Forum Replies Created
-
Posts
-
Hi NoMachine,
I’m having trouble understanding this.
Is this a vulnerability that exists on NoMachine servers which are running nxserver.bin and nxnode.bin? Is this a vulnerability that exists on Cloud Servers or Cloud Nodes? Or is this a vulnerability that only exists on hosts which have the non-enterprise client installed?
Best,
Evan
Hi Haven,
That doesn’t make any sense. I want to be able to forward specific group of users to a set of terminal nodes.
I shouldn’t have to make a group called ‘ksg’, and then for every host that isn’t a ‘ksg’ terminal node, run a command, that would be a bit insane. Check this problem out:
I have the following nodes:
ksg6-1
ksg6-2
rce6-1
rce6-2
If I want the group ksg to be able to access ksg6-1 and ksg6-2, but not rce6-1 and rce6-2, I have to say
nxserver –ruleadd –class=node –type=rce6-1.hmdc.harvard.edu:4000 –value=no –group=ksg
nxserver –ruleadd –class=node –type=rce6-2.hmdc.harvard.edu:4000 –value=no –group=ksg
But, what happens if I add more rce nodes, like rce6-3? I have to continue to add these rules, why can’t I do something like this?
nxserver –ruleadd –class=node –type=ksg6-1.hmdc.harvard.edu:4000 –value=only –group=ksg
nxserver –ruleadd –class=node –type=ksg6-2.hmdc.harvard.edu:4000 –value=only –group=ksg
Where ‘only’ means that that group is only allowed to access ksg6-1 and ksg6-2
And why don’t NX groups get automatically populated with LDAP groups? That doesn’t make any sense either.
Best,
Evan
Thank you both for considering this suggestion. I’m glad that you’re considering coming up with a better label that communicates desktop view. In the meantime, I understand you can disable desktop sharing. However, we do not want to disable desktop sharing for all users. Administrative users in the group admin should be able to connect to others’ desktops if our users so request. Is there a configuration option whereby I can disable desktop sharing for certain users and groups?
Thanks,
Evan
Hi Britgirl,
I understand that your interface was built over a long period of time, with a lot of input and testing. I think I may have a really easy solution to address this. Can you simply *change* the label of the button? For example, when you are viewing ‘My Sessions’ the label says ‘All Sessions’, such that it is obvious what action that button performs. Even better, could you add a verb to the label? ‘View My Sessions’, ‘View All Sessions’ ? That would be an easy solution I hope.
Again, thanks for your help
Best,
Evan
Hi ADP,
Thanks for this. I updated my NoMachine client to the latest 4.2.22_2 and it worked. D’oh!
Best,
Evan
Haven,
Actually, from what I have written it is clear that port 4000 is not blocked. Check this out:
esarmien@rce6-portal-1.hmdc.harvard.edu
└─[~]> telnet rce6-1.priv 4000
Trying 10.0.0.98…
Connected to rce6-1.priv.
Escape character is ‘^]’.
^]q
telnet> q
Connection closed.
I can see here that rce6-1.priv:4000 (NX) is accepting connections, now I try to use openssl req to grab the cert
┌─[esarmien@rce6-portal-1.hmdc.harvard.edu]
└─[~]>openssl s_client -connect rce6-1.priv.hmdc.harvard.edu:4000
CONNECTED(00000003)
140383579920200:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 0 bytes and written 263 bytes
—
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
—
This is the weird part. Apparently it has no certificate?
I can actually use NXClient and connect directly to rce6-1.priv:4000 and achieve a session, but I am not able to –nodeadd.
Best,
Evan