NOMACHINE D-811_002-NXS-SAG Service manual
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
NX Server System
Administrator’s Guide
Page 1 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
Table of Contents
1. NX Server Administrator's Guide
1.1. Installing the NX Server
1.2. Configuring the Server and the Node
1.3. An Overview of the Backend
2. Multi-Node Support
2.1. Enabling Multi-Node Support
2.2. Starting and Stopping Monitoring of the Nodes Availability
2.3. Adding the Node
2.4. Removing the Node
2.5. Getting the Node to Authenticate the Server
2.6. Forbidding Unencrypted Connections between Server and Node
3. Services Management
3.1 Retrieving the Usage
3.2. Retrieving the Version
3.3. Retrieving the Subscription
3.4. Retrieving the Status
3.5. Enabling and Disabling Sessions on the Server
3.6 Listing the Nodes
3.7. Enabling and Disabling Sessions on the Node
3.8. Starting and Stopping the NX Sensor Daemon
3.9. Starting and Stopping the “Statistics Daemon”
3.10 Sending Messages
3.11 Greeting Messages
4. NX Server Authentication
4.1 Configuring NX Server to Rely on System Authentication
4.2 Configuring NX Server to Reply on NX Authentication
4.3. Enabling a Restricted Set of NX Users to Login
4.4. Replacing the Default SSH Key-Pair with Keys Generated for Your
Server
5. NX Users Administration on the Server Host
5.1. Creating a System Account
5.2. Creating an NX Account
5.3. Enabling and Disabling an NX User
5.4. Verifying an NX User
Page 2 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
5.5. Retrieving the NX User Authentication Type
5.6. Modifying the System Password
5.7. Modifying the NX Password
5.8. Listing the NX Users
5.9. Removing a System Account
5.10. Removing an NX User
5.11 Removing Administrator Privileges
6. NX User Administration on the Node Host
6.1. Creating a System Account
6.2. Removing a System Account
7. Guest Accounts
7.1. Enabling the Automatic Provision for Guest Accounts
7.2. Configuring the Automatic Provision for Guest Accounts
7.3. Setting Disk Quota for Guest Accounts
7.4. Configuring Guest Sessions
7.5. Adding a Guest Account
7.6. Listing Guest Accounts
7.7 Removing a Guest Account
8. User Profiles
8.1. Enabling User Profiles
8.2. Adding the Per-Server and Per-User Profiles
8.3. Listing User Profiles
8.4. Removing Per-Server and Per-User Profiles
9. Desktop Sharing and Session Shadowing
9.1. Enabling Desktop Sharing
9.2. Configuring Interaction Level to the Local Display
9.3. Requiring Authorization to Share the Local Display
9.4. Allowing the Sharing of a Local Display Owned by a Non-NX User
9.5 Allowing the Sharing of a Local Display Owned by Root
9.6. Enabling Session Shadowing
9.7. Configuring Interaction Level to the Shadowed Session
9.8. Requiring Authorization for Shadowing the NX Session
9.9. The Shadow Monitor
10. Administering NX Sessions
10.1. Listing Running Sessions
10.2. Listing all Sessions
10.3. Clearing Session History
10.4. Suspending a Running Session
10.5. Terminating a Session
Page 3 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
10.6. Increasing the Maximum Number of Concurrent Sessions
10.7. Making Room for new Sessions on new Logins
10.8. Configuring the User NX Directory on the Node
10.9. Gaining Control over Copy&Paste
10.10. Disabling the Pulldown Menu
10.11. Executing Custom Scripts on NX Server Event
10.12. Executing Custom Scripts on NX Node Event
10.13. Starting or Resuming a Session by SSH
10.14. Starting RDP and RFB Sessions
11. Sharing Resources with NX
11.1. Sharing Files
11.2. Enabling File-Sharing
11.3. Configuring the Share Mount Point
11.4. Specifying the File-Sharing Protocol
11.5. Sharing Printers
11.6. Configuring CUPS backend
12. Log Files
12.1. Enabling Debug Level
12.2. Disabling the Logging of X Clients
12.3. Setting the Log Maximum Size
13. Network Resources used by NX
13.1. The Display Number
13.2. TCP Ports
13.3. The Unix Domain Socket
1. NX Server Administrator's Guide
Welcome to the NX Server System Administrator's guide. This document provides NX Server users
with the default configuration and command key details. Below you will find step-by-step
instructions on how to configure and manage the NX Server to better fit your needs. The present
document applies to NX version 3.0. For specific issues related to old versions of the NX software
you can refer to the NoMachine Knowledge Base: https://www.nomachine.com/knowledge-base
1.1. Installing NX Server
Starting from the 2.0.0 version, NX Server and NX Node are shipped as two separate packages. A
prerequisite for installing the server is having previously installed NX Node, whilst for installing the
node, you must have installed NX Client.
