Steve92

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 37 total)
  • Author
    Posts
  • in reply to: How to delete a group of nodes #52351
    Steve92
    Participant

    Hi !

    Thanks, the rules are well deleted but

    sudo /etc/NX/nxserver --nodegroupdel Nodes_Group_01

    gives

    NX> 500 ERROR: Invalid command: '–-nodegroupdel'

    What’s wrong ?

    Regards,

    Steve.

    in reply to: Inverse connection and node public key #52350
    Steve92
    Participant

    Hi!

    So the symetric encryption key is not encrypted with public key of the node stored in

    /var/NX/nx/.nx/config/authorized.crt

    ?

    How is the symetric encryption key protected during exchange ?

    I’ve noticed sometimes the public key of a node is deleted from  /var/NX/nx/.nx/config/authorized.crt when a node is deleted but it doesn’t seem to be done in a systematic way.

    When exactly a public key is deleted from  /var/NX/nx/.nx/config/authorized.crt file ?

    Is it the same logic when the node is deleted from UI or with the command line ?

    Thanks,

    Regards,

    Steve.

     

     

     

     

     

     

     

    in reply to: SSO between Enterprise Client and ECS #52271
    Steve92
    Participant

    Hi!

    When I  try to connect ECS from Enterprise Client with Kerberos MS SSPI, I get this error in session log.

    What could be the prob’ ?

    Thanks,

    Steve.

    —–

    sspi_init_sec_context_test: Authentication mechanism ‘Kerberos’ is not supported.

    ssh_sspi_error: The target was not recognized.

    ssh_sspi_error: The requested security package does not exist.

    ssh_sspi_error: The requested security package does not exist.

    ssh_sspi_indicate_mech: ERROR! No more mechanisms.

    12612 14116 17:08:09 620 NXGssapiPrepareMech: ERROR! Cannot indicate mech.

    ialized session at 0x0000000003cf10a0.

    12128 5448 2025-03-14 17:07:43 513.591 ClientSession: Starting session at 0x0000000003cf10a0.

    12128 5448 2025-03-14 17:07:43 515.416 ClientSession: Going to start session ‘C:\Users\xyz\Documents\NoMachine\ECS RIE KERB.nxs’.

    12128 5448 2025-03-14 17:07:43 532.196 Connection: Initializing connection at 0x0000000007786370.

    12128 5448 2025-03-14 17:07:43 537.183 Connection: Initialized connection at 0x0000000007786370.

    12128 5448 2025-03-14 17:07:43 537.183 Connection: Starting connection at 0x0000000007786370.

    12128 5448 2025-03-14 17:07:43 537.183 ClientDaemonConnector: Starting a new connection to host ‘w.x.y.z’ on port ‘4000’.

    12128 5448 2025-03-14 17:07:43 538.672 Connection: Started connection at 0x0000000007786370.

    12128 5448 2025-03-14 17:07:43 538.672 ClientSession: Started session at 0x0000000003cf10a0.

    Info: Slave server running with pid 16608.

    Info: Listening to slave connections on port 35299.

    Info: Connection to w.x.y.z port 4000 started at 17:07:43 553.232.

    12128 5448 2025-03-14 17:07:43 555.304 Main: Entering the GUI event loop.

    12128 14132 2025-03-14 17:07:44 841.855 ClientSession: A valid certificate for this server was found.

    12128 14132 2025-03-14 17:08:09 620.348 DaemonLogin/DaemonLogin: ERROR! Gss oid not specified.

    Error: Gss oid not specified.

    12128 19952 2025-03-14 17:08:09 623.362 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.

    12128 19952 2025-03-14 17:08:09 623.362 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 22, ‘Invalid argument’.

    Warning: Connection to w.x.y.z port 4000 failed at 17:08:09 623.362.

    Warning: Error is 22, ‘Invalid argument’.

    12128 5448 2025-03-14 17:08:09 624.553 Connection: Connection at 0x0000000007786370 failed.

    12128 5448 2025-03-14 17:08:09 624.553 ClientSession: Runnable at 0x0000000007786370 caused the session at 0x0000000003cf10a0 to fail.

    12128 5448 2025-03-14 17:08:09 624.553 ClientSession: Failing reason is ‘Impossible de se connecter au serveur.

    L’erreur est 22 : Argument non valable’.

    12128 5448 2025-03-14 17:08:09 636.440 ClientSession: Stopping session at 0x0000000003cf10a0.

    12128 5448 2025-03-14 17:08:09 659.110 ClientSession: Destroying display client.

