Forum Replies Created
-
AuthorPosts
-
CatoParticipant
Hello elad.azary,
When you authenticate using SSH from terminal, is it Kerberos authentication or public-key authentication?
If you used public-key authentication with terminal SSH client so far, please try Kerberos authentication to check if it’s not just Winbind configuration issue.
CatoParticipantHello antonioking,
Please follow these instructions to help us understand your issue:
1. Open terminal on your Mac OS X host on some other non-root account. Check if ‘su <problematic_user_name>’ command
works correctly.2. Recreate the issue, and collect sever-side logs from Mac host according to
https://www.nomachine.com/DT07M00098#2
In terminal, from root account run: ‘grep nxexec /var/log/system.log > nxexec.log’.
Send NoMachine server logs and nxexec.log file to forum[at]nomachine[dot]com.CatoParticipantHello RiTides,
Please, check if lsass.exe process is running in protected mode.
To do so:
1. Download and install Process Explorer using this link:
https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx
2. Start Process Explorer as Administrator.
3. Double click on lsass.exe process and check the value of ‘Protected’.
If lsass is NOT working in protected mode gather the logs using this instructions:
https://www.nomachine.com/DT07M00098
and send them to forum[at]nomachine[dot]com.
If lssass is working in protected mode, you can completely uninstall Avast antivirus, or you can try to use alternative antivirus software. From what we know, NoMachine works fine with AVG antivirus when ‘Disable antivirus self protection’ option is used.
CatoParticipantHello jmartinze,
Please, make sure that you performed system reboot after installation.
If the problem still persists:
1. Gather NoMachine logs using this guide: https://www.nomachine.com/DT07M00098.
2. Check the value of ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa’
registry key.3. Check if ‘nxlsa’ module is loaded correctly using Process Explorer:
– Download and install package from https://technet.microsoft.com/pl-pl/sysinternals/processexplorer.
– Start Process Explorer as Administrator.
– Click on ‘Find’ and ‘Find handle or DLL’. Type ‘nxlsa’ in search box.
If the module is correctly loaded, search result will show that module belongs to ‘lsass.exe’ process.
Send logs, value of registry key and result of ‘nxlsa’ query to forum[at]nomachine[dot]com.
CatoParticipantHello Joel9576,
I suspect that default user profile on your host might be corrupted. You can try to create few user accounts and check if it’s possible to login on their desktops. If you experience any problems, please refer to this Stack Overflow thread:
https://superuser.com/questions/947398/cant-login-with-new-local-users-in-windows-10
CatoParticipantHello Joel9576,
We provided you with patched version fixing issue with unavailable descriptor, described in this thread: https://www.nomachine.com/forums/topic/error-descriptor-fd_____-not-available
In logs you recently sent we found another issue. It’s not possible to obtain home directory for ‘nx’ user. In past such problem occurred when Windows hosts were part of Active Directory and NoMachine was installed on Domain Controlled (Windows Server). Is this a case in your setup? Can you uninstall NoMachine on Domain Controller and reinstall NoMachine on hosts on which you experience problems?
CatoParticipantHello piotr,
We can try to extract more information from memory dumps generated during lsass.exe crash. You should be able to find them in ‘C:/Windows/Minidump/‘. We’re interested in recent *dmp file.
Please contact us via email at forums[at]nomachine[dot]com on details about uploading memory dump. Include link to forum thread in subject.
In the meantime, you can uninstall nxlsa module, if you don’t need server’s functionalities.
This command needs to be executed with Administrator’s rights:\bin\nxservice64.exe –uninstall nxlsa
Problems with lsass should be gone after reboot.
CatoParticipantHello chiamarc,
Please gather client side logs after failed authentication attempt, following these instructions:
https://www.nomachine.com/DT07M00098
It would also be helpful to see the content of ‘/etc/pam.d’ directory.
Send logs and tar archive of ‘/etc/pam.d’ to forums[at]nomachine[dot]com.CatoParticipantHello,
Please, check thread:
https://www.nomachine.com/forums/topic/nomachine-not-starting
and verify if you’re experiencing:
CatoParticipantHello Joel9576,
Please make sure that you started ProcessExplorer as Administrator, when it’s launched without rights elevation it doesn’t correctly report protection mode.
In case you rule out protection level as potential source of problems, send us server-side logs gathered according to these instructions:https://www.nomachine.com/DT07M00098
Send them to forum[at]nomachine[dot]com
CatoParticipantHello esan123,
We created trouble report for your issue:
https://www.nomachine.com/TR03O07676
We’re intensively working on solution, you can follow the state of TR.
CatoParticipantHello esan123,
What kind of antimalware software do you use, if any? We’re aware of problems with NoMachine when lsass.exe system service runs in protected mode which is often enabled by installation of antimalware applications.
To verify that this happens in your case:
1. Download and install Process Explorer using this link:
https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx
2. Start Process Explorer as Administrator.
3. Double click on lsass.exe process anc check the value of ‘Protected’
CatoParticipantHello milosg,
We need logs from your NoMachine server machine. Please, use these instructions:
https://www.nomachine.com/DT07M00098, and send them to forum[at]nomachine[dot]com.Excerpts which were provided by you suggest that NoMachine fails to start nxnode process, because it can’t validate user. If you use some specific technology for user management, like LDAP or Active Directory, it’s possible that you need to adjust ‘/etc/nsswitch.conf’ file to include alternative sources of user information.
CatoParticipantHello basmati,
As you noted, authentication succeeds, login fails at account validation. If you are authenticating against Active Directory it’s worth checking security settings on Domain Controller. Perhaps user or one of groups to which user belongs is denied logon to host.
You can also try to replace content of /etc/pam.d/nx with content of /etc/pam.d/sshd. It appears to me that sshd PAM configuration might not include pam_sss in account stack. If this is the case, be aware that some account management functionalities, like password reset, won’t be present any more.
January 11, 2017 at 12:04 in reply to: Where do I set the path to nxclient working directory? #13491CatoParticipantHello barth,
Your issue could be solved in two ways:
1. Allowing access of nxnode process to user’s home directory.
2. Using alternative location for ‘.nx’ directory.
First method:
We need to establish why nxnode is denied access. Are you using AFS, NFS or any other specific file system? You stated that directory is not accessible by root. This shouldn’t matter because nxnode process runs on behalf of connected user. The only exception is when session is started for root himself. In such case nxnode runs impersonating nx user. If you use AFS perhaps you experience this bug:
https://www.nomachine.com/TR10N07275
Check if updating NoMachine helps.
Second method:
We’ve got feature allowing to configure ‘.nx’ directory location:
https://www.nomachine.com/FR01E01592&fn=UserNXDirectoryPath
Note: In article USER_NX_DIRECTORY_PATH key is mentioned, the proper key name is UserNXDirectoryPath.
-
AuthorPosts