[FreeNX-kNX] FreeNX and Active Directory

William Keaney keaneyw at gmail.com
Mon Aug 31 14:58:15 UTC 2009


Ahh! I think I may have just realized what was going wrong on Friday: the
ssh-rsa key had not been added to ~/.ssh/known_hosts for the localhost
hostname.  So when FreeNX was trying to log into localhost as the user, ssh
was prompting for whether to add that key to the known_hosts file.  This
morning, while testing the login to localhost, I added the key without
thinking about it.
Hope this helps someone else in the future.

Will Keaney

On Mon, Aug 31, 2009 at 8:47 AM, William Keaney <keaneyw at gmail.com> wrote:

> I don't know what's changed since Friday, but it's working this morning.  I
> didn't change any configs, or reboot the server.  Weird.
>
> Thanks for your suggestions.
>
> Will Keaney
>
>
> On Sat, Aug 29, 2009 at 12:06 PM, Verner Kjærsgaard <vk at os-academy.dk>wrote:
>
>>
>>
>> chris at ccburton.com skrev:
>> >
>> >
>> > William Keaney <keaneyw at gmail.com> wrote on 28/08/2009 18:42:46:
>> >
>> >> Hello,
>> >>
>> >> I have a CentOS 5.3 server on which I have installed FreeNX 0.7.3.
>> >> This machine has been bound to our Active Directory, and users are
>> >> able to successfully authenticate against AD when logging into it.
>> >> However, when I connect to the FreeNX service, it logs me in as the
>> >> 'nx' user.  I would like FreeNX to authenticate user names against
>> >> AD as well, and to log them into the appropriate accounts after
>> >> connecting.  I have found a few guides and howtos that seem mostly
>> >> outdated, and none actually cover the aspect of getting FreeNX
>> >> itself to use AD for authentication.
>> >> Does anyone know if/how I can make this happen?
>> >>
>> >> Thank you for your help, and for a really great tool.
>> >
>> >
>> > Most of us try to avoid active directory, including me !!
>> >
>> >
>> > Do you have sshd_config set up to authenticate using pam (UsePAM
>> yes)????
>> >
>> >
>> > It sounds like AD is all set up in /etc/pam.d/system-auth and
>> > /etc/nsswitch.conf and working.
>> >
>> >
>> >
>> > The nx user is used ONLY to set up a tunnel over Openssh using a dsa key
>> > and to run /usr/bin/nxserver.
>> >
>> > /usr/bin/nxserver then logs in the user via another ssh session to
>> > localhost using PasswordAuthentication which you therefore must ensure
>> > is also enabled in sshd_config.
>> >
>> > so
>> >
>> > I'm not sure what you mean by FreeNX logging you in as 'nx' user !!
>> >
>> >
>> > Try logging in locally on the server as the remote user, USING ssh TO
>> > LOCALHOST AND PASSWORD authentication.
>> >
>> > This will test if the user works over ssh against AD.
>> >
>> > chris
>> >
>> >
>> >>
>> >> Will
>> > Keaney________________________________________________________________
>> >>      Were you helped on this list with your FreeNX problem?
>> >>     Then please write up the solution in the FreeNX Wiki/FAQ:
>> >>
>> >>
>> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
>> >>
>> >>          Don't forget to check the NX Knowledge Base:
>> >>                  http://www.nomachine.com/kb/
>> >>
>> >> ________________________________________________________________
>> >>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>> >>       https://mail.kde.org/mailman/listinfo/freenx-knx
>> >> ________________________________________________________________
>> >
>> >
>> > ------------------------------------------------------------------------
>> >
>> > ________________________________________________________________
>> >      Were you helped on this list with your FreeNX problem?
>> >     Then please write up the solution in the FreeNX Wiki/FAQ:
>> >
>> >
>> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
>> >
>> >          Don't forget to check the NX Knowledge Base:
>> >                  http://www.nomachine.com/kb/
>> >
>> > ________________________________________________________________
>> >        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>> >       https://mail.kde.org/mailman/listinfo/freenx-knx
>> > ________________________________________________________________
>>
>> I once made it work...only I don't recall all details.
>> One thing though...if the login is in the form of
>>
>> user\domain
>>
>> then remember to double the backslash a ka
>>
>> user\\domain
>>
>> - if it's of any help...
>>
>>
>> --
>> ------------------------------
>> Med venlig hilsen/Best regards
>> Verner Kjærsgaard
>> ________________________________________________________________
>>     Were you helped on this list with your FreeNX problem?
>>    Then please write up the solution in the FreeNX Wiki/FAQ:
>>
>> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
>>
>>         Don't forget to check the NX Knowledge Base:
>>                 http://www.nomachine.com/kb/
>>
>> ________________________________________________________________
>>       FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>>      https://mail.kde.org/mailman/listinfo/freenx-knx
>> ________________________________________________________________
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20090831/4e0317c3/attachment.html>


More information about the FreeNX-kNX mailing list