Forum Replies Created
-
AuthorPosts
-
CatoParticipant
Hello mcxmar,
With NX protocol it’s only possible to perform PAM-based two-factor authentication. This means that you can only combine authentication methods supported by PAM modules, usually password + authentication code. Here is an article providing examples of two-factor configuration for NX protocol: https://kb.nomachine.com/AR12L00828
CatoParticipantHi,
Please uncomment and set the following key in <NoMachine_install_dir>/etc/server.cfg file on your server host:
#AuthorizationTimeout 30Value represents authentication timeout in seconds. Increase this value to 200 and see if this allows you to start NoMachine session. Sadly, this won’t fix the large delay itself.
CatoParticipantHello jason.rieg,
Start terminal as user your want to authenticate on your server host, cd to <nomachine_install_dir>/bin and run ./nxexec –auth.
Provide username and password as asked for. What’s the command’s output? Does execution take more than 30 seconds?CatoParticipantLogs indicate that nxlsa module was already installed when you attempted to install NoMachine 8.2.3. Please, perform full reinstallation of NoMachine with all necessary reboots. One reboot after uninstallation and one reboot after fresh installation. Does it help?
CatoParticipantTo investigate further we need logs, please follow these instructions explaining logs gathering procedure:
Collect server side logs automatically
https://kb.nomachine.com/DT07S00243Send logs to forum[at]nomachine[dot]com, referencing the topic in the email subject.
CatoParticipantHi,
What’s the output of ‘net user nx’ ran from cmd started as Administrator?
CatoParticipantHello Will,
Does rebooting the system help? What’s the output of <NoMachine>/bin/nxserver.exe –status ran from cmd? Does ProgramData/NoMachine/var/log/nxtrace.log exist, if so, what’s the content of this file?
CatoParticipantHi,
Yes, ‘no_root_squash’ is an export option. What I meant is to mount directory exported with ‘no_root_squash’. It seems that you figured that out for yourself 🙂 Did it help?
CatoParticipantHello RSeJU17Cc4ch,
If your email address is a Microsoft account name NoMachine should work fine with it. The problem might be 2FA. How exactly is this implemented? Is this Microsoft’s 2FA or some third party extension to Windows’ authentication? Can you create local account on your host and see if it’s possible to authenticate with just password?
CatoParticipantHello,
Sorry for late reply. Can you check if mounting user’s home directory with no_root_squash option helps?
October 25, 2022 at 12:43 in reply to: Installation for Active Directory/work-managed machines #40947CatoParticipantHi,
Logs show that ‘nx’ account creation succeeds, but it’s not possible to correctly load user’s profile. It might be due to the aforementioned system administrator restrictions. Other possible cause is corruption of default user profile on your host.You can try to create a few user accounts and check if it’s possible to login on their desktops. If you experience any problems, please refer to this Stack Overflow thread:
https://superuser.com/questions/947398/cant-login-with-new-local-users-in-windows-10
October 21, 2022 at 10:39 in reply to: Installation for Active Directory/work-managed machines #40863CatoParticipantHello andowt,
You mentioned Active Directory SSO, do you mean Azure AD SSO? Error message ‘cannot create home directory of nx user’ suggests that something went wrong during nx account setup. Perhaps the system administrator imposed restrictions preventing normal user from new account creations. To investigate further we need logs, please follow these instructions explaining logs gathering procedure:
Collect server side logs automatically
https://kb.nomachine.com/DT07S00243Send logs to forum[at]nomachine[dot]com, referencing the topic in the email subject.
CatoParticipantSetting EnableNXKerberosAuthentication to 1 should suffice.
CatoParticipantHello fractal-admin,
When krb5 option is used, process accessing mounted directories need to have valid Kerberos credentials. This means that you either need to connect using Kerberos authentication with ‘Forward authentication’ enabled or password authentication with PAM stack for NX procotol configured so that it correctly obtains Kerberos ticket during authentication. The second option only works with virtual desktops.
CatoParticipantNoMachine allows administrative operations to be performed on Linux only by root account or by demonstrating administrative privileges by being able to ‘sudo su’.
-
AuthorPosts