Forum / NoMachine for Linux / Google 2-factor authentication not working for NoMachine
- This topic has 7 replies, 3 voices, and was last updated 6 years, 12 months ago by Solidcore87.
-
AuthorPosts
-
August 25, 2017 at 10:43 #15596Solidcore87Participant
Any help would be much appreciated. I have been using NoMachine with google 2-factor authenticator for about a year to connect to my home Linux workstation. I recently upgraded my workstation from Debian 8 to 9, and a few weeks later I’m in able to connect with 2fa. I can enter my name and password, then prompted for my 2fa code, use my 6 digit code, and it tells me the code is wrong. I reinstalled both NoMachine and libpam-google-authenticator on my workstation, then reinstalled the Google 2fa app on my phone. Still not able to authenticate on multiple devices with 2fa. This is both local in the LOAN and over WAN via my ddns forward.
Work so solid for a full year now will only work with a user name/password combo. No 2fa which was a big selling point for me to use this solution over WAN. But, I’m not sure if this is an issue with NoMachine or google-authenticator?
I followed these instructions here to set it up and reinstall.
September 6, 2017 at 07:40 #15682CatoParticipantHello Solidcore87,
It’s highly unlikely that your problem with google authenticator comes from NoMachine. Did you check if it’s possible to authenticate with authenticator code using different service, e.g. SSH? Can you check for presence of .google_authenticator~ file in user’s home directory? It’s known that if this file exists, it can prevent the authentication.
September 19, 2017 at 08:15 #15820Solidcore87ParticipantI will test 2fa with ssh tomorrow, no .google_authenticator~
So I notice now testing if I remove the 2fa line from the nx Pam config then I can log in fine with username/password. If I add the 2fa line back in the nx Pam I can’t log in with username/password, it errors with
“Authentication failed, please try again. When joining a domain, don’t forget to specify the username as domain\user.”
I don’t have s domain set and only one user account on the computer.
September 20, 2017 at 09:09 #15825Solidcore87ParticipantTested with ssh and 2fa. That works fine with my google authenticator.
I then turned off the google 2fa in nx pam file. Logged in with my username (manny) and password fine; sends me right to my desktop.
I then turned back on 2fa in the nx pam file, tried to log in and it failed; telling me this here “authentication failed, please try again”. (Now, this is a different error then it has been telling me. Which has been “Authentication failed, please try again. When joining a domain, don’t forget to specify the username as domain\user.” This device is not part of a domain at all.)
After the last failed login I checked the logs at “/usr/NX/var/log/nxserver.log”. Which tells me>
768 2017-09-19 20:29:55 340.626 3025 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –auth’ with pid ‘3047/3047’ finished with exit co de 1 after 1,911 seconds.
769 2017-09-19 20:29:55 341.362 3025 NXSERVER ERROR! Error while trying to authenticate user: manny using authentication method passw ord. NXNssUserManager::auth returned 1
770 2017-09-19 20:29:55 341.933 3025 NXSERVER ERROR! wrong ‘nxexec authentication’ for user ‘manny’ from ‘10.0.0.77’.
771 2017-09-19 20:29:55 342.199 3025 NXSERVER ERROR! Sending error message ‘NX> 404 ERROR: Wrong password or Login.’
772 2017-09-19 20:30:17 025.940 3051 NXSERVER WARNING! Cannot write to FD#8.
773 2017-09-19 20:30:17 026.353 3051 NXSERVER WARNING! Error is: 32, ‘Broken pipe’.
774 2017-09-19 20:30:17 026.937 3051 NXSERVER ERROR! username is not in the expected format.
September 20, 2017 at 15:33 #15829CatoParticipantHello Solidcore87,
Start terminal as non-root user, enter ‘/usr/NX/bin’ directory and run ‘./nxexec –auth’ command. This will start authentication process. Can you successfully authenticate here? Gather the output of command, remember to obscure sensitive information. Additionally, gather NoMachine server logs according to https://www.nomachine.com/DT07M00098#1. Send logs and command output to forum[at]nomachine[dot]com.
October 10, 2017 at 08:47 #16011Solidcore87ParticipantSorry about the late response. I will be collecting the log files in the next few days.
Thank you for working with me. I really would like this working.
October 10, 2017 at 09:03 #16015BritgirlKeymasterWe’ll monitor for logs from you 🙂
October 16, 2017 at 08:28 #16058Solidcore87ParticipantWas able to get it working. Loaded a backup of my pam.d folder and it’s now working. I think it was the “required” parameter in the nx Pam file.
-
AuthorPosts
This topic was marked as solved, you can't post.