Forum Replies Created
-
AuthorPosts
-
GuroContributor
hello
it seems issue is related to AD user recognition.
Could you check
/nxexec --auth
with sudo or root access account for mvladimirov like:sudo ./nxexec --auth
Also provide information about AD integration of macOS host, do you some third party tools or only macos standards?
Thanks
GuroContributorHello
We checked the sent logs and they are only from client side. Please send to us server side host logs and windows events related to nxserver/nxnode/nxservice.
Thanks
GuroContributorHello
Please also provide server side logs and check if nxtrace.log was generated in C:\ProgramData\NoMachine\var\log\ folder.
Also please check windows events and export nxservice/nxnode relate reports and send with nx logs, please.Thanks
GuroContributorHello
The NX protocol key authentication should be generated by nxkeygen command, or if it is generated by ssh-keygen, then should be converted in pem format.
You can convert the existing SSH private key by using this command:
ssh-keygen -p -m PEM -f path_to_the_key
We’s like to check the client side logs, can you send them to us? Please see the document here for instructions and then send them directly to forum[at]nomachine[dot]com making sure to use the title of this topic as the subject of your email. Thanks!
GuroContributorhello
I was looking in the forum, in the KB but couldn’t find where to go in app to setup 2FA for mac.
Please check next command result on your mac host after preparing PAM for 2AF.
(if install path is standard):
cd /Applications/NoMachine.app/Contents/Frameworks/bin
./nxexec –authTerminal will ask for username, then it should ask for password and probably verification code depending on your PAM nx configuration.
Please paste here a screenshot of the results or paste the output directly. Also pay attention to any errors showing in the log output.
Thanks
GuroContributorHello
The smart device is accessible by the user who forwarded it. Sharing the smart card among users is not supported (but planned) because personal information for smart card sharing are stored in the user’s home on server side, which is not accessible to a different user even if that other user is root.
Thanks
GuroContributorLogs from the NoMachine server would be useful as well. Please follow the instructions here: https://kb.nomachine.com/DT11R00182. You can send them directly to forum[at]nomachine[dot]com making sure to reference the title of your topic.
I tried checking CryptoPro on the fly and the installed version does not contain module rtPKCS11ECP. Please could you also tell us the exact version and whether you are using the free version or a subscription of CryptoPro?
Additionally would you be willing to run a NoMachine client debug package on your client host to get extended information from client side?
GuroContributorHello
Did you tried to read public key or certificate on server side after forward device?
Could you run in session terminal command like:
pkcs11-tool --module /usr/NX/lib/libpkcs11.so -l --read_object --type pubkey --id <key_id>
to check accept to generated key pair or certificate. Please send to us all error messages if they appear.
GuroContributorHello.
Please could you provide more detail about how you are using your smartcard in a NoMachine session, so we can understand the steps you are taking/have taken?
What NoMachine product server side are you using? What type of session is it? Can you tell us the Linux distribution and version?
programs don’t see that this smart card is connected
Which programs exactly? Do these programs support the path set to the NoMachine pkcs11 module?
GuroContributorHello.
As I see in logs AD user recognizes in later tests but server unable to check daemon status(this part logs are not full).
Please could you run one more test with new package which we can prepare?Thanks
GuroContributorHello
Do you still have login problems after install debug package on macOS?
Thanks
GuroContributorNoMachine checks user credentials through pam and got the error “Permission denied”.
1. Please check pam logs. There should be more detailed information on why pam refuses the user.
2. Is the user name correctly mapped to the local user? Could you try to use a username with domain name part?
GuroContributorCurrent known problem with Windows is related to NoMachine installation folder.
If you install Windows in a folder which is located in mounted disk (as shared folder), the service is unable to start because it can’t match NoMachine module path.
Please ensure that your NoMachine install path is located in the standard logical disk or allow NoMachine to choose default path.
For user DaveXS, could you send compressed NoMachine log data to us, so we can check?
You need to compress folder C:\ProgramData\NoMachine\var\log
GuroContributorHello
Could you reinstall NoMachine with disabled Firewall(if it enabled) and disabled Antivirus (if it installed)?
We try to reproduce this issue in our labs.
Thanks
GuroContributorHello.
Could you provide opened pipe name information?
You just need to open PowerShell and input
[System.IO.Directory]::GetFiles(“\\.\pipe\”)
Please, check if listed pipe name contains pipes with nx prefix.
like:
\\.\pipe\nxdevice-bc72a506-0e0c-4bff-b6f8-c2b6aa32e906
\\.\pipe\nxfsd-709fd562-36b5-48c6-9952-302da6218061
\\.\pipe\nxserver-WqJhjF9jm0-l0dmS-Hs8dXKc0
\\.\pipe\nxsspi-ef0b693a-97e0-4d61-8582-a24f630526e1
You can use pipelist.exe tool for this, also.
Thanks.
-
AuthorPosts