NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR12P01007
Applies to: NX Server Products
Added on: 2018-12-03
Last update: 2018-12-21
Active Directory user cannot authenticate by NX protocol (pam_sss access denied error)

When the NoMachine server host is part of an Active Directory domain and the user is an AD user, attempts to log-in by using the NX protocol fails with 'access denied'. Authentication is succeded but the account validation fails.

System logs report messages like:

auth.log:Nov 27 11:06:37 lt01-lab nxexec: pam_krb5(nx:auth): user nxtest01 authenticated as nxtest01@nomachine.com
auth.log:Nov 27 11:06:37 lt01-lab nxexec: pam_sss(nx:account): Access denied for user nxtest01: 6 (Permission denied)
auth.log:Nov 27 11:06:37 lt01-lab nxexec: pam_unix(nx:session): session opened for user nxtest01 by (uid=117)
auth.log:Nov 27 11:06:38 lt01-lab nxexec: pam_unix(nx:session): session closed for user nxtest01

 

This behavior is strictly related to the fact that the NoMachine nx service is not recognized by the Active Directory Group Policy.

As a workaround, edit the /etc/sssd/sssd.conf file on the system and add the following line:

ad_gpo_map_network = +nx