Britgirl

[Britgirl]

Hi,

25510 25510 2023-04-03 13:36:24 398.414 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –isadmin myuser’ with pid ‘25543/25543’ finished with exit code 1 after 0,006 seconds.

‘nxexec’ is checking who the user is, in this case, its --isadmin myuser, and reports a value on the basis of who that user is: ‘0’ for admin, ‘1’ if it is not admin. By the way, this will be “silenced” in version 9 in the NoMachine standard logs.

Your second question…it seems to be a scanning attempt on a non-standard port 62221. NoMachine does not use this port by default. Could it be that this port was previously used by some other service, previously reported as a security issue, and your scanners are checking it?

[Britgirl]

It looks similar to:

USB devices stop working updating from v7 to v8 on Windows
https://kb.nomachine.com/TR12T10708.

For now, what you can do is disable the drivers on Windows. Please follow the instructions here:

How to disable or uninstall NoMachine USB drivers on Windows
https://kb.nomachine.com/AR12O00955

[Britgirl]

Doing so would require that we include the password into the URL, the URL that you need to hand over to permit others to connect to the same server. The password would be then visible to others, for example in the URL bar of the browser or in the “URL file”. We chose to not do so for security concerns. You also say: “I want anyone with access to the URL to be able to open the remote desktop directly from the URL”. But this would also allow anyone with access to the URL to see your password! We are working at this. The simplest solution is to use, for the password, the same “scrambling” algorithm that the Player is using to save the password in the .nxs file, but still the password could be easily “reversed”. I don’t know, we don’t know. This is still to be decided, what do you all in the forums think???

[Britgirl]

Hi, did you also try “Resize remote display” from the menu? Can you send us a screenshot of what you see, and what display modes are selected?

[Britgirl]

NoMachine uses Xwayland to get the cursor shape, but what you are seeing doesn’t depend on us. This is not related to a bug in NoMachine, but the fact that Wayland doesn’t provide a native API. Please see the article we have about using NoMachine with Wayland here:

Notes for connections to Linux physical desktops running Wayland
https://kb.nomachine.com/AR02P00969

in particular section 4).

 

[Britgirl]

Hi timo, sorry for not following up sooner. The logs did not show anything conclusive, so what we would like to do is send you a debug version (which we’re preparing). Would you be willing to try it and extract the logs again?

 

[Britgirl]

Hi, I don’t see a reply from you with images. Did you see the “moderation dialog” when submitting your follow-up? In any case, please submit again.

[Britgirl]

Can you check whether with X.org you have the same issue? Can you send us some screenshots?

[Britgirl]

I am a bit surprised that is the case as I would have assumed that you always can login as long as no one else created a session with the same credentials.

Let’s try and understand better what is not happening/not happening in your case.

Please attach a screenshot of the “User acceptance” section in Security of Server settings of the computer you are connecting to.

Also, tell us what OS and OS version is on that server side, and what NoMachine product you installed there. Thanks.

[Britgirl]

Hi, sorry for taking so long to get back to you. Your need is of course a valid one in the light of how you are using NoMachine (thanks for explaining by the way). We could come up with a “special mode” for your case. But it needs careful thought, also because there are no doubt more of these special cases like yours that we should consider as well.

The main problem is that we don’t know how to “plug”, to “fit” this particular use mode in the normal functioning of NoMachine.  If the special mode was activated (like I explained earlier) you may end up using this computer, configured in this “special mode”, and so be unaware that somebody is “controlling” what you are doing, is watching you working whilst you’re doing your stuff, accessing your private data etc.

A possible way could be to distinguish between players and viewers. Those who are just viewing don’t need to see the notifications, after all they’ve connected to view the game, or they are watching the monitor content, not interacting with it.

Anyway, you’ve certainly given us food for thought and we’ve taken it on board.

[Britgirl]

On Windows the pointer cannot be hidden, because it is drawn by Windows on a lower level which we don’t have access to. On Mac and Linux the pointer is hidden.

[Britgirl]

Hi, right now we don’t support HW encoding on RPi. At the moment, we’re currently working on HW decoding for the Raspberry Pi based on V4L2, though we’re not able to give you an ETA for the decoding functionality. Once that’s added, we’ll then be able to start on HW encoding.

[Britgirl]

Note that the default behaviour is the following: when the system account is the same, NoMachine assumes by default that the connecting user is also the same and performs the automatic migration of the session from one device to the other.  E.g. user A connects. User B logs in from a different device but with the same username and credentials of user A: session closes on the device of user A and it’s re-opened on the device of user B.

What you can do is this if your two users are logging in with the same username: untick the option “Don’t require acceptance if the user logged in as the owner of the desktop” on the NoMachine server side, the machine you are connecting to (see image). The default setting is to not require acceptance when the owner of the desktop logs in. Unticking it means that when the second user connects (who is still the owner given that the account is only one and it is shared with the first), the first user will be asked what he wants to do. When the first user accepts, they will be disconnected and the second user will then be able to log in.

 

Attachments:

1. 

   security-no-acceptance.png
   

[Britgirl]

where different users with personal host machine accounts get locked out of their own account because another user just closed the NX session without first signing out.

I understand you have 2 users, each with their own system account. Getting locked out can happen when the first user does not sign out correctly. I.e they just close the window without logging off from the system.

We have this key in the server.cfg which can help with this. You can force the log out.

#
# Enable or disable the automatic logout of the user from the system
# upon disconnection of the NoMachine session.
#
# 1: Enabled. NoMachine will execute the forcelogout.sh script. The
#    automatic logout can be effective only if the command set in
#    script is appropriate for the system.
#
# 0: Disabled. When disconnecting the NoMachine session, the user is
#    not automatically logged out of the system.
#
#LogoutOnDisconnect 1

 

NoMachine immediately unticks it with no explanation of why.  Likewise if I try and untick “Don’t require acceptance if the user logged in as the owner of the desktop” it won’t let me do that either?

We are not able to reproduce any problems with with tick/unticking of those settings in GUI. We will therefore need logs. Please follow the instructions for your platform in the article here:  https://kb.nomachine.com/DT07S00243. Attachments can be sent via email to forum[at]nomachine[dot]com, making sure to use the title of this topic as the subject of your email. Thanks!

 

[Britgirl]

Thanks for letting us know. We will be updating our article as well 😉

[Author]

Posts