NoMachine Support

Your questions answered

Knowledge Base

Searching in: Documents
Filter the search results
Version:
Last update:
Searching in: Documents
ID: DT12I00014
Version: NX 3.5
Added on: 2008-11-12
Last update: 2015-11-05
NX Server System Administrator’s Guide (v. 3.5.0)

Table of Contents


1. NX Server Administrator's Guide


1.1. Installing the NX Server

1.2. Configuring the Server and the Node
1.3. An Overview of the Backend

2. Multi-Node Support




2.1. Enabling Multi-Node Support




2.2. Starting and Stopping Monitoring of the Nodes Availability



2.3. Adding the Node



2.4. Removing the Node



2.5. Getting the Node to Authenticate the Server



2.6. Forbidding Unencrypted Connections between Server and Node




3. Services Management



3.1  Retrieving the Usage




3.2. Retrieving the Version



3.3. Retrieving the Subscription




3.4. Retrieving the Status



3.5. Enabling and Disabling Sessions on the Server



3.6  Listing the Nodes



3.7. Enabling and Disabling Sessions on the Node



3.8. Starting and Stopping the NX Sensor Daemon




3.9. Starting and Stopping the “Statistics Daemon”



3.10 Sending Messages



3.11 Greeting Messages



4. NX Server Authentication




4.1  Configuring NX Server to Rely on System Authentication




4.2  Configuring NX Server to Reply on NX Authentication




4.3. Enabling a Restricted Set of NX Users to Login



4.4. Replacing the Default SSH Key-Pair with Keys Generated for Your Server



5. NX Users Administration on the Server Host




5.1. Creating a System Account




5.2. Creating an NX Account




5.3. Enabling and Disabling an NX User




5.4. Verifying an NX User




5.5. Retrieving the NX User Authentication Type



5.6. Modifying the System Password


5.7. Modifying the NX Password
5.8. Listing the NX Users
5.9. Removing a System Account
5.10. Removing an NX User
5.11 Removing Administrator Privileges
6.  NX User Administration on the Node Host
6.1. Creating a System Account
6.2. Removing a System Account
7. Guest Accounts
7.1. Enabling the Automatic Provision for Guest Accounts
7.2. Configuring the Automatic Provision for Guest Accounts
7.3. Setting Disk Quota for Guest Accounts
7.4. Configuring Guest Sessions
7.5. Adding a Guest Account
7.6. Listing Guest Accounts
7.7  Removing a Guest Account
8. User Profiles
8.1. Enabling User Profiles
8.2. Adding the Per-Server and Per-User Profiles
8.3. Listing User Profiles
8.4. Removing Per-Server and Per-User Profiles
9. Desktop Sharing and Session Shadowing
9.1. Enabling Desktop Sharing
9.2. Configuring Interaction Level to the Local Display
9.3. Requiring Authorization to Share the Local Display
9.4. Allowing the Sharing of a Local Display Owned by a Non-NX User
9.5  Allowing the Sharing of a Local Display Owned by Root
9.6. Enabling Session Shadowing
9.7. Configuring Interaction Level to the Shadowed Session
9.8. Requiring Authorization for Shadowing the NX Session
9.9. The Shadow Monitor
10. Administering NX Sessions
10.1. Listing Running Sessions
10.2. Listing all Sessions
10.3. Clearing Session History
10.4. Suspending a Running Session
10.5. Terminating a Session
10.6. Increasing the Maximum Number of Concurrent Sessions
10.7. Making Room for new Sessions on new Logins
10.8. Configuring the User NX Directory on the Node
10.9. Gaining Control over Copy&Paste
10.10. Disabling the Pulldown Menu
10.11. Executing Custom Scripts on NX Server Event
10.12. Executing Custom Scripts on NX Node Event
10.13. Starting or Resuming a Session by SSH
10.14. Starting RDP and RFB Sessions
11. Sharing Resources with NX
11.1. Sharing Files
11.2. Enabling File-Sharing
11.3. Configuring the Share Mount Point
11.4. Specifying the File-Sharing Protocol
11.5. Sharing Printers
11.6. Configuring CUPS backend
12. Log Files
12.1. Enabling Debug Level
12.2. Disabling the Logging of X Clients
12.3. Setting the Log Maximum Size
13. Network Resources used by NX
13.1. The Display Number
13.2. TCP Ports
13.3. The Unix Domain Socket

