frog

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 16 total)
  • Author
    Posts
  • in reply to: UNIX socket redirection #10555
    frog
    Participant

    Hello,

     

    in order to connect properly the SmartCard device, please follow these steps:

     

    1. Start the NoMachine session.

    2. Open the NoMachine menu inside the session (ctrl+alt+0 or click on

    the page peel in the upper right corner of the window).

    3. In the menu click on Devices -> SmartCards

    3. Pick your smardcard and click ‘mount’

    4. Inside the NoMachine session open a terminal and paste this command:

     

    pkcs11-tool –module /usr/NX/lib/libpkcs11.so -L

     

    It’s fundamental to run this command inside the session when the smartcard is already connected.

    in reply to: Someone walk me through key-based authentication? #10299
    frog
    Participant

    Hello,

     

    NoMachine doesnt support keys generated by PuTTYgen, keys need to be in OpenSSH format. One on our user got similar problem with PuTTy, and he wrote solutions for this problem.

    https://www.nomachine.com/forums/topic/unable-to-apply-key-authentication#post-10096

    Did you check this post? Please make sure your keys in right format, as desribed in his post, here are instructions:

    1. Public key in /root/.nx/config/authorized.crt  (.nx and .nx/config have 0700 permissions,  authorized.crt has 0600 permissions, owner root) should be the same format as in /root/.ssh/authorized_keys:

    ssh-rsa AAAA    .. in-one-line ..   Bis= <comment>

    This is the output of PuTTYgen generate window (not the saved file) and is different from SSH / XCA format of the generated public key .crt file. SSH seems to have some setup allowing it to generate the pulic key in this format, but I am not sure about the syntax. The .crt format used to input certificates in browsers and mail clients should not be used:

    —–BEGIN CERTIFICATE—–

    AAAA..

    <<<in-many-lines>>>

    ..Bis

    —–END CERTIFICATE—–

    2. In NX client under WIN select  Session – Edit – Advanced – Private key – Settings file field: browse for private key file in SSH format, not the file saved by PuTTYgen. Private key file format should be:

    —–BEGIN ENCRYPTED PRIVATE KEY—–

    MI…

    /m8=

    —–END ENCRYPTED PRIVATE KEY—–

    • This reply was modified 8 years, 8 months ago by frog.
    • This reply was modified 8 years, 8 months ago by Britgirl.
    • This reply was modified 8 years, 8 months ago by Britgirl.
    in reply to: Shared disks do not mount, both local and remote #9205
    frog
    Participant

    We received and looked at the logs you sent, however these logs are from a session which isn’t affected by the problem. You also wrote that problem does not occur in new virtual sessions. If you encounter this problem again, please follow instructions that we sent to you. After this contact us and send logs from problematic session. Thanks.

    in reply to: Shared disks do not mount, both local and remote #9176
    frog
    Participant

    Hi, we are unable to reproduce the problem even when replicating your environment. If you are able to, we would like some more information, but you will need to download some debug libraries. Let us know if this is ok and we’ll contact you privately.

    in reply to: Unable to Authenticate for Software Update #9016
    frog
    Participant

    To deal with Software Updates problem inside NX sessions, we prepared article describing Polkit configuration.

    https://www.nomachine.com/AR10M00865

    • This reply was modified 9 years ago by frog.
    • This reply was modified 9 years ago by frog.
    in reply to: Support for Duo Security 2FA #8167
    frog
    Participant

    For now NoMachine supports Two Factor Authentication with properly configured Duo Security (only Duo Push method). Here are instructions how to configure server. Instructions can be found also on Duo Security webpage – https://www.duosecurity.com/docs/duounix

    1. Log in to the Duo Admin Panel, click add application and pick UNIX Application from list to get integration key, secret key, and API hostname.

    2. Install required headers and libraries.
    Debian/Ubuntu:
    apt-get install libssl-dev
    apt-get install libpam-dev
    CentOS/RHEL:
    yum install openssl-devel
    yum install pam-devel
    SLES/SUSE:
    zypper install libopenssl-devel
    zypper install pam-devel

    3. Download and install duo_login.
    $ wget https://dl.duosecurity.com/duo_unix-latest.tar.gz
    $ tar zxf duo_unix-latest.tar.gz
    $ cd duo_unix-1.9.15
    $ ./configure –prefix=/usr && make && sudo make install

    4. Edit  /etc/duo/login_duo.conf file by giving your intergration key, secret key and api hostname like this:
    [duo]
    ; Duo integration key
    ikey = INTEGRATION_KEY
    ; Duo secret key
    skey = SECRET_KEY
    ; Duo API hostname
    host = API_HOSTNAME

    5. Run /usr/sbin/login_duo as regular user. You’ll be given an enrollment link, please visit the URL and enroll your mobile phone.

