[FreeNX-kNX] NX-client to authenticate against AD?

Verner Kjærsgaard vk at os-academy.dk
Thu Mar 8 11:20:19 UTC 2007


Torsdag 08 marts 2007 11:27 skrev Blindauer Emmanuel:
> On Thursday 08 March 2007 11:23:31 Verner Kjærsgaard wrote:
> > Hi list,
> >
> > - consider this; one standard SuSE10.2 with FreeNX server running. All is
> > good, you can connect from both Linux and Win clients.
> >
> > - now in Yast, set this SuSE host to do authentications against an MS-AD.
> > This works, one may log on users not known to /etc/passwd and so.
> >
> > - from outside one may issue an XDMCP connection, this works as expected,
> > authentication is against AD.
> >
> > - but the nx-client connecting from  outside still (of course) uses the
> > ssh-login mechanism, the server was setup
> > with --install --setup-nomachine-key.
> >
> > How can I make the clients coming from outside using NX-client
> > authenticate against the external AD machine??
>
> Use ssh  authentication.
> If yast has set the system to authenticate against AD, this is probably
> through kerberos or winbind, and pam.d files have ben updated in
> consequence, so ssh should work if using kerberos au PAM.
> This is my setup.
>
> Emmanuel

Hi list and Emmanuel

-thanks for your answer!
- I'm close to getting it working, but not there yet...

Yast was setup to use winbind, I suppose the pam.d files were updated as they 
should be. Anyhow, it's working.

I can use ssh to get access to the SuSE box, but only my local users know 
to /etc/passwd and so forth.

What do you mean by "kerberos au PAM" (what's au, typo?)

From the /var/log/messages I get:
"Accepted publickey for user nx from IP port some-port ssh2"
This is good, but then..:
pam_winbind(sshd:auth): request failed: No such user,PAM error was User not 
known to the underlying authentication modue (10), NT error was 
NT_STATUS_NO_SUCH_USER"



Can you help me any further?


-- 
-------------------------------------------------------------------------
Med venlig hilsen/Best regards
Verner Kjærsgaard




More information about the FreeNX-kNX mailing list