Page 4 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
For more detailed information about prerequisites, supported platforms and the package installation,
please refer to the documentation available on the NoMachine Web site at:
Client installation
https://www.nomachine.com/DT12I00005
Node installation
https://www.nomachine.com/DT12I00006
Server installation
https://www.nomachine.com/DT12I00007
1.2. Configuring the Server and the Node
Configuring the Server and the Node.
The configuration files for server and node are respectively:
/usr/NX/etc/server.cfg
/usr/NX/etc/node.cfg
Server and node come with a default configuration that is sufficient to grant a working set-up in the
great majority of environments. It will be up to the NX administrator to tune the installation
according to their specific needs by setting the related configuration keys. Please note that, since
both the server.cfg and node.cfg file provide a detailed description for each of the available keys,
the function of this document will be to provide an overview of all the supported features.
In general, the server.cfg file allows the NX administrator to manage all the configurations for the NX
Server, such as authentication mechanisms, session management (session persistence, log level
etc...), activation of support for guest sessions, multi-node capabilities, user profiles, desktop
sharing and session shadowing and so on.
The node.cfg file, on the other hand, lets the administrator define specific behaviour for the node,
such as logging the X clients stderr; specify where to create the user's NX directory or customize the
required paths according to the configuration of the machine where the node is running. For
example, it allows you to specify the path for the default X window system startup script or the CUPS
binaries when CUPS support is enabled.
Page 5 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
1.3. An Overview of the Backend
From version 3.0.0, the backend for managing the NX users and nodes is made up of:
/usr/NX/etc/administrators.db
/usr/NX/etc/guests.db
/usr/NX/etc/nodes.db
/usr/NX/etc/passwords.db
/usr/NX/etc/users.db
Whilst the backend for managing the NX sessions is made up of:
/usr/NX/var/db/closed/
/usr/NX/var/db/failed/
/usr/NX/var/db/running/
/usr/NX/var/db/broadcast
2.Multi-Node Support
Multi-node capabilities are available only in the NX Advanced Server. When support for load
balancing is enabled, it is up to the server to select the node host according to the hosts available in
the NX Node DB by exploiting a round-robin mechanism.
2.1. Enabling Multi-Node Support
The EnableLoadBalancing key must be enabled in the /usr/NX/etc/server.cfg configuration file:
EnableLoadBalancing = "1"
2.2. Starting and Stopping Monitoring of the Nodes Availability
The NX Server monitor daemon, which runs in the background, aims at monitoring the availability of
the NX Node host machines. When a node host results as being unreachable, the NX server will not
try to start a new session on this node, until it becomes available again.
The EnableNodeMonitoring key must be enabled in the /usr/NX/etc/server.cfg configuration file:
Page 6 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
EnableNodeMonitoring = "1"
The commands to handle the NX server daemon, are:
nxserver --daemon startnxserver --daemon restartnxserver --daemon stop
2.3. Adding the Node
The general form of the command is:
nxserver --nodeadd NODE OPTIONS NODE can be either the hostname or the IP of
the machine where the NX node is running. OPTIONS are any of the following:
--port=PORT Specify the SSH port for the node. If the port is not
provided, the server assumes it is the default SSH
port 22.
--connection={encrypted|unencrypted|user} Specify the connection type to be allowed
between server and node. If the connection is not
provided, the server assumes it is 'user',that's to
say both unencrypted and encrypted connection
can be allowed, depending on the value set for
the EnableUnencryptedSession key in the
/usr/NX/etc/node.cfg configuration file.
For example:
nxserver --nodeadd testdrive.nomachine.com --connection=encrypted
nxserver --nodeadd 121.22.12.11 --port=22 --connection=use
2.4. Removing the Node
The general form of the command is:
nxserver --nodedel NODE:PORT
For example:
nxserver --nodedel testdrive.nomachine.com:22
Page 7 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
2.5. Getting the Node to Authenticate the Server
The NX Server public DSA Key must be added to the node to allow this server to connect to the node
running on the remote host. Please note that in the current implementation, each node can be
associated only to one server.
