Authentication failure for one user Linux

Forum / NoMachine for Linux / Authentication failure for one user Linux

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #10482
    mgda
    Participant

    Fedora 23 with NoMachine  5.1.9_6_x86_64.rpm installed. All users except one can connect to my machine using the NoMachine client.

    Unfortunately, that user is my primary user account. NX=NoMachine

    I can…

    1. NX connect to my box from user accounts that are members of the wheel group.

    2. NX connect to my box from user accounts that are not members of the wheel group.

    3. SSH connect to my box from the user account that I cannot NX connect.

    4. Changing port number 4000 to 22 makes no difference on NX client.

    5. My primary account is a member of the /etc/sudoers group.

    Here is a tail of /etc/NX/var/log/nxserver.log showing what happens when I try to connect with user ‘mgda’.

    2016-03-08 12:47:19 742.852  1590 NXSERVER WARNING! Cannot check WM on display :1024 ENOTTY
    2016-03-08 12:47:19 742.974  1590 NXSERVER WARNING! checkLocalSession: cannot get Xauthority for session on display ‘1024’.
    2016-03-08 12:47:27 374.738 11601 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –auth’ with pid ‘11800/11800’ finished with exit code 1 after 0,142 seconds.
    2016-03-08 12:47:27 374.893 11601 NXSERVER ERROR! Error while trying to authenticate user: mgda using authentication method password. NXNssUserManager::auth returned 1
    2016-03-08 12:47:27 375.008 11601 NXSERVER ERROR! wrong ‘nxexec authentication’ for user ‘mgda’ from ‘172.18.0.18’.
    The user is a domain user. I try to connect using:

    1. mgda

    2. NetBIOS domain name\mgda, i.e., donner\mgda

    3. FQDN\mgda, i.e., corp.mydomain.com\mgda

    All three fail.

    My Fedora 23 box is all up-to-date and is running GNOME…workstation version.

    Yes, I have restarted the ‘nxserver’ service…and rebooted my machine after install.

    #10503
    Cato
    Participant

    Hello mgda,

    Authentication failure is most likely related to PAM configuration.

    Is it possible to authenticate with NX using any other domain account? Since you are able to authenticate via SSH it is possible that SSH PAM cofiguration contains something that is missing in NX (pam_winbind, pam_centrify, pam_krb5…). By default NX protocol includes PAM configuration of ‘su’ command. Is it possible to successfully run ‘su mgda’ from another account? You can also try to backup current NX PAM configuration placed in ‘/etc/pam.d/nx’ and overwrite it with content of ‘/etc/pam.d/sshd’. If that doesn’t help check with UPN name format,
    i.e. mgda@corp.mydomain.com.

    If still no success, please send us output of ‘tail -n 50 /var/log/secure.log’ after failed authentication attempt and content of ‘etc/pam.d’ directory.

    Please submit it to forum[at]nomachine[dot]com.

Viewing 2 posts - 1 through 2 (of 2 total)

Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.