Forum Replies Created
With NX protocol it’s only possible to perform PAM-based two-factor authentication. This means that you can only combine authentication methods supported by PAM modules, usually password + authentication code. Here is an article providing examples of two-factor configuration for NX protocol: https://kb.nomachine.com/AR12L00828
Please uncomment and set the following key in <NoMachine_install_dir>/etc/server.cfg file on your server host:
Value represents authentication timeout in seconds. Increase this value to 200 and see if this allows you to start NoMachine session. Sadly, this won’t fix the large delay itself.
Start terminal as user your want to authenticate on your server host, cd to <nomachine_install_dir>/bin and run ./nxexec –auth.
Provide username and password as asked for. What’s the command’s output? Does execution take more than 30 seconds?
Logs indicate that nxlsa module was already installed when you attempted to install NoMachine 8.2.3. Please, perform full reinstallation of NoMachine with all necessary reboots. One reboot after uninstallation and one reboot after fresh installation. Does it help?
To investigate further we need logs, please follow these instructions explaining logs gathering procedure:
Collect server side logs automatically
Send logs to forum[at]nomachine[dot]com, referencing the topic in the email subject.
What’s the output of ‘net user nx’ ran from cmd started as Administrator?
Does rebooting the system help? What’s the output of <NoMachine>/bin/nxserver.exe –status ran from cmd? Does ProgramData/NoMachine/var/log/nxtrace.log exist, if so, what’s the content of this file?November 18, 2022 at 10:25 in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #41529
Yes, ‘no_root_squash’ is an export option. What I meant is to mount directory exported with ‘no_root_squash’. It seems that you figured that out for yourself 🙂 Did it help?
If your email address is a Microsoft account name NoMachine should work fine with it. The problem might be 2FA. How exactly is this implemented? Is this Microsoft’s 2FA or some third party extension to Windows’ authentication? Can you create local account on your host and see if it’s possible to authenticate with just password?October 26, 2022 at 18:46 in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #41005
Sorry for late reply. Can you check if mounting user’s home directory with no_root_squash option helps?October 25, 2022 at 12:43 in reply to: Installation for Active Directory/work-managed machines #40947
Logs show that ‘nx’ account creation succeeds, but it’s not possible to correctly load user’s profile. It might be due to the aforementioned system administrator restrictions. Other possible cause is corruption of default user profile on your host.You can try to create a few user accounts and check if it’s possible to login on their desktops. If you experience any problems, please refer to this Stack Overflow thread:October 21, 2022 at 10:39 in reply to: Installation for Active Directory/work-managed machines #40863
You mentioned Active Directory SSO, do you mean Azure AD SSO? Error message ‘cannot create home directory of nx user’ suggests that something went wrong during nx account setup. Perhaps the system administrator imposed restrictions preventing normal user from new account creations. To investigate further we need logs, please follow these instructions explaining logs gathering procedure:
Collect server side logs automatically
Send logs to forum[at]nomachine[dot]com, referencing the topic in the email subject.October 4, 2022 at 12:04 in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #40556
Setting EnableNXKerberosAuthentication to 1 should suffice.September 22, 2022 at 10:14 in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #40284
When krb5 option is used, process accessing mounted directories need to have valid Kerberos credentials. This means that you either need to connect using Kerberos authentication with ‘Forward authentication’ enabled or password authentication with PAM stack for NX procotol configured so that it correctly obtains Kerberos ticket during authentication. The second option only works with virtual desktops.May 20, 2022 at 09:42 in reply to: Changing server setting when not allowed to do sudo su #38682
NoMachine allows administrative operations to be performed on Linux only by root account or by demonstrating administrative privileges by being able to ‘sudo su’.