     

    in reply to: SSO between Enterprise Client and ECS #52207
    Steve92
    Participant

    Hi
    Any idea ?

    in reply to: Same RSA keys pair for many nodes? #52206
    Steve92
    Participant

    Hi
    Yes, it would be for inverse connection cases.

    in reply to: High RAM usage #52200
    Steve92
    Participant

    Hi,

    After reboot RAM usage is much more reasonable.

    But I’d like advice to size the RAM.

    How much RAM is needed on ECS for:

    – 10 concurent users ?
    – 20 concurrent users ?
    – 50 concurrent users ?

    From what number a cluster is advised ?

    Thanks,

    Regards,

    Steve.

    in reply to: High RAM usage #52166
    Steve92
    Participant

    Thanks for this more recent link but alas it doesn’t deal with ECS sizing.

     

    in reply to: How to know who is using Enterprise Desktop ? #52165
    Steve92
    Participant

    Hi,

    No guest desktop sharing.

    Thanks for taking into account this idea.

    Steve.

    in reply to: SSO between Enterprise Client and ECS #52131
    Steve92
    Participant

    Hi
    All settings are in Windows 11 registry.(No krk5… Files)
    I suppose I’ve to use ksetup ?

    Thanks
    Steve

    in reply to: High RAM usage #52079
    Steve92
    Participant
    in reply to: NoMachine client portable version ? #51972
    Steve92
    Participant

    Hi,

    I found this in a 1-year-old post on Reddit:

    “If you want to install NoMachine Enterprise client on Windows, it works and you dont need admin rights.
    If you are having user that does not have admin rights NoMachine Enterprise client will install in your home folder and you can use it to connect to the other machines.”

    Please, could you confirm this statement ?

    Thanks.

    Regards,

    Steve.

    Steve92
    Participant

    Hello,

    Ansible could be an interesting solution.

    But for the moment, could you please confirm owner, group and permissions, created manually, are OK on the following files and folders of this ECS machine ?

    [my_user@ECSDR ~]$ pwd
    /home/my_user
    [my_user@ECSDR ~]$ ls -al
    total 116
    drwx——. 17 my_user my_user  4096 26 nov.  11:06 .
    drwxr-xr-x. 11 root     root       149 21 janv. 15:27 ..
    drwx——. 30 my_user my_user  4096 11 févr. 10:44 .nx

    [my_user@ECSDR ~]$ ls -al .nx
    total 44
    drwx——. 30 my_user my_user  4096 11 févr. 10:44 .
    drwx——. 17 my_user my_user  4096 26 nov.  11:06 ..
    drwx——.  2 my_user my_user    63  3 févr. 17:57 config

    [my_user@ECSDR ~]$ ls -al .nx/config
    total 24
    drwx——.  2 my_user my_user   63  3 févr. 17:57 .
    drwx——. 30 my_user my_user 4096 11 févr. 10:44 ..
    -rw——-.  1 my_user my_user  982  3 févr. 13:38 authorized.crt

    Thanks,
    Regards,
    Steve.

    • This reply was modified 1 month ago by Britgirl.
    • This reply was modified 3 weeks, 1 day ago by fisherman.
    Steve92
    Participant

    Hello,

    Nothing like

    sudo /etc/NX/nxserver --keyadd /home/user/node.localhost.id_rsa.pub

    but to update

    <user’s home>/.nx/config/authorized.crt

    instead of /var/NX/nx/.nx/config/authorized.crt ?

    On ECS, I’ve noticed that some users don’t have the folders <user’s home>/.nx/config

    When <user’s home>/.nx is created ?

    Thanks,

    Regards,

    Steve.

    in reply to: ECS without running X server #51266
    Steve92
    Participant

    Hello,

    It was actually a PAM (SELinux, Pluggable Authentication Modules) configuration problem.

    The VM I was given for the POC has security hardening (I didn’t know that… but it’s a good thing to have a POC configuration matching the aimed one).

    I solved the problem by following NoMachine – Troubleshooting LDAP And PAM Issues On Linux For Connections By NX Protocol – Knowledge Base

    SSH access was OK so I used its PAM config file:

    cp /etc/pam.d/nx /etc/pam.d/nx.ori
    cp /etc/pam.d/sshd /etc/pam.d/nx

    Now, access from “!M Client” to ECS is OK with all protocols (SSH, NX & HTTPS). I can add nodes from the client module.

    The nx and sshd PAM config files are now the same.

