- This topic has 12 replies, 2 voices, and was last updated 6 years ago by
.
-
Posts
-
Hello,
I have a situation in which my configuration works well on Mac clients, but not at all on Windows clients.
In server.cfg:
EnableNXClientAuthentication 1
AcceptedAuthenticationMethods NX-password,NX-private-key
On Mac, both auth schemes work. On Windows, neither works, but setting:
EnableNXClientAuthentication 0
fixes password authentication.
Any ideas? So far I haven’t found anything I could have missed, and the setup works when the client is a Mac.
Hi,
Did you go through the instructions on how to configure NoMachine to use SSL client authentication? https://www.nomachine.com/AR10M00866
I went through them myself on a mix of platforms just to make sure everything is working properly.
The key EnableNXClientAuthentication enabling support SSL client authentication and it is disabled by default. Setting the value of this key to 1 causes that only clients with the added certificate on the server are able to connect (which is explained there: https://www.nomachine.com/FR09M02964).
Yes, I followed the server setup instructions, and both password and NX authentication work when connecting from a Mac. When connecting from Windows, password authentication errors out with “Connection lost” without ever being prompted for the username or password. When connecting from Windows, NX authentication errors out with “Error 5: Input/output error.”
I have two problems:
Using the same version of the software, the same nx_client_rsa_key file, and the same session file, Mac works, Windows doesn’t.
When I set EnableNXClientAuthentication to 0, password authentication starts working. Why?
With debugging up to 7, nothing in the logs indicates what might be wrong with the setup, which is in a way unsurprising since it’s working on Mac.
Hello,
The error messages you see in the Player appear when the client’s certificate is not accepted on the server. Could you try to look for similar entries on server side logs? There may be such errors in nxerror.log:65245 6659 16:40:04 116.519 Encryptor/Encryptable: ERROR! Certificate not found in ‘/Library/Application Support/NoMachine/var/nx/.nx/config/server.crt’..
65245 6659 16:40:04 116.589 Encryptor/Encryptable: ERROR! Failed to authorize the client certificate.If you have such entries, please make sure if everything is correctly set on the client and server side. If adding your client’s certificate, you have considered its IP address, maybe it’s worth checking if it is up-to-date.
Hello,
Thanks for your reply. I generated new keys and a new server.crt file for this test:
Here is nxerror.log:
355 507 16:13:54 531.155 ServerNetworkInfoHandler: WARNING! Obtaining network data failed.
Info: Handler started with pid 839 on Thu Nov 8 16:15:09 2018.
Info: Handling connection from 192.168.56.2 port 53353 on Thu Nov 8 16:15:09 2018.
839 851 16:15:15 101.381 Encryptor/Encryptor: ERROR! Decryption read from BIO pending 126 wpending 7 retry 0.
839 851 16:15:15 101.420 Encryptor/Encryptor: ERROR! Decryption read from BIO failed in context [D].
Error: Decryption read from BIO failed in context [D].
839 851 16:15:15 101.444 Channel/Channel: WARNING! Runnable DaemonReader failed for FD#5.
839 851 16:15:15 101.452 Channel/Channel: WARNING! Error is 74, ‘Bad message’.
Warning: Connection from 192.168.56.2 port 53353 failed on Thu Nov 8 16:15:15 2018.
Warning: Connection error is 74, ‘Bad message’.
Info: Handler with pid 839 terminated on Thu Nov 8 16:15:15 2018.
The first line of server.crt is:
Host:
We weren’t able to reproduce problem, but we would like to investigate the issue further. What version of NoMachine do you have on the client and server side? We strongly recommend using the latest packages.
Could you send us the logs from server and client side? The certificate ‘server.crt’ from your Mac may also be helpful. Please send them to forum[at]nomachine[dot]com.
Instructions about collecting logs you can find here: https://www.nomachine.com/DT10O0016
Thank you for files that you sent to us, we are investigating them. We would also like to take a look at the client side files. Could you reproduce failed connection again, pack the whole .nx folder from your Windows and send it to us?
Folder .nx is placed, for example, in C:/Users/username/.nx
Please send us also ‘server.crt’ file which is located on the server side in /var/NX/nx/.nx/config
Thank you for the files you sent us. It seems that your private key and certificate are missing on client side. Could you place nx_client_rsa_key and nx_client_rsa_key.crt to C:\Users\Fred\.nx\config and try to connect again?
Hello,
I followed your suggestion to put the key into to the .nx\cofig folder. At that point, I still could not connect, the error was “Cannot accept key.”
Using the client interface, I reimported the key into my session file, this time using .nx\config\nx_client_rsa_key instead of Downloads\nx_client_rsa_key which I had done previously. This is the working formula — I am able to connect with the keys, no password.
All is well, thanks for your help!
This topic was marked as solved, you can't post.