HOWTO: Install freenx

[QkEterror]

No. It was libXcomposite. I'm pretty sure because I copied it. Unfortunately I don't have the error anymore or is there a log or something I can find it?

[Voyageur]

No need anymore, net-misc/nx now depends on libXcomposite (another round of compilation showed up the missing depend at link).

The ebuild should really be OK now, as it passed our nice x86 team tests for stabilization

Also, I'll soon start to write some Gentoo documentation on NX/freenx and friends, if you think some subjects other than the following should be treated, please tell me. Current plan is:

• what is NX (technology, licensing, ...)
• the different servers and clients (pros/cons)
• specific configuration and commands by server (configuration files, where are logs, ...)
• some troubleshooting tips
• and of course a selection of links for further reading

[WarrenFaith]

I have some trouble with installing nxserver on my gentoo (uptodate)

My package.keywords

Code: Select all

net-misc/nxserver-freenx ~x86
net-misc/nxssh ~x86
net-misc/nxproxy ~x86
net-misc/nx-x11 ~x86
net-misc/nxclient ~x86
net-misc/nxesd ~x86
net-misc/nxcomp ~x86

After emerge nxserver-freenx I started the installation...

Code: Select all

home warrenfaith # nxsetup --install --setup-nomachine-key --clean --purge
Removing special user "nx" ...done
Removing session database ...done
Removing logfile ...done
Removing home directory of special user "nx" ...done
Removing configuration files ...done
Setting up /etc/nxserver ...done
Generating public/private dsa key pair.
Your identification has been saved in /etc/nxserver/users.id_dsa.
Your public key has been saved in /etc/nxserver/users.id_dsa.pub.
The key fingerprint is:
f9:06:7c:e3:46:94:81:3c:04:3e:8f:a9:7f:21:43:c2 root@home
Setting up /var/lib/nxserver/db ...done
Setting up /var/log/nxserver.log ...done
Setting up special user "nx" ...Kennwort geändert.
done
Setting up known_hosts and authorized_keys2 ...done
Setting up permissions ...done
Setting up cups nxipp backend ...done

----> Testing your nxserver configuration ...
Warning: Could not find rdesktop in /usr/bin. RDP sessions won't work.
Warning: Could not find vncviewer in /usr/bin. VNC sessions won't work.
Warning: Invalid value "COMMAND_FOOMATIC=/usr/lib/cups/driver/foomatic-ppdfile"
         Users will not be able to use foomatic.
Warning: Invalid value "COMMAND_START_GNOME=gnome-session"
         Users will not be able to request a Gnome session.
Warning: Invalid value "COMMAND_START_CDE=cdwm"
         Users will not be able to request a CDE session.

  Warnings occured during config check.
  To enable these features please correct the configuration file.

<---- done

----> Testing your nxserver connection ...
Permission denied (publickey,password,keyboard-interactive).
Fatal error: Could not connect to NX Server.

Please check your ssh setup:

The following are _examples_ of what you might need to check.

        - Make sure "nx" is one of the AllowUsers in sshd_config.
    (or that the line is outcommented/not there)
        - Make sure your sshd allows public key authentication.
        - Make sure your sshd is really running on port 22.
        - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2.
    (this should be a filename not a pathname+filename)

Some ideas?

Best Regards

[ksool]

I just switched from X11-forwarding over ssh to FreeNX and must say, so far I am happy with its bandwidth consumption, or lack thereof. Anyway, there were a couple of features of X11-forwarding that I loved that I am wondering if I can get to work with FreeNX. I am forwarding a full WM environment (fluxbox) and using virtual desktop mode.

1. When forwarding a WM over ssh, the WM picks up local windows as well (existing and new) so that I could do thinks like play video locally or run a local terminal as if everything was running on a single desktop on a single machine. I have tried to accomplish this with FreeNX (both in virtual desktop mode and in floating window mode) without success. For the terminals etc. I can do ssh forwarding back to the client, but this wouldnt' be possible with things like video. Does FreeNX have this functionality?

2. I use xscreensaver to local the local client X session as locking the remote session would be a waste of bandwidth and a drop in security. However, when I try to lock the local x session under freenx, nothing happens. It is as if xscreensaver is running beneath the freenx window (I'm running at fullscreen).

3. I have noticed that some applications, conky for example, use a lot of CPU when running over FreeNX. I think that this is because neither graphics cad is being utilized and everything is being rendered by the host CPU. Granted, I have not setup X on the host since it is a headless box, but is it possible to utilize it's graphics card at all (or even the clients)?

Thanks.

[Voyageur]

----> Testing your nxserver connection ...
Permission denied (publickey,password,keyboard-interactive).
Fatal error: Could not connect to NX Server.