    6. Edit your /etc/ssh/sshd_config file and add this line to your config file:
    ForceCommand /usr/sbin/login_duo
    PermitTunel no
    AllowTcpForwarding no

    7. Restart your sshd
    service sshd restart

    After these steps you are able to use Duo Security with NoMachine on SSH connections.

    in reply to: Unable to redirect printers #7323
    frog
    Participant

    Hello,

    We are unable to reproduce this issue in our labs and in the same environment.

    We would like to suggest to uninstall the current server, clean-up the installation

    and reinstall the server from scratch:

    – Uninstall NoMachine from your server host using this command:

    sudo rpm -e $(rpm -qa ‘*nomachine*’) && sudo rm -rf /usr/NX/ && sudo rm -rf /etc/NX/

    – After uninstalling process completed, ensure that CUPS is properly installed

    – Install NoMachine server again (we have just released version 4.6.3 if you might

    want to upgrade). Then verify if the problem still exists.

    If the problem still exists, please let us know and we will send further instructions to resolve this issue.

    • This reply was modified 9 years, 5 months ago by frog.
    in reply to: Cant connect to local disk #6860
    frog
    Participant

    Hello

    To be able to help we need information about your linux distribution name. You can check it by typing lsb_release -a  in your terminal. Please copy and past result.

    Be also sure you have installed fuse on your system, you can install it by using command:

    sudo yum install fuse

    or

    sudo apt-get install fuse

    We also suggest updating both your NoMachine client and server to newest version (4.5.0).

    in reply to: Cant connect to local disk #6819
    frog
    Participant

    Hello,

    we need more information about this problem:

    1) what linux version are you using? (distribution name, 32/64 bit)

    2) This problem occur when your connecting disk as public/private or both?

    3) Could you please update your linux server to the same version as client and check if problem still exist after updating?

    4) Problem is only with drive C, or all?

    • This reply was modified 9 years, 7 months ago by frog.
    • This reply was modified 9 years, 7 months ago by frog.
    in reply to: SE-Linux problems #6775
    frog
    Participant

    Hello,

     

    We investigated reported problem wtih selinux on Fedora 21, however we are not able to reproduce this problem.

    For better understanding of this problem could you please provide more information about your system and selinux?

    Did you install some custom policy modules? ( if yes and if it is possible could you uninstall these selinux modules and check if problem still exists?)

    Which is you selinux version?

    Did you install fresh NoMachine or make an update? If this version was updated  which version did you use before? Did this problem exist on older version or it occured on 4.4.12?

    If you did some uncommon selinux configurations please give us information about such configurations.

    in reply to: Authentication Failed #6555
    frog
    Participant

    Hello,

    to diagnose your problem more information can be helpful. Firstly turn selinux and iptables on, reproduce your problem and send logs from /var/log/audit/audit.log.

    After this turn off selinux, but don’t turn off iptables. To disable selinux please open as root /etc/sysconfig/selinux with text editor and change SELINUX=enforcing to SELINUX=disabled. Check if your problem exists. If it does, please send us also content of /etc/sysconfig/selinux.

    If you got different error massage with/without firewall turned on please copy this error messages. Copy also /usr/NX/var/log/nxserver.log.

    Please let us know which protocol are you using (NX/SSH), and which version of NoMachine you got installed on server/client.

     

    regards

    in reply to: Not allow the user to see the server file system #6205
    frog
    Participant

    Hello,

    our software can’t be used to limit user privileges. If you want to limit access for users, you need to configure this in your system.

    in reply to: Not allow the user to see the server file system #5984
    frog
    Participant

    Hello,

    if you want to disable access for filesystem for users, there are two ways to do this:

    1). You can disable it in node.cfg. There is key “#EnableDiskSharing”, if you want to disable access from server change its value to:

    “EnableDiskSharing client”

    This way you disable access for all users.

    2). You can also disable access only for one user. For this we are using profiles.

    sudo /etc/NX/nxserver –ruleadd –class=service –type=server-disk-sharing –value=no –user=nomachine

    change ‘nomachine’ to your username

    in reply to: Local printing problem #5531
    frog
    Participant

    Hello,

    Could you contact us so we can provide you with a debug-enabled binary? You will need to install and then send those logs to us.

    Here is contact email: issues[at]nomachine[dot]com

    in reply to: Indexing a remote volume #5412
    frog
    Participant

    Hello,

    At the moment Spotlight index with remotely connected discs is not currently supported.

     

Viewing 15 posts - 1 through 15 (of 16 total)