Forum / NoMachine for Linux / "Authentication failed" connecting to v6.4.6 on Ubuntu 18.04.2 LTS
- This topic has 11 replies, 3 voices, and was last updated 5 years, 8 months ago by Britgirl.
-
AuthorPosts
-
February 15, 2019 at 21:14 #21458dhfrxParticipant
I installed 6.4.6 on a Linux box running Ubuntu 18.04.2 LTS. When attempting from two other systems to log in to a connection, I get “Authentication failed; please try again.” Both the other systems (one Win10, one Linux Mint 17.2) are running 6.4.6 also.
I looked in the logs and found “Authentication failed with error 6.” Searching on this led me to a forum entry from March 6,2014 opened by Maccas. This mentioned the /etc/pam.d/nx file; I looked at mine (on the Ubuntu 18.04 box) and saw
auth include su
account include su
password include su
session include suFollowing a suggestion in the Maccas post thread, I tried replacing this with
auth include system-auth
account include system-auth
password include system-auth
session include system-authwhich had no effect.
Following the procedure in https://www.nomachine.com/DT10O00163 I gathered the logs – see attached. Any assistance will be appreciated.
Attachments:
February 20, 2019 at 09:24 #21508CatoParticipantHello dhfrx,
Is your Ubuntu host part of Active Directory domain? If that’s the case, you are most likely experiencing the problem with AD Group Policy described here:
https://www.nomachine.com/AR12P01007
If that’s not the case, please check system authentication log (/var/log/auth.log) for entries referencing nxexec. Could you post auth log messages added during failed authentication attempt? You can also send them to forum[at]nomachine[dot]com.
February 21, 2019 at 13:08 #21523dhfrxParticipantTried a new authentication event, then checked /var/log/auth.log and found the line
Feb 20 16:32:07 JN561T2 nxexec: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
In /usr/NX/var/log/nxerror.log for the same timestamp I found:
Info: Handler started with pid 2695 on Wed Feb 20 16:31:58 2019.
Info: Handling connection from 10.14.232.108 port 61193 on Wed Feb 20 16:31:58 2019.
2714 2714 16:32:07 579 nxexecPAMCheckCredentials: ERROR!Authentication failed with error 6.
Info: Connection from 10.14.232.108 port 61193 closed on Wed Feb 20 16:32:07 2019.
Info: Handler with pid 2695 terminated on Wed Feb 20 16:32:07 2019.When I entered “ls -l /etc/pam.d/system-auth” I got
ls: cannot access ‘/etc/pam.d/system-auth’: No such file or directory
Repeating the command with sudo gave the same response.
Hope this is helpful. – dhfrx
February 21, 2019 at 19:30 #21538CatoParticipantHello dhfrx,
Please, run this command from terminal as root user:
cp /etc/pam.d/sshd /etc/pam.d/nx
Reproduce the problem and check again auth.log for nxexec entries.
February 22, 2019 at 08:57 #21547dhfrxParticipantRan the cp command with sudo, tried again to connect from the Win10 machine, found the following in auth.log:
Feb 21 17:51:10 JN561T2 nxexec: pam_unix(nx:auth): authentication failure; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
Feb 21 17:51:10 JN561T2 nxexec: pam_sss(nx:auth): authentication success; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
Feb 21 17:51:10 JN561T2 nxexec: pam_sss(nx:account): Access denied for user dfriedman: 6 (Permission denied)
Feb 21 17:51:10 JN561T2 nxexec: pam_unix(nx:session): session opened for user dfriedman by (uid=127)
Feb 21 17:51:10 JN561T2 nxexec: pam_unix(nx:session): session closed for user dfriedmanHope this helps; thanks for your efforts so far. – dhfrx
February 22, 2019 at 12:11 #21557CatoParticipantHello dhfrx,
So now we can see that the problem is ‘access denied’ from pam_sss.
Please apply the instructions from:https://www.nomachine.com/AR12P01007
and see if this helps.
February 25, 2019 at 09:01 #21567dhfrxParticipantEdited /etc/sssd/sssd.conf to add the “ad_gpo_map_network = +nx” line to the [sssd} section (hope this is correct).
Tried connecting to NoMachine from the Win10 box. Still get “Authentication failed.” Looked at /var/log/auth.log and found
Feb 22 10:24:44 JN561T2 nxexec: pam_unix(nx:auth): authentication failure; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
Feb 22 10:24:44 JN561T2 nxexec: pam_sss(nx:auth): authentication success; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
Feb 22 10:24:44 JN561T2 nxexec: pam_sss(nx:account): Access denied for user dfriedman: 6 (Permission denied)
Feb 22 10:24:44 JN561T2 nxexec: pam_unix(nx:session): session opened for user dfriedman by (uid=127)
Feb 22 10:24:44 JN561T2 nxexec: pam_unix(nx:session): session closed for user dfriedmanTried adding the “ad_gpo_map_network = +nx” command to the [domain/ ] section of /etc/sssd/sssd.conf as well;
still get “Authentication failed.” – /var/log/auth.log again has
Feb 22 10:36:34 JN561T2 nxexec: pam_unix(nx:auth): authentication failure; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
Feb 22 10:36:34 JN561T2 nxexec: pam_sss(nx:auth): authentication success; logname= uid=127 euid=0 tty= ruser= rhost= user=dfriedman
Feb 22 10:36:34 JN561T2 nxexec: pam_sss(nx:account): Access denied for user dfriedman: 6 (Permission denied)
Feb 22 10:36:34 JN561T2 nxexec: pam_unix(nx:session): session opened for user dfriedman by (uid=127)
Feb 22 10:36:34 JN561T2 nxexec: pam_unix(nx:session): session closed for user dfriedmanBelow is a copy of the edited sssd.conf file (slightly redacted to remove domain identification):
[sssd]
domains = ####
config_file_version = 2
services = nss, pam
override_storage = _
ad_gpo_map_network = +nx[domain/####]
ad_domain = ####
krb5_realm = ####
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
ad_gpo_map_network = +nxThanks again for your patience. Please note that I will be away from this setup until March 1. – dhfrx
March 1, 2019 at 23:55 #21635dhfrxParticipantI’m back. What additional suggestions can anyone offer?
March 4, 2019 at 12:28 #21648CatoParticipantHello dhfrx,
Can you connect to the NoMachine server host using terminal ssh client? Is it possible to establish ssh session for user experiencing the problem with NX? From information gathered so far, it appears that the host is part of the domain. What exact technology do you use? Is it Windows AD, LDAP server or something else? If this is Windows AD, did you make sure that domain group policy settings like, NetworkLogonRight are properly set in domain controller? Does the problem affect all domain users or just this one specific user?
March 5, 2019 at 09:20 #21656dhfrxParticipantYes, I am able to ssh into the NoMachine server box. Is this helpful? As for what domain technology is used here, I don’t know but I can try to find out.
March 5, 2019 at 09:20 #21657dhfrxParticipantWell, surprise! I updated NX on the Ubuntu server box to 6.5.6 and was able to connect from the client. Go figure. So that solves my problem. Thanks for the suggestions – if it happens again, I’ll have some ideas on where to look. – dhfrx
March 12, 2019 at 17:30 #21719BritgirlKeymasterGreat news! Thanks for letting us know 🙂
-
AuthorPosts
This topic was marked as solved, you can't post.