Maccas

Forum Replies Created

Viewing 1 post (of 1 total)
  • Author
    Posts
  • in reply to: Authentication failed with error 6 #2738
    Maccas
    Participant

    Just to update this – we discussed this further offline and the developers found the issue is because PAM had been configured to enforce membership of the wheel group to allow su usage. /etc/pam.d/su contained:

    auth required pam_wheel.so use_uid

    The information I received was:

    Our user “nx” is not in the wheel group while this PAM configuration requires
    that nx is in that group to allow authentication working properly.

    We now ship our own /etc/pam.d/nx module which can separate PAM
    configuration that is used by NoMachine from the one used by SU service.

    So, possible solutions are:

    1) Comment out the problematic line in /etc/pam.d/su.

    2) If you don’t want to change the su configuration,  please replace the
    /etc/pam.d/nx module with the file attached to this mail.

    It’s a clean copy of your  “su” configuration file just with the problematic line removed.
    In this way you can use a custom policy only for NoMachine and don’t need to change
    your “su” configuration.  Feel free to edit the nx file according to your needs.

    I wanted this restriction to remain so I created the specific nx module suggested, which contained:

    auth            sufficient      pam_rootok.so
    auth            include         system-auth
    account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
    account         include         system-auth
    password        include         system-auth
    session         include         system-auth
    session         optional        pam_xauth.so

    Can’t fault the developers who responded. Excellent support to help troubleshoot this issue.

Viewing 1 post (of 1 total)