Please check your ssh setup:

The following are _examples_ of what you might need to check.

- Make sure "nx" is one of the AllowUsers in sshd_config.
(or that the line is outcommented/not there)
- Make sure your sshd allows public key authentication.
- Make sure your sshd is really running on port 22.
- Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys2.
(this should be a filename not a pathname+filename)

Did you try these suggestions? Failing at this point means a configuration problem in your ssh server, not freenx.


krs1ars, you're trying to get remote floating windows on your local desktop right? You can try to run your WM as a floating window (in the custom setttings), or run a remote terminal (as a floating window too) and run new commands from it, or even run a NX connection for each application. For xscreensaver I don't know though, I do not have this problem (but I seldom run NX in fullcreen)[/quote]

[ksool]

Voyageur, I did try running the WM as a floating window, but didn't get very far. I did notice the following though, 1) it did not pick up existing local windows, 2) I did not have access to the full screen. That is to say, when I moved outside of the WM's windows, it was as if I was back on the local machine without a WM and I couldn't access the background (meaning I couldn't run the menu for fluxbox). I don't know if that's clear. I'll try again later today.

[rpmohn]

I've been running nxserver-freenx for years without problems , but now I want to include nxclient on my gentoo system. The problem is that when I add in USE=nxclient I get into a seemingly unresolvable block :

Code: Select all

# USE=nxclient emerge -vp nxserver-freenx

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] net-misc/nxserver-freenx-0.7.0-r1  USE="cups esd nxclient* -arts" 0 kB
[ebuild  N    ] net-misc/nxclient-3.0.0-r3  3,777 kB
[blocks B     ] net-misc/nxclient (is blocking net-misc/nxserver-freenx-0.7.0-r1)

# dep -e nxserver-freenx nxclient
net-misc/nxserver-freenx:
        [  I] 0.7.0-r1 (0)
net-misc/nxclient:
        [   ] 3.0.0-r3 (0)

Any ideas?
Thanks! -Ross

[Voyageur]

To handle blocked packages, the best way is usually to remove the old package and then emerge the new package (in this case nxserver-freenx)

The blocker is here because switching the nxclient USE flag would cause file collisions on nxclient between nxclient and freenx

[rpmohn]

To handle blocked packages, the best way is usually to remove the old package and then emerge the new package (in this case nxserver-freenx)

The blocker is here because switching the nxclient USE flag would cause file collisions on nxclient between nxclient and freenx

Thanks for your reply, but I don't see a new package of nxserver-freenx in portage. I only see v0.7.0-r1 of nxserver-freenx and v3.0.0-r3 of nxclient in portage, and they appear to be blocking each other . I could remove the "old package" of freenx, but it wouldn't it just try to install itself again and still be blocked?

Majorly confused,
-Ross

[Voyageur]

Bad choice of words then, I meant "new" as in "newly emerged", not "new version compared to the current one"

Your "old" nxserver-freenx (with USE=-nxclient) owns the file /usr/bin/nxclient. Emerging freenx with USE=nxclient will pull in net-misc/nxclient, which would also install /usr/bin/nxclient. Removing the old nxserver-freenx would remove this file, and you would end up with net-misc/nxclient installed, but no nxclient binary anymore

Hmm, I hope I did not confuse you even more But in short:

Code: Select all

emerge -C nxserver-freenx; emerge -av nxserver-freenx

[rpmohn]

Bad choice of words then, I meant "new" as in "newly emerged", not "new version compared to the current one"

Your "old" nxserver-freenx (with USE=-nxclient) owns the file /usr/bin/nxclient. Emerging freenx with USE=nxclient will pull in net-misc/nxclient, which would also install /usr/bin/nxclient. Removing the old nxserver-freenx would remove this file, and you would end up with net-misc/nxclient installed, but no nxclient binary anymore

Hmm, I hope I did not confuse you even more But in short:

Code: Select all

emerge -C nxserver-freenx; emerge -av nxserver-freenx

That did it, THANKS!
-Ross

[ksool]

Hey all.
Another question.

Is it possible to resume a session from a different ip than the one from which it was suspended?
I'm trying to open the session from my remote machine when I'm at home, and I see the session listed in the console, but it says status is not available and it won't let me resume. I've searched through the server configs and found nothing.

Thanks.


EDIT: Fixed, sort of. It seems like the problem only occurs between windows and linux sessions. For me, it was started on a linux session and I couldn't resume it from windows.

[lorenct]

Just recently I updated pam to: sys-libs/pam-0.99.8.1-r1

After a couple of package rebuilds because of their dependency on pam (ie. openssh) I restarted my system completely to make sure everything was working.

