Forum Replies Created
-
AuthorPosts
-
frogParticipant
Hello,
in order to connect properly the SmartCard device, please follow these steps:
1. Start the NoMachine session.
2. Open the NoMachine menu inside the session (ctrl+alt+0 or click on
the page peel in the upper right corner of the window).
3. In the menu click on Devices -> SmartCards
3. Pick your smardcard and click ‘mount’
4. Inside the NoMachine session open a terminal and paste this command:
pkcs11-tool –module /usr/NX/lib/libpkcs11.so -L
It’s fundamental to run this command inside the session when the smartcard is already connected.
frogParticipantHello,
NoMachine doesnt support keys generated by PuTTYgen, keys need to be in OpenSSH format. One on our user got similar problem with PuTTy, and he wrote solutions for this problem.
https://www.nomachine.com/forums/topic/unable-to-apply-key-authentication#post-10096
Did you check this post? Please make sure your keys in right format, as desribed in his post, here are instructions:
1. Public key in /root/.nx/config/authorized.crt (.nx and .nx/config have 0700 permissions, authorized.crt has 0600 permissions, owner root) should be the same format as in /root/.ssh/authorized_keys:
ssh-rsa AAAA .. in-one-line .. Bis= <comment>
This is the output of PuTTYgen generate window (not the saved file) and is different from SSH / XCA format of the generated public key .crt file. SSH seems to have some setup allowing it to generate the pulic key in this format, but I am not sure about the syntax. The .crt format used to input certificates in browsers and mail clients should not be used:
—–BEGIN CERTIFICATE—–
AAAA..
<<<in-many-lines>>>
..Bis
—–END CERTIFICATE—–
2. In NX client under WIN select Session – Edit – Advanced – Private key – Settings file field: browse for private key file in SSH format, not the file saved by PuTTYgen. Private key file format should be:
—–BEGIN ENCRYPTED PRIVATE KEY—–
MI…
…
/m8=
—–END ENCRYPTED PRIVATE KEY—–
frogParticipantWe received and looked at the logs you sent, however these logs are from a session which isn’t affected by the problem. You also wrote that problem does not occur in new virtual sessions. If you encounter this problem again, please follow instructions that we sent to you. After this contact us and send logs from problematic session. Thanks.
frogParticipantHi, we are unable to reproduce the problem even when replicating your environment. If you are able to, we would like some more information, but you will need to download some debug libraries. Let us know if this is ok and we’ll contact you privately.
frogParticipantTo deal with Software Updates problem inside NX sessions, we prepared article describing Polkit configuration.
frogParticipantFor now NoMachine supports Two Factor Authentication with properly configured Duo Security (only Duo Push method). Here are instructions how to configure server. Instructions can be found also on Duo Security webpage – https://www.duosecurity.com/docs/duounix
1. Log in to the Duo Admin Panel, click add application and pick UNIX Application from list to get integration key, secret key, and API hostname.
2. Install required headers and libraries.
Debian/Ubuntu:
apt-get install libssl-dev
apt-get install libpam-dev
CentOS/RHEL:
yum install openssl-devel
yum install pam-devel
SLES/SUSE:
zypper install libopenssl-devel
zypper install pam-devel3. Download and install duo_login.
$ wget https://dl.duosecurity.com/duo_unix-latest.tar.gz
$ tar zxf duo_unix-latest.tar.gz
$ cd duo_unix-1.9.15
$ ./configure –prefix=/usr && make && sudo make install4. Edit /etc/duo/login_duo.conf file by giving your intergration key, secret key and api hostname like this:
[duo]
; Duo integration key
ikey = INTEGRATION_KEY
; Duo secret key
skey = SECRET_KEY
; Duo API hostname
host = API_HOSTNAME5. Run /usr/sbin/login_duo as regular user. You’ll be given an enrollment link, please visit the URL and enroll your mobile phone.
6. Edit your /etc/ssh/sshd_config file and add this line to your config file:
ForceCommand /usr/sbin/login_duo
PermitTunel no
AllowTcpForwarding no7. Restart your sshd
service sshd restartAfter these steps you are able to use Duo Security with NoMachine on SSH connections.
frogParticipantHello,
We are unable to reproduce this issue in our labs and in the same environment.
We would like to suggest to uninstall the current server, clean-up the installation
and reinstall the server from scratch:
– Uninstall NoMachine from your server host using this command:
sudo rpm -e $(rpm -qa ‘*nomachine*’) && sudo rm -rf /usr/NX/ && sudo rm -rf /etc/NX/
– After uninstalling process completed, ensure that CUPS is properly installed
– Install NoMachine server again (we have just released version 4.6.3 if you might
want to upgrade). Then verify if the problem still exists.
If the problem still exists, please let us know and we will send further instructions to resolve this issue.
- This reply was modified 9 years, 6 months ago by frog.
frogParticipantHello
To be able to help we need information about your linux distribution name. You can check it by typing lsb_release -a in your terminal. Please copy and past result.
Be also sure you have installed fuse on your system, you can install it by using command:
sudo yum install fuse
or
sudo apt-get install fuse
We also suggest updating both your NoMachine client and server to newest version (4.5.0).
frogParticipantHello,
we need more information about this problem:
1) what linux version are you using? (distribution name, 32/64 bit)
2) This problem occur when your connecting disk as public/private or both?
3) Could you please update your linux server to the same version as client and check if problem still exist after updating?
4) Problem is only with drive C, or all?
frogParticipantHello,
We investigated reported problem wtih selinux on Fedora 21, however we are not able to reproduce this problem.
For better understanding of this problem could you please provide more information about your system and selinux?
Did you install some custom policy modules? ( if yes and if it is possible could you uninstall these selinux modules and check if problem still exists?)
Which is you selinux version?
Did you install fresh NoMachine or make an update? If this version was updated which version did you use before? Did this problem exist on older version or it occured on 4.4.12?
If you did some uncommon selinux configurations please give us information about such configurations.
frogParticipantHello,
to diagnose your problem more information can be helpful. Firstly turn selinux and iptables on, reproduce your problem and send logs from /var/log/audit/audit.log.
After this turn off selinux, but don’t turn off iptables. To disable selinux please open as root /etc/sysconfig/selinux with text editor and change SELINUX=enforcing to SELINUX=disabled. Check if your problem exists. If it does, please send us also content of /etc/sysconfig/selinux.
If you got different error massage with/without firewall turned on please copy this error messages. Copy also /usr/NX/var/log/nxserver.log.
Please let us know which protocol are you using (NX/SSH), and which version of NoMachine you got installed on server/client.
regards
frogParticipantHello,
our software can’t be used to limit user privileges. If you want to limit access for users, you need to configure this in your system.
frogParticipantHello,
if you want to disable access for filesystem for users, there are two ways to do this:
1). You can disable it in node.cfg. There is key “#EnableDiskSharing”, if you want to disable access from server change its value to:
“EnableDiskSharing client”
This way you disable access for all users.
2). You can also disable access only for one user. For this we are using profiles.
sudo /etc/NX/nxserver –ruleadd –class=service –type=server-disk-sharing –value=no –user=nomachine
change ‘nomachine’ to your username
frogParticipantHello,
Could you contact us so we can provide you with a debug-enabled binary? You will need to install and then send those logs to us.
Here is contact email: issues[at]nomachine[dot]com
frogParticipantHello,
At the moment Spotlight index with remotely connected discs is not currently supported.
-
AuthorPosts