 


 

1. NX Server Administrator's Guide

Welcome to the NX Server System Administrator's guide. This document provides NX Server users with the default configuration and command key details. Below you will find step-by-step instructions on how to configure and manage the NX Server to better fit your needs. The present document applies to NX version 3.0. For specific issues related to old versions of the NX software you can refer to the NoMachine Knowledge Base: https://www.nomachine.com/knowledge-base

1.1. Installing NX Server

Starting from the 2.0.0 version, NX Server and NX Node are shipped as two separate packages. A prerequisite for installing the server is having previously installed NX Node, whilst for installing the node, you must have installed NX Client.


For more detailed information about prerequisites, supported platforms and the package installation, please refer to the documentation available on the NoMachine Web site at:

Client installation

https://www.nomachine.com/DT12I00005

Node installation

https://www.nomachine.com/DT12I00006

Server installation

https://www.nomachine.com/DT12I00007

1.2. Configuring the Server and the Node

 

Configuring the Server and the Node.
The configuration files for server and node are respectively:

  • /usr/NX/etc/server.cfg
  • /usr/NX/etc/node.cfg

Server and node come with a default configuration that is sufficient to grant a working set-up in the great majority of environments. It will be up to the NX administrator to tune the installation according to their specific needs by setting the related configuration keys. Please note that, since both the server.cfg and node.cfg file provide a detailed description for each of the available keys, the function of this document will be to provide an overview of all the supported features.

In general, the server.cfg file allows the NX administrator to manage all the configurations for the NX Server, such as authentication mechanisms, session management (session persistence, log level etc...), activation of support for guest sessions, multi-node capabilities, user profiles, desktop sharing and session shadowing and so on.

The node.cfg file, on the other hand, lets the administrator define specific behaviour for the node, such as logging the X clients stderr; specify where to create the user's NX directory or customize the required paths according to the configuration of the machine where the node is running. For example, it allows you to specify the path for the default X window system startup script or the CUPS binaries when CUPS support is enabled.

1.3. An Overview of the Backend
From version 3.0.0, the backend for managing the NX users and nodes is made up of:
  • /usr/NX/etc/administrators.db
  • /usr/NX/etc/guests.db
  • /usr/NX/etc/nodes.db
  • /usr/NX/etc/passwords.db
  • /usr/NX/etc/users.db

Whilst the backend for managing the NX sessions is made up of:

  • /usr/NX/var/db/closed/
  • /usr/NX/var/db/failed/
  • /usr/NX/var/db/running/
  • /usr/NX/var/db/broadcast

 

2.Multi-Node Support

Multi-node capabilities are available only in the NX Advanced Server. When support for load balancing is enabled, it is up to the server to select the node host according to the hosts available in the NX Node DB by exploiting a round-robin mechanism.

2.1. Enabling Multi-Node Support

The EnableLoadBalancing key must be enabled in the /usr/NX/etc/server.cfg configuration file:
EnableLoadBalancing = "1"

2.2. Starting and Stopping Monitoring of the Nodes Availability

The NX Server monitor daemon, which runs in the background, aims at monitoring the availability of the NX Node host machines. When a node host results as being unreachable, the NX server will not try to start a new session on this node, until it becomes available again.

