[FreeNX-kNX] NX-client to authenticate against AD? (SOLVED)

Verner Kjærsgaard vk at os-academy.dk
Tue Mar 13 07:55:19 UTC 2007 

Mandag 12 marts 2007 22:41 skrev Fabian Franz:
> > My TODO-list is growing faster than  I can read it :)
>
> Ha ha, love that line.
>
> > So let's start with the beginning.
> > I don't know how suse manages users and AD authentication, but that not
> > really
> > the point here.
> > The starting point is "getent passwd" should give you all users in the
> > AD, and
> > logging into kde and by ssh with an AD-user must work.
>
> Exactly. Make sure normal SSH logins via password do work.
>
> > ENABLE_SSH_AUTHENTICATION="1"
>
> While we are at it, if ssh does not work, but su - does, you can also use
> su -, to make it work.
>
> ENABLE_SSH_AUTHENTICATION="0"
> ENABLE_SU_AUTHENTICATION="1"
>
> Note that then nx user must be in group wheel or similar:
>
> The following should then work
>
> root at host $ sudo -u nx /bin/sh
> nx at host $ su - user
> Password: ******
> user at host $
>
> So now you've plenty to play with ...
>
> cu
>
> Fabian


Dear list, Fabian and Blindauer,

- Thank You.

- First, a line; someone once said: "I just love the swoooozzzchh sound of yet 
another deadline passing by..."

- Don't remember who, though.

I shall dig into your answers - as I certainly do respect your time!
FWIW: I do get the correct answers by issuing "getent passwd". I can indeed 
log in from outside, using ssh and thus using the AD. Works just fine. The 
log output from the Linux server says: pam_winbind(sshd:auth): user 'egon' 
granted acccess and all. Works fine.

In the log, when coming in from outside using the latest NX client, I get:
 sshd[3889]: pam_winbind(sshd:account): request failed, but PAM error 0!
 sshd[3889]: pam_winbind(sshd:account): internal module error (retval = 3, 
user = 'nx')

AND THEN I GET ACCESS!! Oh my God. I didn't change a bloody thing -  come to 
think of it, I REBOOTED windows. Of course, I started this morning by firing 
up the winbox. Must be that.

But your hints regarding the mechanisms helped me understand things. I was 
unaware of the "getent", a great helper here.

Well, thank you. This is a major step forward!



-------------------------------------------------------------------------
Med venlig hilsen/Best regards
Verner Kjærsgaard

More information about the FreeNX-kNX mailing list