Using keys on a AD domain issues

Forum / NoMachine for Windows / Using keys on a AD domain issues

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #22362
    neal
    Participant

    I’ve got a company laptop that I’d like to use via NoMachine so I can use my desktop monitors instead of the little laptop screen. Anyways, I have full admin access so I’ve already got NoMachine installed. The issue I have is it’s connected to the Azure domain and we don’t have passwords, it’s a fingerprint or a pin. Since NoMachine can’t use a pin I decided to use rsa keys and have this setup and it works and passes the authentication  but all I get on the client is it’s connecting and that blue spinning wheel. That’s it. It will do this until I stop it and it never gives an error. I didn’t see anything revealing in the client side logs but found interesting logs on the server side. I think there’s something with the fact it’s on a domain as keys work on other servers I have that are not on a domain with the same OS which is Windows 10.

     

    Here are snippets from the logs.

    nxerror.log

    Info: Handling connection from 192.168.1.105 port 38904 on Sat May 18 20:29:10 2019.
    8500 10552 20:29:11 981.264 CheckPrivilege: WARNING! Server couldn’t process request.
    8500 11328 20:29:11 981.264 CheckPrivilegeThread: WARNING! Worker thread failed.
    8500 11328 20:29:11 981.264 HostIsAdmin: ERROR! Failed to check user’s privilege level.
    8500 14024 20:29:11 981.264 CheckPrivilege: WARNING! Server couldn’t process request.
    8500 11328 20:29:11 981.264 CheckPrivilegeThread: WARNING! Worker thread failed.
    8500 11328 20:29:11 981.264 HostIsAdmin: ERROR! Failed to check user’s privilege level.

    nxservice.log

    5268 2400 19:12:27 754.496 GetCachedToken: ERROR! Failed to find access token for user ‘S-1-12-1-1376507095-

    1228866407-3285581199-3209263045’.
    5268 2400 19:12:27 754.496 WriteTokenMessage: ERROR! Writing to client failed.
    5268 2400 19:12:27 754.496 WriteTokenMessage: Error is ‘109’.
    5268 10120 19:12:27 754.496 GetCachedToken: ERROR! Failed to find access token for user ‘S-1-12-1-1376507095-1228866407-3285581199-3209263045’.
    5268 10120 19:12:27 754.496 WriteTokenMessage: ERROR! Writing to client failed.
    5268 10120 19:12:27 754.496 WriteTokenMessage: Error is ‘109’.

    nxswever.log

    2019-05-18 20:29:11 981.264 8500 NXSERVER User ‘AzureAD\Neal’ logged in from ‘192.168.1.105’ using authentication method NX-private-key.
    2019-05-18 21:19:47 029.604 8500 NXSERVER User ‘AzureAD\Neal’ from ‘192.168.1.105’ logged out.
    2019-05-18 21:20:01 176.439 12216 NXSERVER User ‘AzureAD\Neal’ logged in from ‘192.168.1.105’ using authentication method NX-private-key.
    2019-05-18 21:25:51 454.308 12216 NXSERVER User ‘AzureAD\Neal’ from ‘192.168.1.105’ logged out.

    #22375
    Cato
    Participant

    Hello neal,

    NoMachine’s key authentication can’t be used for domain accounts. This limitation comes from the fact that it’s not possible to create domain user’s security context inside LSA (Local Security Authority) module. The alternative which you could use is Kerberos authentication method. However, this can only work if your client machine is part of the domain. We hope to add support for fingerprint authentication on Windows 10 later this year.

Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.