esarmien

Forum Replies Created

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • in reply to: NoMachine privileges escalation vulnerability #7420
    esarmien
    Participant

    Hi NoMachine,

    I’m having trouble understanding this.

    Is this a vulnerability that exists on NoMachine servers which are running nxserver.bin and nxnode.bin? Is this a vulnerability that exists on Cloud Servers or Cloud Nodes? Or is this a vulnerability that only exists on hosts which have the non-enterprise client installed?

    Best,

    Evan

     

    in reply to: Redirect rules to nodes do not work #4342
    esarmien
    Participant

    Hi Haven,

    That doesn’t make any sense. I want to be able to forward specific group of users to a set of terminal nodes.

    I shouldn’t have to make a group called ‘ksg’, and then for every host that isn’t a ‘ksg’ terminal node, run a command, that would be a bit insane. Check this problem out:

    I have the following nodes:

    ksg6-1

    ksg6-2

    rce6-1

    rce6-2

     

    If I want the group ksg to be able to access ksg6-1 and ksg6-2, but not rce6-1 and rce6-2, I have to say

    nxserver –ruleadd –class=node –type=rce6-1.hmdc.harvard.edu:4000 –value=no –group=ksg

    nxserver –ruleadd –class=node –type=rce6-2.hmdc.harvard.edu:4000 –value=no –group=ksg

    But, what happens if I add more rce nodes, like rce6-3? I have to continue to add these rules, why can’t I do something like this?

    nxserver –ruleadd –class=node –type=ksg6-1.hmdc.harvard.edu:4000 –value=only –group=ksg

    nxserver –ruleadd –class=node –type=ksg6-2.hmdc.harvard.edu:4000 –value=only –group=ksg

     

    Where ‘only’ means that that group is only allowed to access ksg6-1 and ksg6-2

    And why don’t NX groups get automatically populated with LDAP groups? That doesn’t make any sense either.

     

    Best,

    Evan

     

    in reply to: Confusing Button: My Desktops/All Desktops #3829
    esarmien
    Participant

    Thank you both for considering this suggestion. I’m glad that you’re considering coming up with a better label that communicates desktop view. In the meantime, I understand you can disable desktop sharing. However, we do not want to disable desktop sharing for all users. Administrative users in the group admin should be able to connect to others’ desktops if our users so request. Is there a configuration option whereby I can disable desktop sharing for certain users and groups?

     

    Thanks,

    Evan

    in reply to: Confusing Button: My Desktops/All Desktops #3814
    esarmien
    Participant

    Hi Britgirl,

    I understand that your interface was built over a long period of time, with a lot of input and testing. I think I may have a really easy solution to address this. Can you simply *change* the label of the button? For example, when you are viewing ‘My Sessions’ the label says ‘All Sessions’, such that it is obvious what action that button performs. Even better, could you add a verb to the label? ‘View My Sessions’, ‘View All Sessions’ ? That would be an easy solution I hope.

    Again, thanks for your help

    Best,

    Evan

    esarmien
    Participant

    Works. Thanks!

    in reply to: Printer sharing working in Windows, not OS X? #3575
    esarmien
    Participant

    Hi ADP,

    Thanks for this. I updated my NoMachine client to the latest 4.2.22_2 and it worked. D’oh!

    Best,

    Evan

    in reply to: Unable to –nodeadd NX protocol #3576
    esarmien
    Participant

    Haven,

    Actually, from what I have written it is clear that port 4000 is not blocked. Check this out:

    esarmien@rce6-portal-1.hmdc.harvard.edu

    └─[~]> telnet rce6-1.priv 4000

    Trying 10.0.0.98…

    Connected to rce6-1.priv.

    Escape character is ‘^]’.

    ^]q

    telnet> q

    Connection closed.

    I can see here that rce6-1.priv:4000 (NX) is accepting connections, now I try to use openssl req to grab the cert

    ┌─[esarmien@rce6-portal-1.hmdc.harvard.edu]

    └─[~]>openssl s_client -connect rce6-1.priv.hmdc.harvard.edu:4000

    CONNECTED(00000003)

    140383579920200:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:

    no peer certificate available

    No client certificate CA names sent

    SSL handshake has read 0 bytes and written 263 bytes

    New, (NONE), Cipher is (NONE)

    Secure Renegotiation IS NOT supported

    Compression: NONE

    Expansion: NONE

    This is the weird part. Apparently it has no certificate?

    I can actually use NXClient and connect directly to rce6-1.priv:4000 and achieve a session, but I am not able to –nodeadd.

    Best,

    Evan

    in reply to: Printer sharing working in Windows, not OS X? #3538
    esarmien
    Participant

    I’m running 4.2.22_2 and I am still unable to print in OS X. Has this actually been fixed?

     

    Best,

    Evan

     

Viewing 8 posts - 1 through 8 (of 8 total)