The EnableNodeMonitoring key must be enabled in the /usr/NX/etc/server.cfg configuration file:

EnableNodeMonitoring = "1"

The commands to handle the NX server daemon, are:

nxserver --daemon start
nxserver --daemon restart
nxserver --daemon stop

2.3. Adding the Node

The general form of the command is:
     nxserver --nodeadd NODE OPTIONS
     NODE can be either the hostname or the IP of the machine where the 
NX node is running. OPTIONS are any of the following:
--port=PORT
Specify the SSH port for the node. If the port is not provided, the server assumes it is the default SSH port 22.

--connection={encrypted|unencrypted|user}
Specify the connection type to be allowed between server and node. If the connection is not provided, the server assumes it is 'user',that's to say both unencrypted and encrypted connection can be allowed, depending on the value set for the EnableUnencryptedSession key in the /usr/NX/etc/node.cfg configuration file.

For example:

nxserver --nodeadd testdrive.nomachine.com --connection=encrypted
nxserver --nodeadd 121.22.12.11 --port=22 --connection=use

2.4. Removing the Node

The general form of the command is:

nxserver --nodedel NODE:PORT

For example:

nxserver --nodedel testdrive.nomachine.com:22

2.5. Getting the Node to Authenticate the Server

The NX Server public DSA Key must be added to the node to allow this server to connect to the node running on the remote host. Please note that in the current implementation, each node can be associated only to one server.

Copy the server public DSA key on the node host, for example:

 # scp /usr/NX/etc/keys/node.localhost.id_dsa.pub root@node_host:/tmp
 
The general form of the command to add the server public DSA key is:
 nxnode --keyadd KEY
 
 KEY is the path to the server public DSA key.
 
 For example: 
 
 nxnode --keyadd  /tmp/node.localhost.id_dsa.pub
 

2.6. Forbidding Unencrypted Connections between Server and Node

The EnableUnencryptedSession key must be deactivated or commented in the /usr/NX/etc/node.cfg configuration file:

 

  EnableUnencryptedSession = "0"

3. Services Management

3.1. Retrieving the Usage

To get the usage of server and node, run:

 

  nxserver --help
  nxnode   --help

3.2. Retrieving the Version

To get the version of server and node, run:

 

  nxserver --version
  nxnode   --version

3.3. Retrieving the Subscription

To get information about the subscription, run:

 

  nxserver --subscription
  nxnode   --subscription

3.4. Retrieving the Status

To retrieve the status, run:

 

  nxserver --status
  nxserver --status NODE:PORT

  NODE is any of  the available nodes.

For example: 

 nxserver --status testdrive.nomachine.com:22

3.5. Enabling and Disabling Starting Sessions on the Server

To enable starting sessions, run:

 

 nxserver --start   Enable starting sessions.

To terminate all the running sessions and perform a clean restart:


nxserver --restart
Terminate all the running sessions

and perform a clean restart.

To disable starting session:

nxserver --stop
Disable starting session.

To disable starting sessions and terminate all the running sessions:

 nxserver --shutdown

3.6. Listing the Nodes

To list and retrieve information on the nodes, run:

 

  nxserver --nodelist 

3.7. Enabling and Disabling Starting Sessions on the Node

The general form of the command to enable and disable starting sessions is:

 

  nxserver --start NODELIST
  nxserver --stop NODELIST

NODELIST is a list of any of the available nodes for load balancing.

 

For example:

  nxserver --start testdrive.nomachine.com:22 111.22.33.44:22
  nxserver --start testdrive.nomachine.com:22

3.8. Starting and Stopping the NX Sensor Daemon

The nxsensor daemon which runs in the background is used to produce statistics about the node machine
that can be elaborated by the nxstat daemon and displayed by the NX Server Manager Web application.

The EnableSensor key must be activated in the /usr/NX/etc/node.cfg configuration file:

 EnableSensor = "1"

The following configuration keys are set in the node configuration file according to your needs:

StatisticsHost = "127.0.0.1" The hostname or IP address where the nxstat daemon,

in charge of collecting and elaborating data provided by
nxsensor, will be assumed to run.

