Forum Replies Created
-
Posts
-
This was caused by our attempts to automatically register the nomachine pkcs11 module via /usr/share/p11-kit/modules/nomachine.module:
module: /usr/NX/lib/libpkcs11.so
When not running in a nomachine environment this causes problems, at perhaps inside of one as well.
This is KDE on Xorg. It is a headless host. Client is the free version. One host is using the free version, another is the workstation version.
Is the trouble report publicly visible?
We do add a pkcs#11 module to help with forwarding:
/usr/share/p11-kit/modules/nomachine.module:
module: /usr/NX/lib/libpkcs11.so
But that hasn’t had an effect on the auto-forwarding. I guess we’ll see what version 9 brings. Is there an ETA on that?
Thank you for the links, we will likely use the DisconnectedSessionExpiry option for now. However, the nice thing about being able to query the idle time with [removed] is that it allows us to send an email to the user some time in advance (currently 24 hours I think) to warn them that the session will be terminated soon.
I define idle time as the time since the user last disconnected from the session. For comparison (removed)
contains a field that is the time of the last disconnect (really I think the time of the last status changed – e.g. connected -> disconnected, disconnected -> connected). This allows us to terminate sessions that have been disconnected for a period of time. I’m not interested in the time from the start of the session.This is a YubiKey – so yes a USB device. Generally manually sharing the smartcard reader works just fine, though a current test of reconnecting to an old session with a rebooted client fails. PKCS11 operations seem to hang. I see the following repeated in the strace of p11tool –list-token-urls:
sendto(6, “NXCLIENT-4.0.0 cookie=AD2186647C3824FF8D0ACD921D66B992,command=set,target=local,option=smartcard,value=:1004:3319770 “, 117, 0, NULL, 0) = 117
recvfrom(6, “NXAGENT-8.11.3 “, 10240, 0, NULL, NULL) = 15
recvfrom(6, “error=0,value=retry “, 10225, 0, NULL, NULL) = 20The YK device is not listed in the “Connect a USB device” menu, probably because it is already in use by the client machine. Unless the USB device could be used simultaneously by both machines (which seems doubtful), this would no be helpful to us because both the client and the remote session would need access to the smart card.
It doesn’t seem to:
/usr/NX/bin/nxserver --history E59DF9025B6873A04F627F5845A4E155 --verboseDisplay Type Session ID Services Depth Screensize Status Session name Username Platform Users Date
The date seems to just be the date started, but it doesn’t seem to show the date/time of the last disconnect or an idle counter.
Ah, I guess in the future I will have to pay very close attention to what version of NoMachine the documentation is for. Looks like that name changed between 7 and 8. Thanks.
Your responses make me think that my issue is not being understood. I never mentioned nor modified player.cfg. I have restarted nxserver. I want the client to always request the credentials, I don’t want the client to offer to save the credentials. Client and server is AlmaLinux 8.9. I’ll send the config files.
I’m using nomachine 8.11.3-4 on the client and server.
When I say client I’m referring to the device I’m connecting from. I really don’t see how the server (remote side) is in play here as the prompt to store the password comes before I’m connected. In any chase I’ve added EnableCredentialsStoring none to both machines with no change in the ability to save passwords.