Copy the server public DSA key on the node host, for example:
# scp /usr/NX/etc/keys/node.localhost.id_dsa.pub root@node_host:/tmp
The general form of the command to add the server public DSA key is:
nxnode --keyadd KEY KEY is the path to the server public DSA key. For example: n
xnode --keyadd /tmp/node.localhost.id_dsa.pub
2.6. Forbidding Unencrypted Connections between Server and Node
The EnableUnencryptedSession key must be deactivated or commented in the /usr/NX/etc/node.cfg
configuration file:
EnableUnencryptedSession = "0"
3. Services Management
3.1. Retrieving the Usage
To get the usage of server and node, run:
Page 8 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
nxserver --help nxnode --help
3.2. Retrieving the Version
To get the version of server and node, run:
nxserver --version nxnode --version
3.3. Retrieving the Subscription
To get information about the subscription, run:
nxserver --subscription nxnode --subscription
3.4. Retrieving the Status
To retrieve the status, run:
nxserver --status nxserver --status NODE:PORT NODE is any of the available node
s.For example: nxserver --status testdrive.nomachine.com:22
3.5. Enabling and Disabling Starting Sessions on the Server
To enable starting sessions, run:
Page 9 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
nxserver --start Enable starting sessions.
To terminate all the running sessions and perform a clean restart:
nxserver --restart Terminate all the running sessions
and perform a clean restart.
To disable starting session:
nxserver --stop Disable starting session.
To disable starting sessions and terminate all the running sessions:
nxserver --shutdown
3.6. Listing the Nodes
To list and retrieve information on the nodes, run:
nxserver --nodelist
3.7. Enabling and Disabling Starting Sessions on the Node
The general form of the command to enable and disable starting sessions is:
nxserver --start NODELIST nxserver --stop NODELIST
Page 10 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
NODELIST is a list of any of the available nodes for load balancing.
For example: nxserver --start testdrive.nomachine.com:22 111.22.33.44:22 nxserver
--start testdrive.nomachine.com:22
3.8. Starting and Stopping the NX Sensor Daemon
The nxsensor daemon which runs in the background is used to produce statistics about the node
machine
that can be elaborated by the nxstat daemon and displayed by the NX Server Manager Web
application.
The EnableSensor key must be activated in the /usr/NX/etc/node.cfg configuration file:
EnableSensor = "1"
The following configuration keys are set in the node configuration file according to your needs:
StatisticsHost = "127.0.0.1" The hostname or IP address where the nxstat
daemon,
in charge of collecting and elaborating data
provided by
nxsensor, will be assumed to run.
NodeSensorPort = "19250" The port where the NX server will contact
nxsensor daemon to collect the statistics data.
The key is also used by nxsensor to know the
network interface where it will listen for incoming
connections.
The commands to handle the nxsensor daemon, in charge of producing data related to the node
host, are:
nxnode --sensor start nxnode --sensor restart nxnode --sensor stop
3.9. Starting and Stopping the “Statistics Daemon”
Page 11 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
The nxstat daemon which runs in the background is used to produce statistics about either the host
machine (and the remote node hosts when multi-node support is enabled in the NX Advanced
Server) or NX services.
The NX statistics can be queried and displayed by the NX Server Manager application.
The EnableStatistics key must be activated in the /usr/NX/etc/server.cfg configuration file. The
following configuration keys can be set according to your needs:
ServerSensorPort = "19250" Specify the port where the server
will contact the nxsensor daemon to collect the
statistics.
The commands to handle the nxstat daemon, in charge of elaborating the data provided by the
nxsensor daemon running on the node host, are:
nxserver --statistics start nxserver --statistics restart nxserver --statistics s
top
Important
The NX statistics can be visualized via NX Server Manager.
3.10. Sending Messages
The general form of the command is:
nxserver --broadcast MESSAGE nxserver --message SESSIONID MESSAGE
MESSAGE is the the text of your message between quotes. The message can be sent to either a
running or a suspended session. In this case the user will get the message when they resumes the
session.