NodeSensorPort = "19250" The port where the NX server will contact nxsensor daemon to collect the statistics data. The key is also used by nxsensor to know the network interface where it will listen for incoming connections.

The commands to handle the nxsensor daemon, in charge of producing data related to the node host, are:

  nxnode --sensor start
  nxnode --sensor restart
  nxnode --sensor stop
3.9. Starting and Stopping the “Statistics Daemon”

The nxstat daemon which runs in the background is used to produce statistics about either the host machine (and the remote node hosts when multi-node support is enabled in the NX Advanced Server) or NX services.
The NX statistics can be queried and displayed by the NX Server Manager application.

The EnableStatistics key must be activated in the /usr/NX/etc/server.cfg configuration file. The following configuration keys can be set according to your needs:


ServerSensorPort = "19250" Specify the port where the server

will contact the nxsensor daemon to collect the statistics.

The commands to handle the nxstat daemon, in charge of elaborating the data provided by the nxsensor daemon running on the node host, are:

  nxserver --statistics start
  nxserver --statistics restart
  nxserver --statistics stop

Important
  • The NX statistics can be visualized via NX Server Manager.

3.10. Sending Messages

The general form of the command is:

  nxserver --broadcast MESSAGE
  nxserver --message SESSIONID MESSAGE

MESSAGE is the the text of your message between quotes. The message can be sent to either a running or a suspended session. In this case the user will get the message when they resumes the session.

For example:

  nxserver --broadcast 'Text of your message'
  nxserver --message F46653240EA3A9C8DE6EFA2D4E947EF4
 'Text of your message'

3.11. Greeting Messages

The following configuration keys available in /usr/NX/etc/node.cfg allow you to personalize a
greeting message to be shown at session start-up. Uncomment the keys and edit the text of the message,
for example:

 NodeFirstLoginGreeting = "Welcome to your first NX session"

 and:

 NodeLoginGreeting =  "Welcome back to your NX session"

4. NX Server Authentication

NX is configured by default to allow access for any system user, as long as the user provides valid credentials for the SSH login. Please note that SSH authentication without password is not supported. NX offers an alternative authentication method, allowing the administrator to specify which user can access the system through NX. This works by implementing a separation between the system password and the NX password, so that, for example, it is possible to forbid remote access to the system by any other means except NX and use the NX tools to implement effective accounting of the system resources used by the user.

The NX administrator can control access to the NX system by configuring the server to use the authentication method better suited:

  • System authentication relying on SSHD + PAM authentication
  • NX authentication relying on NX Password DB

A further level of control, relying on the NX User DB, can be achieved by enabling only a restricted group of users to connect to the NX server. This configuration can be applied either combined with the system or NX authentication.


Important
  • When multi-node support is activated, the NX administrator needs to ensure that the system account for the NX user is present also on all the node hosts.


4.1. Configuring NX Server to Rely on System Authentication

The EnablePasswordDB key must be deactivated or commented in the
/usr/NX/etc/server.cfg configuration file:

  EnablePasswordDB = "0"

4.2. Configuring NX Server to Rely on NX Authentication

The EnablePasswordDB key must be activated in the
/usr/NX/etc/server.cfg configuration file:

  EnablePasswordDB = "1" 

4.3. Enabling a Restricted Set of NX Users to Login

The EnableUserDB key must be activated in the /usr/NX/etc/server.cfg configuration file:

  EnableUserDB  = "1"


Important
  • Everytime a new account is created via NX Server or an already existing user accesses the NX system for the first time, the user is added to the NX User DB.

4.4. Replacing the Default SSH Key-Pair with Keys Generated for Your Server

The initial login between client and server happens through a DSA key-pair. The public part is provided during the installation of the server, while the private part is distributed together with the NX Client. In order to replace the default keys used by clients, you need to generate a new DSA key-pair and distribute the private part to those clients you want to get connected to the server.

