache_credentials = True
    id_provider = ad
    krb5_store_password_if_offline = True
    default_shell = /bin/bash
    ldap_id_mapping = True
    use_fully_qualified_names = False
    fallback_homedir = /home/%u
    access_provider = ad
    ad_gpo_map_network = +nx

     

    Thanks again for your patience. Please note that I will be away from this setup until March 1.   – dhfrx

    #21635
    dhfrx
    Participant

    I’m back. What additional suggestions can anyone offer?

     

    #21648
    Cato
    Participant

    Hello dhfrx,

    Can you connect to the NoMachine server host using terminal ssh client? Is it possible to establish ssh session for user experiencing the problem with NX? From information gathered so far, it appears that the host is part of the domain. What exact technology do you use? Is it Windows AD, LDAP server or something else? If this is Windows AD, did you make sure that domain group policy settings like, NetworkLogonRight are properly set in domain controller? Does the problem affect all domain users or just this one specific user?

    #21656
    dhfrx
    Participant

    Yes, I am able to ssh into the NoMachine server box. Is this helpful? As for what domain technology is used here, I don’t know but I can try to find out.

    #21657
    dhfrx
    Participant

    Well, surprise! I updated NX on the Ubuntu server box to 6.5.6 and was able to connect from the client. Go figure. So that solves my problem. Thanks for the suggestions – if it happens again, I’ll have some ideas on where to look.   – dhfrx

    #21719
    Britgirl
    Keymaster

    Great news! Thanks for letting us know 🙂

Viewing 12 posts - 1 through 12 (of 12 total)

This topic was marked as solved, you can't post.