For example:
nxserver --broadcast 'Text of your message' nxserver --message F46653240EA3A9C8DE
6EFA2D4E947EF4 'Text of your message'
Page 12 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
3.11. Greeting Messages
The following configuration keys available in /usr/NX/etc/node.cfg allow you to personalize a
greeting message to be shown at session start-up. Uncomment the keys and edit the text of the
message,
for example:
NodeFirstLoginGreeting = "Welcome to your first NX session" and: NodeLoginGreeting
= "Welcome back to your NX session"
4. NX Server Authentication
NX is configured by default to allow access for any system user, as long as the user provides valid
credentials for the SSH login. Please note that SSH authentication without password is not supported.
NX offers an alternative authentication method, allowing the administrator to specify which user can
access the system through NX. This works by implementing a separation between the system
password and the NX password, so that, for example, it is possible to forbid remote access to the
system by any other means except NX and use the NX tools to implement effective accounting of the
system resources used by the user.
The NX administrator can control access to the NX system by configuring the server to use the
authentication method better suited:
System authentication relying on SSHD + PAM authentication
NX authentication relying on NX Password DB
A further level of control, relying on the NX User DB, can be achieved by enabling only a restricted
group of users to connect to the NX server. This configuration can be applied either combined with
the system or NX authentication.
Important
When multi-node support is activated, the NX administrator needs to ensure that the system
account for the NX user is present also on all the node hosts.
Page 13 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
4.1. Configuring NX Server to Rely on System Authentication
The EnablePasswordDB key must be deactivated or commented in the
/usr/NX/etc/server.cfg configuration file:
EnablePasswordDB = "0"
4.2. Configuring NX Server to Rely on NX Authentication
The EnablePasswordDB key must be activated in the
/usr/NX/etc/server.cfg configuration file:
EnablePasswordDB = "1"
4.3. Enabling a Restricted Set of NX Users to Login
The EnableUserDB key must be activated in the /usr/NX/etc/server.cfg configuration file:
EnableUserDB = "1"
Important
Everytime a new account is created via NX Server or an already existing user accesses the
NX system for the first time, the user is added to the NX User DB.
4.4. Replacing the Default SSH Key-Pair with Keys Generated for Your Server
The initial login between client and server happens through a DSA key-pair. The public part is
provided during the installation of the server, while the private part is distributed together with the
NX Client. In order to replace the default keys used by clients, you need to generate a new DSA
key-pair and distribute the private part to those clients you want to get connected to the server.
Page 14 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
Generating a new DSA key-pair
Login as root on on the NX server host machine and run:
/usr/NX/scripts/setup/nxserver --keygen
Distributing the new SSH private key to the clients
Change the ownership and permissions on the authorized_keys file. Depending on which O.S.
your NX is running on, you may need to execute:
chown nx:root /usr/NX/home/nx/.ssh/authorized_keys2 chmod 0644 /usr/NX/home/n
x/.ssh/authorized_keys2 Or: chown nx:root /usr/NX/home/nx/.ssh/authorized_ke
ys chmod 0644 /usr/NX/home/nx/.ssh/authorized_keys
Change the ownership and permissions on the following file.
chown nx:root /usr/NX/home/nx/.ssh/default.id_dsa.pub chmod 0644 /usr/NX/home
/nx/.ssh/default.id_dsa.pub
Distribute the private key from the newly generated key pair located in the file:
/usr/NX/share/keys/default.id_dsa.key
Once the new key has been distributed to clients, place it under the subdirectory
'share/keys' of the NX Client installation tree reserved for this purpose.
When the key has been placed in the above location, use the key management facilities provided
by the NX Client GUI in the 'General' tab of the session configuration window, click on the 'Key'
button and choose Import to import the new key by navigating to the appropriate directory above.
Click Save to save your changes.
Important
By renaming the new key uploaded on the client to: server.id_dsa.key the new key will be
used as the default key for all NX sessions (except those sessions that have been previously
configured to use a specific key).
Updating the NX Server Manager configuration
Page 15 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
If the new SSH key has been generated, location and file name of the DSA key need to be specified
in the NX Server Manager configuration file. Edit the /usr/NX/etc/manager.cfg file and set a proper
value for the NXSSHPathIdentity key.
Restoring the default SSH key-pair
Starting from NX Server version 3.3.0, the --keyrestore server command allows to restore the SSH
key-pair provided with the server package. The current public key will be moved to
default.id_dsa.pub.backup file, while the current private key will be moved to
/usr/NX/share/keys/default.id_dsa.key.backup file. Run the following command to use the default
SSH key-pair:
/usr/NX/bin/nxserver -–keyrestore
In order to restore the default SSH key in the client, use the key management facilities provided by
the NX Client GUI: in the 'General' tab of the session configuration window, click on the 'Key' button
and choose Default. Click Save to save your changes.