Generating a new DSA key-pair

  • Login as root on on the NX server host machine and run:
    /usr/NX/scripts/setup/nxserver --keygen 
    

Distributing the new SSH private key to the clients

  • Change the ownership and permissions on the authorized_keys file. Depending on which O.S. your NX is running on, you may need to execute:
     chown nx:root /usr/NX/home/nx/.ssh/authorized_keys2
     chmod 0644 /usr/NX/home/nx/.ssh/authorized_keys2
     
     Or:
     
     chown nx:root /usr/NX/home/nx/.ssh/authorized_keys
     chmod 0644 /usr/NX/home/nx/.ssh/authorized_keys
    
  • Change the ownership and permissions on the following file.
     chown nx:root /usr/NX/home/nx/.ssh/default.id_dsa.pub
     chmod 0644 /usr/NX/home/nx/.ssh/default.id_dsa.pub 
    
  • Distribute the private key from the newly generated key pair located in the file: /usr/NX/share/keys/default.id_dsa.key

  • Once the new key has been distributed to clients, place it under the subdirectory 'share/keys' of the NX Client installation tree reserved for this purpose.

When the key has been placed in the above location, use the key management facilities provided by the NX Client GUI in the 'General' tab of the session configuration window, click on the 'Key' button and choose Import to import the new key by navigating to the appropriate directory above. Click Save to save your changes.


Important
  • By renaming the new key uploaded on the client to: server.id_dsa.key the new key will be used as the default key for all NX sessions (except those sessions that have been previously configured to use a specific key).

Updating the NX Server Manager configuration

If the new SSH key has been generated, location and file name of the DSA key need to be specified in the NX Server Manager configuration file. Edit the /usr/NX/etc/manager.cfg file and set a proper value for the NXSSHPathIdentity key.

Restoring the default SSH key-pair

Starting from NX Server version 3.3.0, the --keyrestore server command allows to restore the SSH key-pair provided with the server package. The current public key will be moved to default.id_dsa.pub.backup file, while the current private key will be moved to /usr/NX/share/keys/default.id_dsa.key.backup file. Run the following command to use the default SSH key-pair:

/usr/NX/bin/nxserver -–keyrestore
In order to restore the default SSH key in the client, use the key management facilities provided by the NX Client GUI: in the 'General' tab of the session configuration window, click on the 'Key' button and choose Default. Click Save to save your changes.

 



5. NX Users Administration on the Server Host

5.1. Creating a System Account

The general form of the command is:

nxserver --useradd USERNAME --system OPTIONS [--administrator]

OPTIONS can be any of the following options. If no option is specified,
the server will create the account using the default settings configured for the useradd
system command:


--home=homedir
Specify the user's home. The value specified by command line overrides the value set in the server USER_HOME configuration key.

--nohome
Don't create the user's home

--gid=gid
Specify the user's Group ID. The value specified

by command line overrides the value set in the
server USER_ID configuration key.

--uid=uid
Specify the user's User ID. The value specified

by command line overrides the value set in the
server UserId configuration key.

The --administrator option must be specified when you want to grant NX administrator privileges to the user.

For example:

nxserver --useradd test_user  --system
nxserver --useradd test_user1 --system --administrator
nxserver --useradd test_user2 --system --home=/tmp/test_user --gid=tests

5.2. Creating an NX Account

If the system account already exists, the server adds the public key for SSH authentication to the user's authorized keys file and enables the NX login. The general form of the command is:

  nxserver --useradd USERNAME  [--administrator]
For example:
  nxserver --useradd test_user

5.3. Enabling and Disabling an NX User

The EnableUserDB keys must be activated in the /usr/NX/etc/server.cfg configuration file:

  EnableUserDB = “1”
The general form of the command is:
  nxserver --userenable  USERNAME
  nxserver --userdisable USERNAME

