Forum Replies Created
I’m having trouble understanding this.
Is this a vulnerability that exists on NoMachine servers which are running nxserver.bin and nxnode.bin? Is this a vulnerability that exists on Cloud Servers or Cloud Nodes? Or is this a vulnerability that only exists on hosts which have the non-enterprise client installed?
That doesn’t make any sense. I want to be able to forward specific group of users to a set of terminal nodes.
I shouldn’t have to make a group called ‘ksg’, and then for every host that isn’t a ‘ksg’ terminal node, run a command, that would be a bit insane. Check this problem out:
I have the following nodes:
If I want the group ksg to be able to access ksg6-1 and ksg6-2, but not rce6-1 and rce6-2, I have to say
nxserver –ruleadd –class=node –type=rce6-1.hmdc.harvard.edu:4000 –value=no –group=ksg
nxserver –ruleadd –class=node –type=rce6-2.hmdc.harvard.edu:4000 –value=no –group=ksg
But, what happens if I add more rce nodes, like rce6-3? I have to continue to add these rules, why can’t I do something like this?
nxserver –ruleadd –class=node –type=ksg6-1.hmdc.harvard.edu:4000 –value=only –group=ksg
nxserver –ruleadd –class=node –type=ksg6-2.hmdc.harvard.edu:4000 –value=only –group=ksg
Where ‘only’ means that that group is only allowed to access ksg6-1 and ksg6-2
And why don’t NX groups get automatically populated with LDAP groups? That doesn’t make any sense either.
Thank you both for considering this suggestion. I’m glad that you’re considering coming up with a better label that communicates desktop view. In the meantime, I understand you can disable desktop sharing. However, we do not want to disable desktop sharing for all users. Administrative users in the group admin should be able to connect to others’ desktops if our users so request. Is there a configuration option whereby I can disable desktop sharing for certain users and groups?
I understand that your interface was built over a long period of time, with a lot of input and testing. I think I may have a really easy solution to address this. Can you simply *change* the label of the button? For example, when you are viewing ‘My Sessions’ the label says ‘All Sessions’, such that it is obvious what action that button performs. Even better, could you add a verb to the label? ‘View My Sessions’, ‘View All Sessions’ ? That would be an easy solution I hope.
Again, thanks for your help
EvanJune 4, 2014 at 09:09 in reply to: Unable to add nodes NX protocol – Cannot authenticate #3796
Thanks for this. I updated my NoMachine client to the latest 4.2.22_2 and it worked. D’oh!
Actually, from what I have written it is clear that port 4000 is not blocked. Check this out:
└─[~]> telnet rce6-1.priv 4000
Connected to rce6-1.priv.
Escape character is ‘^]’.
I can see here that rce6-1.priv:4000 (NX) is accepting connections, now I try to use openssl req to grab the cert
└─[~]>openssl s_client -connect rce6-1.priv.hmdc.harvard.edu:4000
140383579920200:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 263 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
This is the weird part. Apparently it has no certificate?
I can actually use NXClient and connect directly to rce6-1.priv:4000 and achieve a session, but I am not able to –nodeadd.
I’m running 4.2.22_2 and I am still unable to print in OS X. Has this actually been fixed?