5. NX Users Administration on the Server Host
5.1. Creating a System Account
The general form of the command is:
nxserver --useradd USERNAME --system OPTIONS [--administrator]
OPTIONS can be any of the following options. If no option is specified,
the server will create the account using the default settings configured for the useradd
system command:
--home=homedir Specify the user's home. The value specified by
command line overrides the value set in the
server USER_HOME configuration key.
--nohome Don't create the user's home
Page 16 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
--gid=gid Specify the user's Group ID. The value specified
by command line overrides the value set in the
server USER_ID configuration key.
--uid=uid Specify the user's User ID. The value specified
by command line overrides the value set in the
server UserId configuration key.
The --administrator option must be specified when you want to grant NX administrator privileges to
the user.
For example:
nxserver --useradd test_user --systemnxserver --useradd test_user1 --system --admin
istratornxserver --useradd test_user2 --system --home=/tmp/test_user --gid=tests
5.2. Creating an NX Account
If the system account already exists, the server adds the public key for SSH authentication to the
user's authorized keys file and enables the NX login. The general form of the command is:
nxserver --useradd USERNAME [--administrator]
For example:
nxserver --useradd test_user
5.3. Enabling and Disabling an NX User
The EnableUserDB keys must be activated in the /usr/NX/etc/server.cfg configuration file:
EnableUserDB = “1”
Page 17 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
The general form of the command is:
nxserver --userenable USERNAME nxserver --userdisable USERNAMEFor example: nxs
erver --userdisable test_user nxserver --userenable test_user
5.4. Verifying an NX User
The general form of the command is:
nxserver --usercheck USERNAME
and it verifies the user's public key authentication and, if necessary, adds it. If the EnableUserDB key
is activated in /usr/NX/etc/server.cfg configuration file, it prints the status of the user.
For example: nxserver --usercheck user_test
5.5. Retrieving the NX User Authentication Type
The general form of the command is:
nxserver --userauth USERNAMEFor example: nxserver --userauth user_test
5.6. Modifying the System Password
If EnablePasswordDB is activated in the /usr/NX/etc/server.cfg configuration file, this will also modify
the NX password. The general form of the command is:
nxserver --passwd USERNAME --systemFor example: nxserver --passwd user_test --sy
stem
The user, once they are logged to the server host, can modify their own system password by
running:
nxserver --passwd --system
Page 18 of 19
NX Server System Administrator’s Guide
Prepared by:
Silvia Regis N°:
D-811_002-NXS-SAG
Approved by:
Sarah Dryell Last modified:
2015-05-25 Amended:
5.7. Modifying the NX Password
The EnablePasswordDB keys must be activated in the /usr/NX/etc/server.cfg configuration file:
EnablePasswordDB = “1”
The general form of the command is:
nxserver --passwd USERNAMEFor example: nxserver --passwd user_test
The user, once they are logged to the server host, can modify their own system password by
running:
nxserver --passwd
5.8. Listing the NX Users
When the EnablePasswordDB and EnableUserDB keys are activated in the /usr/NX/etc/server.cfg
configuration file, you can list the users present in the NX Password DB and which are enabled to
login in to the NX User DB. The general form of the command is:
nxserver --userlist
Powered by TCPDF (www.tcpdf.org)
Page 19 of 19
Table of contents
Popular Server manuals by other brands
TYAN
TYAN Transport GT20-B2925 Service manual
B.E.G.
B.E.G. LUXOMAT net ViSTATION quick start guide
Supermicro
Supermicro 1028-WTNR(T) user manual
Sun Microsystems
Sun Microsystems Sun Fire V480 Parts installation and removal guide
Red Hat
Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE... Using instruction
Heptagon Systems
Heptagon Systems HQ-Box user manual
Gooxi
Gooxi RMC4136-670-HSE user manual
Dell
Dell PowerEdge 2300 Rack Installation Instructions
HP
HP ProLiant DL380 Gen9 Maintenance and service guide
ClearCube
ClearCube A1410 quick start guide
Fujitsu
Fujitsu PRIMEQUEST 1000 Series Hardware installation manual
LG
LG PCS200R Pro:Centric Installation and setup gude