For example: 

  nxserver --userdisable test_user
  nxserver --userenable test_user

5.4. Verifying an NX User

The general form of the command is:

  nxserver --usercheck USERNAME
and it verifies the user's public key authentication and, if necessary, adds it. If the EnableUserDB key is activated in /usr/NX/etc/server.cfg configuration file, it prints the status of the user.
For example:
 
  nxserver --usercheck user_test

5.5. Retrieving the NX User Authentication Type

The general form of the command is:

  nxserver --userauth USERNAME

For example: 

  nxserver --userauth user_test

5.6. Modifying the System Password

If EnablePasswordDB is activated in the /usr/NX/etc/server.cfg configuration file, this will also modify the NX password. The general form of the command is:

  nxserver --passwd USERNAME --system

For example: 

  nxserver --passwd user_test --system

The user, once they are logged to the server host, can modify their own system password by running:

  nxserver --passwd --system

5.7. Modifying the NX Password

The EnablePasswordDB keys must be activated in the /usr/NX/etc/server.cfg configuration file:

  EnablePasswordDB = “1”

The general form of the command is:

  nxserver --passwd USERNAME

For example:

  nxserver --passwd user_test

The user, once they are logged to the server host, can modify their own system password by running:

  nxserver --passwd

5.8. Listing the NX Users

When the EnablePasswordDB and EnableUserDB keys are activated in the /usr/NX/etc/server.cfg configuration file, you can list the users present in the NX Password DB and which are enabled to login in to the NX User DB. The general form of the command is:

  nxserver --userlist

5.9. Removing a System Account

The general form of the command is:

  nxserver --userdel USERNAME --system OPTION

OPTION is any of the following:

  
--home
Remove the user's home.

--nohome
Don't remove the user's home. This is

the server default behaviour.

For example: nxserver --userdel user_test --system

5.10. Removing an NX User

To remove an NX user, the general form of the command is:

  nxserver --userdel USERNAME  [--administrator]

For example: 

  nxserver --userdel user_test

5.11. Removing Administrator Privileges

To remove administrator privileges from an NX user, run:

 

 nxserver --userdel USERNAME  --administrator

For example:

 nxserver --userdel user_test  --administrator

6. NX User Administration on the Node Host

6.1. Creating a System Account

The general form of the command is:

  nxnode --useradd USERNAME --system OPTIONS
OPTIONS can be any of the following options. If no option is specified, the node will create the account using the default settings configured for the useradd system command:

--home=homedir
Specify the user's home.

--nohome
Don't create the user's home

For example:

  nxnode --useradd test_user  --system
  nxnode --useradd test_user1 --system --nohome

6.2. Removing a System Account

The general form of the command is:

  nxnode --userdel USERNAME --system OPTION 
OPTION is any of the following:

--home
Remove the user's home.

--nohome
Don't remove the user's home. This is

the node default behaviour.

For example:

  nxnode --userdel user_test --system
  nxnode --userdel user_test --system --home

 

 

7. Guest Accounts

The NX Enterprise Server and the NX Advanced Server provide support for guest accounts.

 

7.1. Enabling the Automatic Provision for Guest Accounts

The EnableGuestUser key must be enabled in the /usr/NX/etc/server.cfg configuration file:

  EnableGuestUser = "1"

7.2. Configuring the Automatic Provision for Guest Accounts

The server will create the guest accounts adding a progressive postfix to the value set in the GuestName key. The range used for incrementing the postfix varies from the minimum value set in the BaseGuestUserId key and the maximum value provided by GuestUserIdLimit. Set the following keys in the /usr/NX/etc/server.cfg configuration file to fit your needs.