I am able to login locally and remotely with SSH (openldap authentication on the backend), but now when I try to use NXclient to connect I receive the following:

NX> 203 NXSSH running with pid: 3168
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 98.193.58.128 on port: 22
NX> 202 Authenticating user: nx

This system is a restricted access system. All activity on this system is subject to monitoring. If information collected reveals possible criminal activity or activity that exceeds privileges, evidence of such activity may be provided to the relevant authorities for further action. By continuing past this point, you expressly consent to this monitoring.
NX> 208 Using auth method: publickey
Connection closed by 98.193.58.128

I have tried editing /etc/nxserver/node.conf to get some type of logging information out of the nxserver to /var/log/nxserver.log (which I check is owned and writeable by nx user), but the file remains empty.

Anyone have any ideas? This all worked until this past update... no changes to /etc/ssh/sshd_config file...

Here are the contents of my /etc/pam.d/system-auth file:

#%PAM-1.0

auth required pam_env.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

account required pam_unix.so
account required pam_ldap.so

# This can be used only if you enabled the cracklib USE flag
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try
_first_pass retry=3
# This can be used only if you enabled the cracklib USE flag
password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
# This can be used only if you enabled the !cracklib USE flag
# password sufficient pam_unix.so try_first_pass nullok md5 shadow
password sufficient pam_ldap.so use_authtok use_first_pass
password required pam_deny.so

session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so

Hopefully someone has already encountered and resolved whatever issue I cannot get past. Not being able to get any valuable debug information out of nxserver is definitely limiting my diagnosis capabilities...

[disi]

I installed freenx and it works great with the client, but...

If I choose a resolution smaller than 1280x1024, I use at home, I get everything fine except of the desktop itself. I can only see shortcuts I place in the upper left corner and the background image is not completely displayed.

Conky runs well in the upper right corner, though. The panels and all the other stuff is running in the smaller resolution as well.

This is not a big deal, I could place all shortcuts in the upper left corner, but I want to know if this is a configuration problem?

In my xorg.conf are the following settings (I have other resolutions):

Code: Select all

Section "Screen"
    Identifier     "Screen0"
    Device         "Videocard0"
    Monitor        "Monitor0"
    DefaultDepth    24
    Option         "NoLogo" "0"
    Option         "RenderAccel" "true"
    Option         "AllowGLXWithComposite" "true"
    Option         "MultiGPU" "on"
    Option         "SLI" "on"
    SubSection     "Display"
        Depth       24
        Modes      "1280x1024" "1024x768" "800x600" "640x480"
    EndSubSection
EndSection

the /var/log/nxserver.log is every new session created but empty

It doesn't create a new Xorg.0.log if I log on remote.
here is the Xorg.0.log if I log on at home:

Code: Select all

(--) NVIDIA(0): Acer AL1917 (CRT-0): 342.0 MHz maximum pixel clock
(II) NVIDIA(0): Assigned Display Device: CRT-0
(II) NVIDIA(0): Validated modes:
(II) NVIDIA(0):     "1280x1024_75+0+0"
(II) NVIDIA(0):     "1280x1024+0+0"
(II) NVIDIA(0):     "1024x768+0+0"
(II) NVIDIA(0):     "800x600+0+0"
(II) NVIDIA(0):     "640x480+0+0"
(II) NVIDIA(0): Virtual screen size determined to be 1280 x 1024
(--) NVIDIA(0): DPI set to (85, 86); computed from "UseEdidDpi" X config

...

(II) NVIDIA(0): Initialized GART.
(II) NVIDIA(0): Setting mode "1280x1024_75+0+0"

/edit: The WM is Gnome

[QkEterror]

How are things going with the new nx 3 features? I really would like to get my hands on that shadowing.

[Voyageur]

Freenx redesign is under way, but don't expect it too soon The wiki page on it is here. There is some kind of session shadowing in freenx 0.7.1 (via vnc), which I'll probably add tonight though

lorenct, at this point it is normal that you do not get any log from nxserver, as it has not started yet. If you still have the problem, increase the verbosity of sshd and look through its log

[disi]

I haven't tried much yet and actually I just use it to have a fast and secure x terminal to my machine at home. For my need it works good and very fast.

Recently I changed from Gnome to Xfce4.

Xfce isn't supported by the windows client, you can define a commandline to start the proper windowmanager (startxfce4). It comes up with the complete desktop in 1024x768, using xfdesktop (better than nautilus).

The X session isn't closing, even though I logout properly. The administration tool comes up with a paused session.
If I choose terminate, it only happens clientside.

Via ssh (Putty) I can see that the server is still running with everything like xscreensaver, conky etc. The next session it will start everything again and creates new zombies.


With Gnome I had no problems, except of that the background and desktop wasn't completely displayed (using Nautilus).

