Forum / NoMachine Terminal Server Products / Guest accounts on NoMachine 7.7.4 Terminal Server with failover
- This topic has 2 replies, 2 voices, and was last updated 2 years, 8 months ago by Britgirl.
-
AuthorPosts
-
February 15, 2022 at 16:23 #37538mgreerParticipant
We have been using guest accounts with NoMachine Enterprise Terminal Server with failover version 6.0.66. There are error messages in the logs, but it has worked. We are unfortunately unable to provide the logs, but I’m hoping that you can at least give me instructions that work for you on a NoMachine Enterprise Terminal Server v7.7.4+ with failover.
Both NoMchine instances are running on RHEL 7 for both the enterprise terminal server and the terminal server nodes.
We are trying to set up an instance using 7.7.4, and the nodes are now having issues. When we connect with a guest account, the connection to the enterprise terminal server goes through without any issue. We will see a message ‘Logged in as guestXXXX.
The issue starts once we choose a terminal server node. In the client GUI, we will first see an error ‘BAD PASSWORD: The password contains more than 4 characters of the same class consecutively.’ At this time, the terminal server node logs give us an error:
User guestXXXX does not exist in system.
NXLogin: Cannot retrieve absolute username for user: guestXXXX.
User guestXXXX doesn’t exist in system.
When we try to connect again to the same terminal server node, we may or may not get the bad password error, if we don’t, we get ‘The session negotiation failed. Error: Cannot create /home/guestXXXX.’ On the server node side we get:
Received error message from node ‘localhost:4000′, Cannot create /home/guestXXXX/.nx. Error is permission is denied’.
We have tried setting server.cfg on the terminal server node (even though according to the instructions that should not be necessary) to put the logs in a different wide open folder, and that let’s us start the session. It doesn’t solve the bad password error, but it allows us to put the logs some place and the session will start.
We also tried setting it so all of the server.cfgs on all of the machines have the same settings and this included the guest accounts expiring in 86400 seconds. What we saw was that the enterprise terminal servers expired the guests as expected and started reusing the lower numbers, but we got an error that that guestXXXX account on the terminal server node was expired.
When we then went on the terminal server node and tried to do a user list of guests(/usr/NX/bin/nxserver –userlist –guest), we got:
ERROR: Cannot list guest accounts.
ERROR: Guest users are not permitted on this server.
We can see the guest users by performing:/usr/NX/bin/nxserver –userlist and all the guest accounts appear including those that should have expired based on the results on the enterprise terminal servers.
Trying to do a deletion of those accounts on the terminal server nodes (/usr/NX/bin/nxserver –userdel guestXXXX) gives us the error:
ERROR: Cannot delete guest accounts.
ERROR: Guest users are not permitted on this server.
Currently NoMachine version 7 is unusable for us given these issues. Since I cannot provide the logs, please test the NoMachine Enterprise Terminal Server with failover with the ability to login as a guest and provide instructions I can follow and see if I get different results.
Questions I have:
1. Does the server.cfg file need to be updated and the same on both Enterprise Terminal Server machines?
2. Does the server.cfg file propagate to the nodes (and if so how) or do they also need to be set separately? (We’ve tried both ways and get similar results. Our successful v6 instance included setting the same server.cfg on all nodes in the NoMachine system both terminal server nodes and enterprise terminal servers, but if I read your documentation correctly it sounds like that’s not supposed to be necessary).
3. Is there any way to manage the guests on the terminal server nodes once/if they get out of sync?
4. Why does the guestXXXX account, if it gets created in /home, on the terminal server node get deleted before the expiry date of the guest?
5. What changed between 6 and 7 that made us start having these issues? We were already seeing errors on 6 about Guest users not permitted on this server in the v6 logs.
February 15, 2022 at 18:00 #37549mgreerParticipantAdditional info:
Regarding handling expired guest accounts: On conferring with my colleagues, apparently v6.0.66 also did not delete the guest users, but since the guests.db database was a text based file, we were able to get around that with a cron job that deleted the entries. But since the database is now a redis database, that script no longer works.
It appears that on the enterprise terminal server instances that running
/usr/NX/bin/nxserver --userlist --guest
will trigger deleting expired guest users, but since that command is not working on the terminal server nodes, nothing appears to trigger the deletion of expired guest users.March 24, 2022 at 12:54 #37992BritgirlKeymasterThis topic is related to the issue found here and a fix was officially released in verison 7.9.2 https://knowledgebase.nomachine.com/TR02T10484
-
AuthorPosts
This topic was marked as solved, you can't post.