 GuestName = "guest"	
 BaseGuestUserId = "10"
 GuestUserIdLimit = "200"

 GuestUserGroup = "guest" 
 GuestUserHome  = "/home" 

 GuestUserAccountExpiry  = "2592000" 
 EnableGuestWipeout  = "1" 

7.3. Setting Disk Quota for Guest Accounts

The following configuration keys, available in the /usr/NX/etc/server.cfg file, allow you to set disk quota for the guest accounts:

 EnableGuestQuota  = "0"
 GuestQuotaProtoname = "protoguest"
 GuestQuotaInodeSoftlimit = "0"
 GuestQuotaInodeHardlimit = "0"
 GuestQuotaBlockSoftlimit = "0"
 GuestQuotaBlockHardlimit = "0"
 GuestQuotaInodeGracePeriod  = "0"
 GuestQuotaBlockGracePeriod  = "0"
 GuestQuotaFilesystems  = "all"
7.4. Configuring Guest Sessions

Set the following keys in the /usr/NX/etc/server.cfg configuration file to fit your needs:

Define the maximum number of guest users allowed to be created on this server:

 GuestUserLimit = "10"

Define the maximum number of sessions a guest can run on this server before the account expires:

 GuestUserConnectionLimit = "5"

Define time of expiry of the guest account:

 
 GuestConnectionExpiry = "0"

Enable/disable persistence of sessions for guest users:

 
 GuestUserAllowSuspend = "1"

7.5. Adding a Guest Account

The general form of the command is:

  --useradd --guest --system OPTIONS"
OPTIONS can be any of the following options, if no option is specified,
the server will create the account using the default settings configured
for the useradd system command:

--home=homedir
Specify the Guest User's home. The value specified by command line overrides the value set in the server GuestUserHome configuration key.

--nohome
Don't create the Guest User's home.

--gid=gid
Specify the Guest User's Group ID. The value specified by command line overrides the value set in the server GuestUserGroup configuration key.

--uid=uid
Specify the user's User ID. The value specified by command line overrides the range of values defined by the server BaseGuestUserId and GuestUserIdLimit configuration keys.

For example:

  nxserver --useradd --guest --system
  nxserver --useradd --guest --system --home=/tmp

7.6. Listing Guest Accounts

The general form of the command is:

  nxserver --userlist --guest OPTION

OPTION is:

  
--home
List the Guest Users having their home on the system and already expired.

For example:

                                                            
  nxserver --userlist --guest
  nxserver --userlist --guest --home                         

7.7. Removing a Guest Account

The general form of the command is:

 nxserver --userdel USERNAME --system OPTION 

OPTION can be any of the following: 

--home
Remove the Guest User's home.

--nohome
Don't remove the Guest User's home.

This is the server default behaviour.

For example:

  nxserver --userdel guest0010 --system
  nxserver --userdel guest0010 --system --home

8. User Profiles

The NX Enterprise Server and the NX Advanced Server provide support for user profiles. Each profile is defined by a set of rules applied per server or on a per-user basis.

8.1. Enabling User Profiles

The EnableUserProfile key must be enabled in the /usr/NX/etc/server.cfg configuration file:

 EnableUserProfile = "1"

8.2. Adding the Per-Server and Per-User Profiles

 

The general format of the command is:

 
 nxserver --ruleadd CLASS =TYPE --value=yes|no|value  OPTION  


CLASS can be any of the following classes:

 

 
    --session      
    

specifies the session type to which the rule
has to be applied.


 

 
    --service      
    

specifies any of the available services,
as media and printers.


 

 
    --feature      
    

specifies a particular feature
to be allowed/forbidden.


TYPE is any of the following types, available for each class. According to the type, the rule can allow/forbid or set a value, for example the path to the script to be executed at session startup, or the value limiting the bandwidth available for that user.

 

--session available TYPES are:
unix-application value: yes|no
unix-cde         value: yes|no
unix-console     value: yes|no
unix-default     value: yes|no 
unix-desktop     value: yes|no
unix-kde         value: yes|no
unix-gnome       value: yes|no
shadow           value: yes|no
unix-xdm         value: yes|no
unix-script      value: path to the script
windows          value: yes|no
vnc              value: yes|no
--node TYPE is:
node:port        value: yes|no
--service available TYPES are:
media            value: yes|no
printers         value: yes|no
shares           value: yes|no
--feature available TYPES are:
bandwidth        value: value, e.g. 256k
client-clipboard value: yes|no
server-clipboard value: yes|no

OPTION can be any of the following options:


--system allows to set the rule for the server.
The rule will be applied to the whole NX System and to every user accessing it.
--user=USERNAME allows to set the rule on a per-user basis.
The rule will be applied to the specified user only.