    Do I need to do more testing to validate the solution ?

    Thanks and happy new year !

    Regards,

    Steve.

    in reply to: ECS without running X server #51189
    Steve92
    Participant

    Hello,

    I reinstalled ECS twice on Linux RHEL 9.5 VM (SSH command line access) but I still have a serious authentication problem.

    $ hostnamectl

     Static hostname: wxyz.ptg (anonymized)

           Icon name: computer-vm

    Operating System: Red Hat Enterprise Linux 9.5 (Plow)

         CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos

              Kernel: Linux 5.14_xxx

        Architecture: x86-64

     Hardware Vendor: VMware, Inc.

      Hardware Model: VMware7,1

    Firmware Version: xxx

     

    Install is OK:

    $ groups

    w123456-a wheel

    $ sudo rpm -ivh nomachine-enterprise-cloud-server_8.14.2_1_x86_64.rpm

    NX> 700 Installing nxserver version: 8.14.2.

    NX> 700 Installing nxwebplayer version: 8.14.2.

    NX> 700 Server install completed with warnings.

    NX> 700 Please review the install log for details.

    NX> 700 Installation completed at: Mon, 23 Dec 2024 15:36:31.

    NX> 700 NoMachine was configured to run the following services:

    NX> 700 NX service on port: 4000

    NX> 700 HTTPS service on port: 4443

    The 2 warnings are about printing and audio backends not detected (it”s normal).

    Just after this “fresh” install;

    [w123456-a@wxyz ~]$ /usr/NX/bin/nxexec –auth

    Username:w123456-a

    Password:********************

    8537 8537 15:38:09 165 nxexecPAMCheckCredentials: ERROR! Authentication failed.

    8537 8537 15:38:09 166 nxexecPAMCheckCredentials: Error code ‘6’, ‘Permission denied’.

    Login failed.

    From “!M Client” I added 3 connections (SSH, NX, HTTPS) to ECS.

    Today none of them is OK => it gives “authentication failure”

    On friday, SSH connection was OK, I was able to pass ECS login phase and access “Manage” button to create nodes. It’s crazy !

     

    I can’t send you the whole log files fo security reasons, but only small parts.

    Could you tell me what strings should I grep in the logs to help you to understand the problem ?

     

    Here are some abstacts I  found in nxserver.log after having activated “debug mode”:

    SSH from “!M client”

    6889 6889 15:27:12 898 nxexecPAMCheckCredentials: ERROR! Authentication failed.

    6889 6889 15:27:12 898 nxexecPAMCheckCredentials: Error code ’10’, ‘User not known to the underlying authentication module’.

    NX from “!M client”

    $ sudo grep -i wrong /usr/NX/var/log/nxserver.log

    Info: Handling connection from 10.11.12.13 port 64460 on Mon Dec 23 11:38:26 2024.

    38882 38882 11:41:09 603 nxexecPAMCheckCredentials: ERROR! Authentication failed.

    38882 38882 11:41:09 603 nxexecPAMCheckCredentials: Error code ‘6’, ‘Permission denied’.

    35465 35465 2024-12-23 11:41:09 607.868 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –auth’ with pid ‘38882/38882’ finished with exit code 1 after 2,161 seconds.

    35465 35465 2024-12-23 11:41:09 608.811 NXSERVER ERROR! Authentication with ‘NX-password’ from host ‘10.11.12.13’ failed. Error is ‘Wrong password or login’.

    Info: Connection from 10.11.12.13 port 64460 closed on Mon Dec 23 11:41:09 2024.

     

    HTTPS from “!M client” relayed to Edge browser

    Info: Handling connection from 127.0.0.1 port 36070 on Mon Dec 23 11:47:56 2024.

    41412 41412 11:48:07 833 nxexecPAMCheckCredentials: ERROR! Authentication failed.

    41412 41412 11:48:07 834 nxexecPAMCheckCredentials: Error code ‘6’, ‘Permission denied’.

    41365 41365 2024-12-23 11:48:07 837.308 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –auth’ with pid ‘41412/41412’ finished with exit code 1 after 2,513 seconds.

    41365 41365 2024-12-23 11:48:07 837.805 NXSERVER ERROR! Authentication with ‘NX-password’ from host ‘10.11.12.13’ failed. Error is ‘Wrong password or login’.

    Info: Connection from 127.0.0.1 port 36070 closed on Mon Dec 23 11:48:07 2024.

     

    Regards,

    Steve.

     

     

Viewing 15 posts - 1 through 15 (of 37 total)