[lorenct]

lorenct, at this point it is normal that you do not get any log from nxserver, as it has not started yet. If you still have the problem, increase the verbosity of sshd and look through its log

Here is the output from /var/log/messages when I increase SSH logging to DEBUG:

Code: Select all

Nov  8 15:16:42 gentoo sshd[17678]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Nov  8 15:16:42 gentoo sshd[17662]: debug1: Forked child 17678.
Nov  8 15:16:42 gentoo sshd[17678]: debug1: inetd sockets after dupping: 3, 3
Nov  8 15:16:42 gentoo sshd[17678]: Connection from XX.XX.XX.XX port 40960
Nov  8 15:16:42 gentoo sshd[17678]: debug1: Client protocol version 2.0; client software version OpenSSH_4.4
Nov  8 15:16:42 gentoo sshd[17678]: debug1: match: OpenSSH_4.4 pat OpenSSH*
Nov  8 15:16:42 gentoo sshd[17678]: debug1: Enabling compatibility mode for protocol 2.0
Nov  8 15:16:42 gentoo sshd[17678]: debug1: Local version string SSH-2.0-OpenSSH_4.7
Nov  8 15:16:43 gentoo sshd[17678]: debug1: PAM: initializing for "nx"
Nov  8 15:16:43 gentoo sshd[17678]: debug1: PAM: setting PAM_RHOST to "outbound2.domainname.com"
Nov  8 15:16:43 gentoo sshd[17678]: debug1: PAM: setting PAM_TTY to "ssh"
Nov  8 15:16:43 gentoo sshd[17678]: Failed none for nx from XX.XX.XX.XX port 40960 ssh2
Nov  8 15:16:43 gentoo sshd[17678]: debug1: temporarily_use_uid: 1003/553 (e=0/0)
Nov  8 15:16:43 gentoo sshd[17678]: debug1: trying public key file /var/lib/nxserver/home/.ssh/authorized_keys2
Nov  8 15:16:43 gentoo sshd[17678]: debug1: matching key found: file /var/lib/nxserver/home/.ssh/authorized_keys2, line 1
Nov  8 15:16:43 gentoo sshd[17678]: Found matching DSA key: ee:88:aa:33:77:11:44:cc:99:88:ee:cc:77:aa:ee:ee
Nov  8 15:16:43 gentoo sshd[17678]: debug1: restore_uid: 0/0
Nov  8 15:16:43 gentoo sshd[17678]: debug1: ssh_dss_verify: signature correct
Nov  8 15:16:43 gentoo sshd[17678]: debug1: do_pam_account: called
Nov  8 15:16:43 gentoo sshd[17678]: Failed publickey for nx from XX.XX.XX.XX port 40960 ssh2
Nov  8 15:16:43 gentoo sshd[17678]: debug1: do_cleanup
Nov  8 15:16:43 gentoo sshd[17678]: debug1: PAM: cleanup

Any ideas because it is not very obvious to me? The keys appear to match from the information above, but publickey authentication fails?

Thanks.

[lorenct]

Looks like LDAP is causing me grief.

I had another system not tied into using LDAP authentication for users and nxserver works fine with the latest stable release of PAM. (sys-libs/pam-0.99.8.1-r1)

My /etc/pam.d/system-auth file:

Code: Select all

#%PAM-1.0
 
auth       required pam_env.so
auth       sufficient pam_unix.so try_first_pass likeauth nullok
auth       sufficient pam_ldap.so use_first_pass
auth       required pam_deny.so
 
account    required pam_unix.so
account    required pam_ldap.so
 
password   required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
password   sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
password   sufficient pam_ldap.so use_authtok use_first_pass
password   required pam_deny.so
 
session    required pam_limits.so
session    required pam_unix.so
session    optional pam_ldap.so

Now this information used to work with the older version of PAM, but now it seems to cause problems.

If anyone sees something that might resolve my problem, please let me know. Otherwise looks like it is time to do some more searching...

[lorenct]

Looks like the issue was with my /etc/pam.d/system-auth file.

I changed:

Code: Select all

account    required pam_ldap.so

to:

Code: Select all

account    sufficient pam_ldap.so

And like magic, nxserver-freenx once again worked for remote graphical access! (yeah!)

[t35t0r]

Looks like the issue was with my /etc/pam.d/system-auth file.

Also in that file you may have a line like:

Code: Select all

account    required     pam_access.so accessfile=/etc/security/access.conf

Everything in /etc/security/access.conf should be commented out. If you know what you are doing with that file make sure you allow nx to login from localhost and 127.0.0.1 . Another thing to watch out for is /etc/hosts.allow and /etc/hosts.deny . Make sure to allow for:

Code: Select all

ALL : 127.0.0.1
ALL : localhost

in /etc/hosts.allow if you have "ALL : ALL" in /etc/hosts.deny