drobson

Forum Replies Created

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • in reply to: Users can’t login in. Error: Not enough X resources #30089
    drobson
    Participant

    Thanks brotech, I’ll try that

    in reply to: Two factor authentication with radius #20878
    drobson
    Participant

    The radius server is NPS.  However, I have come across this which implies that NPS isn’t capable of processing Access-Challenge RADIUS responses.  Therefore phone call and mobile app push notifications should work fine, but neither SMS nor mobile app verification codes (OTPs) will work because we don’t have a way to challenge the user for their OTP, which is the purpose of the Access-Challenge response.

     

    Maybe using ssh rather than nx protocol is the way to go.  I’ll have a play …

    in reply to: Two factor authentication with radius #20867
    drobson
    Participant

    The logs  follow…  The penultimate line shows that nxexec receives a promote from the radius server, but nx doesn’t then produce a dialog box for me to enter the code.

     

     

     

    in reply to: Two factor authentication with radius #20860
    drobson
    Participant

    If I trace the nxserver.bin process during the authentication, I can see that is is receiving a prompt from the radius server.  It just isn’t translating this into a gui entry box

    [pid 24403] write(1, “Enter Your Microsoft verification”…, 39) = 39

     

    in reply to: Two factor authentication with radius #20855
    drobson
    Participant

    I’ve upgraded to NoMachine-Enterprise-Terminal-Server-6.4.6-25.x86_64, and my /etc/pam.d/nx now reads …

    auth       include       su
    auth       required      pam_radius_auth.so retry=3 force_prompt debug
    account    include       su
    password   include       su
    session    optional      pam_loginuid.so
    session    include       su

    i.e, it is as supplied with the rpm, but i have added the pam_radius line.

    However, it acts the same as before.  It prompts for and accepts my Linux prompt, but then just spins in a loop.  It must have talked to our radius server, because I get an authentication code as an SMS message.  However NoMachine does not prompt me for the code.

    Interestingly, although I have the debug code in my pam set up, there is no logging from pam_radius in my syslog, although I do get it when I am using ssh with pam_radius.

    Note, I am using pam_radius-1.4.0-2.el7.x86_64

     

Viewing 5 posts - 1 through 5 (of 5 total)