Forum Replies Created
-
Posts
-
The radius server is NPS. However, I have come across this which implies that NPS isn’t capable of processing Access-Challenge RADIUS responses. Therefore phone call and mobile app push notifications should work fine, but neither SMS nor mobile app verification codes (OTPs) will work because we don’t have a way to challenge the user for their OTP, which is the purpose of the Access-Challenge response.
Maybe using ssh rather than nx protocol is the way to go. I’ll have a play …
The logs follow… The penultimate line shows that nxexec receives a promote from the radius server, but nx doesn’t then produce a dialog box for me to enter the code.
If I trace the nxserver.bin process during the authentication, I can see that is is receiving a prompt from the radius server. It just isn’t translating this into a gui entry box
[pid 24403] write(1, “Enter Your Microsoft verification”…, 39) = 39
I’ve upgraded to NoMachine-Enterprise-Terminal-Server-6.4.6-25.x86_64, and my /etc/pam.d/nx now reads …
auth include su
auth required pam_radius_auth.so retry=3 force_prompt debug
account include su
password include su
session optional pam_loginuid.so
session include sui.e, it is as supplied with the rpm, but i have added the pam_radius line.
However, it acts the same as before. It prompts for and accepts my Linux prompt, but then just spins in a loop. It must have talked to our radius server, because I get an authentication code as an SMS message. However NoMachine does not prompt me for the code.
Interestingly, although I have the debug code in my pam set up, there is no logging from pam_radius in my syslog, although I do get it when I am using ssh with pam_radius.
Note, I am using pam_radius-1.4.0-2.el7.x86_64