[FreeNX-kNX] NX-client to authenticate against AD?

Blindauer Emmanuel freenx at mooby.net
Mon Mar 12 20:33:48 UTC 2007


My TODO-list is growing faster than  I can read it :)

So let's start with the beginning.
I don't know how suse manages users and AD authentication, but that not really 
the point here.
The starting point is "getent passwd" should give you all users in the AD, and 
logging into kde and by ssh with an AD-user must work. It it isn't the case, 
you should set up correctly  nsswitch.conf, pam, winbind at least.

The user "nx" used by freenx is a local account, so it reside in /etc/passwd.
For letting users acces freenx, I use the authentification backend SSH:

ENABLE_SSH_AUTHENTICATION="1"

that's all.



On Thursday 08 March 2007 12:20:19 Verner Kjærsgaard wrote:
> Torsdag 08 marts 2007 11:27 skrev Blindauer Emmanuel:
> > On Thursday 08 March 2007 11:23:31 Verner Kjærsgaard wrote:
> > > Hi list,
> > >
> > > - consider this; one standard SuSE10.2 with FreeNX server running. All
> > > is good, you can connect from both Linux and Win clients.
> > >
> > > - now in Yast, set this SuSE host to do authentications against an
> > > MS-AD. This works, one may log on users not known to /etc/passwd and
> > > so.
> > >
> > > - from outside one may issue an XDMCP connection, this works as
> > > expected, authentication is against AD.
> > >
> > > - but the nx-client connecting from  outside still (of course) uses the
> > > ssh-login mechanism, the server was setup
> > > with --install --setup-nomachine-key.
> > >
> > > How can I make the clients coming from outside using NX-client
> > > authenticate against the external AD machine??
> >
> > Use ssh  authentication.
> > If yast has set the system to authenticate against AD, this is probably
> > through kerberos or winbind, and pam.d files have ben updated in
> > consequence, so ssh should work if using kerberos au PAM.
> > This is my setup.
> >
> > Emmanuel
>
> Hi list and Emmanuel
>
> -thanks for your answer!
> - I'm close to getting it working, but not there yet...
>
> Yast was setup to use winbind, I suppose the pam.d files were updated as
> they should be. Anyhow, it's working.
>
> I can use ssh to get access to the SuSE box, but only my local users know
> to /etc/passwd and so forth.
>
> What do you mean by "kerberos au PAM" (what's au, typo?)
>
> >From the /var/log/messages I get:
>
> "Accepted publickey for user nx from IP port some-port ssh2"
> This is good, but then..:
> pam_winbind(sshd:auth): request failed: No such user,PAM error was User not
> known to the underlying authentication modue (10), NT error was
> NT_STATUS_NO_SUCH_USER"
>
>
>
> Can you help me any further?



More information about the FreeNX-kNX mailing list