ECS without running X server

[Steve92]

Hello,

I have questions about an ECS on Linux RHEL 9.5 environment.

Q1 – Must ECS have a running X server since it’s just a tunneling device ?

Q2- When I try to access an ECS without running X server and without created nodes attached (I’m waiting for route opening), is it normal to get a “connection to server lost“ error and, at 2nd attempt, “authentication failed” error  ?

I would have expected something like “No running X server, connection to the physical display is not possible” error.

Thanks,

Regards,

Steve.

[Bilbotine]

Hello Steve92,

Q1 – no, a running X server is not needed if that ECS machine is only a gateway.

Q2 – can you send us the logs (server side) so we can investigate deeper ? Please send the via email, to forum[at]nomachine[dot]com, making sure to reference the topic as the subject of the email.

If needed, here’s the procedure to collect NoMachine logs: NoMachine – Collect Server And Client Logs Manually – Knowledge Base

Best regards

[Steve92]

Hello,

I reinstalled ECS twice on Linux RHEL 9.5 VM (SSH command line access) but I still have a serious authentication problem.

$ hostnamectl

 Static hostname: wxyz.ptg (anonymized)

       Icon name: computer-vm

Operating System: Red Hat Enterprise Linux 9.5 (Plow)

     CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos

          Kernel: Linux 5.14_xxx

    Architecture: x86-64

 Hardware Vendor: VMware, Inc.

  Hardware Model: VMware7,1

Firmware Version: xxx

 

Install is OK:

$ groups

w123456-a wheel

$ sudo rpm -ivh nomachine-enterprise-cloud-server_8.14.2_1_x86_64.rpm

…

NX> 700 Installing nxserver version: 8.14.2.

NX> 700 Installing nxwebplayer version: 8.14.2.

NX> 700 Server install completed with warnings.

NX> 700 Please review the install log for details.

NX> 700 Installation completed at: Mon, 23 Dec 2024 15:36:31.

NX> 700 NoMachine was configured to run the following services:

NX> 700 NX service on port: 4000

NX> 700 HTTPS service on port: 4443

The 2 warnings are about printing and audio backends not detected (it”s normal).

Just after this “fresh” install;

[w123456-a@wxyz ~]$ /usr/NX/bin/nxexec –auth

Username:w123456-a

Password:********************

8537 8537 15:38:09 165 nxexecPAMCheckCredentials: ERROR! Authentication failed.

8537 8537 15:38:09 166 nxexecPAMCheckCredentials: Error code ‘6’, ‘Permission denied’.

Login failed.

From “!M Client” I added 3 connections (SSH, NX, HTTPS) to ECS.

Today none of them is OK => it gives “authentication failure”

On friday, SSH connection was OK, I was able to pass ECS login phase and access “Manage” button to create nodes. It’s crazy !

 

I can’t send you the whole log files fo security reasons, but only small parts.

Could you tell me what strings should I grep in the logs to help you to understand the problem ?

 

Here are some abstacts I  found in nxserver.log after having activated “debug mode”:

SSH from “!M client”

6889 6889 15:27:12 898 nxexecPAMCheckCredentials: ERROR! Authentication failed.

6889 6889 15:27:12 898 nxexecPAMCheckCredentials: Error code ’10’, ‘User not known to the underlying authentication module’.

NX from “!M client”

$ sudo grep -i wrong /usr/NX/var/log/nxserver.log

Info: Handling connection from 10.11.12.13 port 64460 on Mon Dec 23 11:38:26 2024.

38882 38882 11:41:09 603 nxexecPAMCheckCredentials: ERROR! Authentication failed.

38882 38882 11:41:09 603 nxexecPAMCheckCredentials: Error code ‘6’, ‘Permission denied’.

35465 35465 2024-12-23 11:41:09 607.868 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –auth’ with pid ‘38882/38882’ finished with exit code 1 after 2,161 seconds.

35465 35465 2024-12-23 11:41:09 608.811 NXSERVER ERROR! Authentication with ‘NX-password’ from host ‘10.11.12.13’ failed. Error is ‘Wrong password or login’.

Info: Connection from 10.11.12.13 port 64460 closed on Mon Dec 23 11:41:09 2024.

 

HTTPS from “!M client” relayed to Edge browser

Info: Handling connection from 127.0.0.1 port 36070 on Mon Dec 23 11:47:56 2024.

41412 41412 11:48:07 833 nxexecPAMCheckCredentials: ERROR! Authentication failed.

41412 41412 11:48:07 834 nxexecPAMCheckCredentials: Error code ‘6’, ‘Permission denied’.

41365 41365 2024-12-23 11:48:07 837.308 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –auth’ with pid ‘41412/41412’ finished with exit code 1 after 2,513 seconds.

41365 41365 2024-12-23 11:48:07 837.805 NXSERVER ERROR! Authentication with ‘NX-password’ from host ‘10.11.12.13’ failed. Error is ‘Wrong password or login’.

Info: Connection from 127.0.0.1 port 36070 closed on Mon Dec 23 11:48:07 2024.

 

Regards,

Steve.

 

 

[Bilbotine]

Hello Steve,

It looks like the issue is related to your system/authentication configuration.

NoMachine is based on its own PAM configuration, and if you let us know how your configured your system, we can understand better what is wrong.

Can you also tell us if you are able to authenticate using SSH ?

 

[Steve92]

Hello,

It was actually a PAM (SELinux, Pluggable Authentication Modules) configuration problem.

The VM I was given for the POC has security hardening (I didn’t know that… but it’s a good thing to have a POC configuration matching the aimed one).

I solved the problem by following NoMachine – Troubleshooting LDAP And PAM Issues On Linux For Connections By NX Protocol – Knowledge Base

SSH access was OK so I used its PAM config file:

cp /etc/pam.d/nx /etc/pam.d/nx.ori
cp /etc/pam.d/sshd /etc/pam.d/nx

Now, access from “!M Client” to ECS is OK with all protocols (SSH, NX & HTTPS). I can add nodes from the client module.

The nx and sshd PAM config files are now the same.

Do I need to do more testing to validate the solution ?

Thanks and happy new year !

Regards,

Steve.

[Author]

Posts