NoMachine provides a default PAM configuration which is suitable for almost all environments. It is based on system's 'su' configuration and can be adjusted according to administrative needs on the system. For example it can be modified to specify the authentication PAM modules in use on the system.
The NoMachine PAM configuration file is: /etc/pam.d/nx
When LDAP users cannot authenticate with NoMachine, we suggest to troubleshoot the problem by following steps below.
Step 1 - Check if the affected user can authenticate by using the SSH protocol.
Step 2 - If yes, try to use the same SSH PAM configuration for connections by NX protocol:
cp /etc/pam.d/nx /etc/pam.d/nx.ori
cp /etc/pam.d/sshd /etc/pam.d/nx
If this helps, you can add the missing PAM configurations to the /etc/pam.d/nx file and restore it.
If neither Step 1 nor Step 2 work, please send to the Support Team:
1) the '/etc/pam.d' directory (if permitted by your company's policies)
2) the output of the following command:
grep -R nxexec /var/log/*
3) The /etc/nsswitch.conf file
4) A full set of logs at debug level from the remote host, as explained here:
Active Directory user cannot authenticate by NX protocol (pam_sss access denied error)
Solving hanging problems during the session creation when the pam_mount module is used