- This topic has 15 replies, 4 voices, and was last updated 6 hours, 47 minutes ago by
.
-
Posts
-
I have several home PCs that I access remotely through NoMachine, which has been a terrific product. I’m as of today on the free home user NoMachine, version 9.0.188. All PCs are running Ubuntu 24.04, GNOME desktop, and my phone is a Pixel 8 pro, Android 16.
Today I upgraded to version 9, installed the phone app, and created an account on my phone. On the PC I want to access remotely, I set Settings/Network/Machine to 2FA enabled. Then when I try to access from a laptop, it says a 2FA notification is requested, but the request does not show up on my phone. I have tried waiting and also tried resending the request. However, if I choose Settings/Network/Login and enable 2FA there, when I log into NoMachine on that PC, I receive the request on my phone and accepting it is necessary to log in. Receiving the request to login suggests that I have properly configured my user account and 2FA, but then why doesn’t it trigger when a remote access event arises?
If I turn off 2FA on Settings/Network/Machine in the remote machine, I have no difficulty accessing the machine. So it isn’t a problem with remote access, just in receiving the 2FA request.
I have my account as a user on all instances of NoMachine, and all of my PCs appear in the list of machines. The PCs are currently all on the same LAN and see each other (showing up in the list of machines). In all cases I use the NX protocol over port 4000.
I’m the only user — I primarily use NoMachine to log into my home PCs when I’m travelling. I also use it to reach the PC that runs Docker since that doesn’t have a monitor, even when I’m home. I love the idea of preventing anyone else from logging in via 2FA — my network is scanned for open ports daily and only ports leading to NoMachine are open. Does it matter that there is only one user?
What else should I try? Thank you.
Just to update you, we have received your email with your User Id details and will come back to you with our findings soon.
We found your machine and User Id paired. This means you approved the pairing request on your phone. We don’t understand why the push notifications are not appearing. Can you send us the logs from the server machine?
– set log level 8 on the server
– restart nxserver
– reproduce the problem
– take logsFor full instructions see here: https://kb.nomachine.com/DT08U00298#1
Also useful would be to see a screenshot (send privately) of Settings -> Network -> Machine.
In the logs you sent it seems that you did not fully pair the target machine with your account. We can see that between timestamps of your pairing request and a later connection request, there were no push notification confirmation responses from any mobile device.
We are going to add some additional logging to our Network back which will allow us to debug further. When that is ready we will ask you to try again. Until then please confirm that you did truly pair the device with the target machine, which is:
– after inserting the email address in the 2FA machine configuration window, you received a push notification on your phone asking you to accept/refuse receiving notifications regarding that machine.
– that you accepted this notification and see a success message.
– then you tried to connect to your computer after you accepted pairing on the phone.
I now have 2FA fully working.
What happened to me was that, when I enabled 2FA for remote login, I would see a notice on my phone that remote login was enabled. It wasn’t obvious to me that I should click on that notice, which then asked me to accept. It is that step — click and accept — that enables the phone to be a 2FA approver. Without that, 2FA is enabled but the phone can’t approve it.
In contrast, when I required 2FA for the machine to login on startup, it was obvious to me to click on the notice, which is why that worked while remote login did not.
I very much appreciate 2FA. My main use case is a machine running Docker for self-hosted services like Frigate. Whether I am at home or travelling, if I need to change something or update that machine, I log in remotely because that machine has no monitor or keyboard and is in an inconvenient location in my home. In order to reach the machine when travelling, I need a port open and I very much appreciate the extra protection that 2FA provides. My only open ports lead to NoMachine; otherwise all packets that are not responses to LAN requests are rejected by the router. 2FA also means that I’m warned about attempts to log in (none so far) and can reject.
Thank you for such an intensive effort to diagnose my difficulty. I expect I will be using NoMachine for many years to come.I am experiencing this same phenomenon: do not receive push notifications and when asking to be re-sent, receive nothing. Happens with both an iPhone client and a MacBook Pro client attempting to connect to a MacMini M1 server.
As to the above:
– after inserting the email address in the 2FA machine configuration window, you received a push notification on your phone asking you to accept/refuse receiving notifications regarding that machine. [Never received]
– that you accepted this notification and see a success message. [No, as never received]
– then you tried to connect to your computer after you accepted pairing on the phone. [Same as above].
Thanks Prestonmcafee for submitting your feedback. I understand that now everything is working correctly, which is good news. We’ll be looking at how to make the “accept pop up” more visible and will analyse how to improve the configuration of 2FA overall, including the wording.
Brian, can you write to us privately to confirm what User Id you are using for the 2FA connection request? We will check to see if there was a pairing request.
@Brian can you please verify that your iPhone is still allowing NoMachine to show notifications? You can check that in Settings > Notifications > NoMachine.
If the system configuration is correct, please try to login to Network in the NoMachine app and verify if you get the notification. If the app awaits for a 2FA confirmation but you still don’t get the notification, login by using your recovery code then, once logged in, disable and enable again the option to receive notifications in NoMachine app > Settings > Network.
Brian, thank you for the data, we’re analyzing it together with some test results on our side.
There is something I didn’t understand, though. Did you try to login to NoMachine Network with your User Id to confirm that you get the 2FA push notification? The user login is not needed to approve connections to your server, but it is just a way to confirm that our service can correctly send push notifications to your device. Thanks.
Yes I realize I don’t need to be logged in to the network with my email to receive 2FA notifications.
However I logged in to see if for some reason I would start to receive 2FA notifications when I try to initiate a session if logged in to the network as opposed to not being logged in….(i.e., something else to try.)
I received the 2FA notification when I was logging in to the network with my email address just fine.
However when attempting to initiate a connection I am unable to receive a 2FA notification on the same phone, irrespective of whether I am or am not logged in to the network with my email address.
Let me know if there is any further insights I can pass along that will help!
Thanks!
Brian
Hi Brian
we got your images and additional info, thanks for that. Something is happening, but our own debugging has not reproduced, so we need the logs from the mac mini server 🙂
– Remove/disable 2FA for the connection on the NoMachine macOS side (Settings > Network > Machine > Two-factor, Change, remove the tick from “require 2FA” box, remove the User Id from the box, click Apply)
– Enable level 9 in Server > Security > Logs and restart the server.
– Enable 2FA for the connection again in Network (Settings > Network > Machine > Two-factor, Change, tick the “require 2FA” box), insert the User Id/NoMachine account, click Apply.
– What should appear is the push-notification I’ve attached (there’s a short version, and then the long version (attached) when you click on the short version).
– Go back to Server > Security and click Take logs. Save and send to us.Attachments:
You must be logged in to reply to this topic. Please login here.