Ahh! I think I may have just realized what was going wrong on Friday: the ssh-rsa key had not been added to ~/.ssh/known_hosts for the localhost hostname. So when FreeNX was trying to log into localhost as the user, ssh was prompting for whether to add that key to the known_hosts file. This morning, while testing the login to localhost, I added the key without thinking about it.<br>
Hope this helps someone else in the future.<br><br>Will Keaney<br><br><div class="gmail_quote">On Mon, Aug 31, 2009 at 8:47 AM, William Keaney <span dir="ltr"><<a href="mailto:keaneyw@gmail.com">keaneyw@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I don't know what's changed since Friday, but it's working this morning. I didn't change any configs, or reboot the server. Weird.<br>
<br>Thanks for your suggestions.<br><br>Will Keaney<div><div></div><div class="h5"><br><br><div class="gmail_quote">
On Sat, Aug 29, 2009 at 12:06 PM, Verner Kjærsgaard <span dir="ltr"><<a href="mailto:vk@os-academy.dk" target="_blank">vk@os-academy.dk</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<br>
<a href="mailto:chris@ccburton.com" target="_blank">chris@ccburton.com</a> skrev:<br>
<div><div></div><div>><br>
><br>
> William Keaney <<a href="mailto:keaneyw@gmail.com" target="_blank">keaneyw@gmail.com</a>> wrote on 28/08/2009 18:42:46:<br>
><br>
>> Hello,<br>
>><br>
>> I have a CentOS 5.3 server on which I have installed FreeNX 0.7.3.<br>
>> This machine has been bound to our Active Directory, and users are<br>
>> able to successfully authenticate against AD when logging into it.<br>
>> However, when I connect to the FreeNX service, it logs me in as the<br>
>> 'nx' user. I would like FreeNX to authenticate user names against<br>
>> AD as well, and to log them into the appropriate accounts after<br>
>> connecting. I have found a few guides and howtos that seem mostly<br>
>> outdated, and none actually cover the aspect of getting FreeNX<br>
>> itself to use AD for authentication.<br>
>> Does anyone know if/how I can make this happen?<br>
>><br>
>> Thank you for your help, and for a really great tool.<br>
><br>
><br>
> Most of us try to avoid active directory, including me !!<br>
><br>
><br>
> Do you have sshd_config set up to authenticate using pam (UsePAM yes)????<br>
><br>
><br>
> It sounds like AD is all set up in /etc/pam.d/system-auth and<br>
> /etc/nsswitch.conf and working.<br>
><br>
><br>
><br>
> The nx user is used ONLY to set up a tunnel over Openssh using a dsa key<br>
> and to run /usr/bin/nxserver.<br>
><br>
> /usr/bin/nxserver then logs in the user via another ssh session to<br>
> localhost using PasswordAuthentication which you therefore must ensure<br>
> is also enabled in sshd_config.<br>
><br>
> so<br>
><br>
> I'm not sure what you mean by FreeNX logging you in as 'nx' user !!<br>
><br>
><br>
> Try logging in locally on the server as the remote user, USING ssh TO<br>
> LOCALHOST AND PASSWORD authentication.<br>
><br>
> This will test if the user works over ssh against AD.<br>
><br>
> chris<br>
><br>
><br>
>><br>
>> Will<br>
> Keaney________________________________________________________________<br>
>> Were you helped on this list with your FreeNX problem?<br>
>> Then please write up the solution in the FreeNX Wiki/FAQ:<br>
>><br>
>> <a href="http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ" target="_blank">http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ</a><br>
>><br>
>> Don't forget to check the NX Knowledge Base:<br>
>> <a href="http://www.nomachine.com/kb/" target="_blank">http://www.nomachine.com/kb/</a><br>
>><br>
>> ________________________________________________________________<br>
>> FreeNX-kNX mailing list --- <a href="mailto:FreeNX-kNX@kde.org" target="_blank">FreeNX-kNX@kde.org</a><br>
>> <a href="https://mail.kde.org/mailman/listinfo/freenx-knx" target="_blank">https://mail.kde.org/mailman/listinfo/freenx-knx</a><br>
>> ________________________________________________________________<br>
><br>
><br>
</div></div>> ------------------------------------------------------------------------<br>
<div>><br>
> ________________________________________________________________<br>
> Were you helped on this list with your FreeNX problem?<br>
> Then please write up the solution in the FreeNX Wiki/FAQ:<br>
><br>
> <a href="http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ" target="_blank">http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ</a><br>
><br>
> Don't forget to check the NX Knowledge Base:<br>
> <a href="http://www.nomachine.com/kb/" target="_blank">http://www.nomachine.com/kb/</a><br>
><br>
> ________________________________________________________________<br>
> FreeNX-kNX mailing list --- <a href="mailto:FreeNX-kNX@kde.org" target="_blank">FreeNX-kNX@kde.org</a><br>
> <a href="https://mail.kde.org/mailman/listinfo/freenx-knx" target="_blank">https://mail.kde.org/mailman/listinfo/freenx-knx</a><br>
> ________________________________________________________________<br>
<br>
</div>I once made it work...only I don't recall all details.<br>
One thing though...if the login is in the form of<br>
<br>
user\domain<br>
<br>
then remember to double the backslash a ka<br>
<br>
user\\domain<br>
<br>
- if it's of any help...<br>
<br>
<br>
--<br>
------------------------------<br>
Med venlig hilsen/Best regards<br>
<font color="#888888">Verner Kjærsgaard<br>
</font><div><div></div><div>________________________________________________________________<br>
Were you helped on this list with your FreeNX problem?<br>
Then please write up the solution in the FreeNX Wiki/FAQ:<br>
<br>
<a href="http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ" target="_blank">http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ</a><br>
<br>
Don't forget to check the NX Knowledge Base:<br>
<a href="http://www.nomachine.com/kb/" target="_blank">http://www.nomachine.com/kb/</a><br>
<br>
________________________________________________________________<br>
FreeNX-kNX mailing list --- <a href="mailto:FreeNX-kNX@kde.org" target="_blank">FreeNX-kNX@kde.org</a><br>
<a href="https://mail.kde.org/mailman/listinfo/freenx-knx" target="_blank">https://mail.kde.org/mailman/listinfo/freenx-knx</a><br>
________________________________________________________________<br>
</div></div></blockquote></div><br>
</div></div></blockquote></div><br>