For example:

nxserver --ruleadd --session=unix-kde --value=yes --system
nxserver --ruleadd --session=unix-script
--value=/home/nxuser_test/X _window _system_startup_script
--user= nxuser_test
nxserver --ruleadd --node=127.0.0.1:22 --value=yes --user=nxuser_test
nxserver --ruleadd --feature=client-clipboard --value=no --system
nxserver --ruleadd --feature=bandwidth --value=256k --system

Important
  • When a rule explicitly allows a class type, it implicitly forbids all the other types belonging to this class and vice-versa. That's to say, if you explicitly allow unix-kde sessions, you are forbidding all the other session types. If you forbid unix-kde sessions, you are allowing all the other session types. This applies also to profiles on a per-user basis.
  • Rules to allow/forbid access to node(s) can be set only when the multi-node support is enabled and the node(s) is added to the NX Node DB.
  • If you would like to disable copy&paste operations you need to deny both the client-clipboard feature and the server-clipboard feature.
8.3. Listing User Profiles

The general format of the command is:

 nxserver --rulelist OPTION

OPTION can be any of the following:

 --system         list only the rules defined for the server
 --user=USERNAME  list all the rules set for USERNAME

If no option is provided, list all the rules set in the NX Profile DB.

For example:

 nxserver  --rulelist  --system
 nxserver  --rulelist
8.4. Removing Per-Server and Per-User Profiles

The general format of the command is:

 nxserver --ruledel OPTIONS

OPTIONS can be any of the following options:

--system          remove all the rules set for the server 
--user=USERNAME   remove all the rules set for this user

For example:

nxserver  --ruledel --system
nxserver  --ruledel --user = nxuser_test 
9. Desktop Sharing and Session Shadowing

The desktop sharing and session shadowing functionalities are enabled in the default configuration of the server. Desktop sharing allows the sharing of any of the native displays on the node, while session shadowing allows the sharing of any of the NX sessions running on the node. By default, it is up to the owner of the native display or of the master session to accept/deny the user's request to attach to the display/session.

9.1 Enabling Desktop Sharing

The NX user can connect to a native desktop owned by an NX user. The EnableDesktopSharing key must be enabled in the /usr/NX/etc/server.cfg configuration file:

EnableDesktopSharing= “1”

9.2 Configuring Interaction Level to the Local Display

The EnableInteractiveDesktopSharing key in the /usr/NX/etc/server.cfg configuration file allows you to define the interaction level for the user attaching to the native display. By default, the user attaching can interact with the local desktop.

EnableInteractiveDesktopSharing  = “1”

9.3 Requiring Authorization to Share the Local Display

The EnableDesktopSharingAuthorization key in the /usr/NX/etc/server.cfg configuration file disables/enables the explicit authorization of the native display owner to accept sharing of the display. This key is enabled by default:

EnableDesktopSharingAuthorization = "1"

The EnableSystemDesktopSharingAuthorization key, on the other hand, enables/disables the NX Server from requiring authorization from the owner of the desktop, when the owner is root or gdm, before sharing the native display. This key is enabled by default:

EnableSystemDesktopSharingAuthorization = "1"

9.4 Allowing the Sharing of a Local Display Owned by a Non-NX User

The EnableFullDesktopSharing key in the /usr/NX/etc/server.cfg configuration file has to be enabled. This requires running a privileged script as root and will work only if the node is the same machine where NX server is running:

 EnableFullDesktopSharing = "1" 

9.5 Allowing the Sharing of a Local Display Owned by Root

The EnableAdministratorDesktopSharing key in the /usr/NX/etc/server.cfg configuration file has to be enabled:

 EnableAdministratorDesktopSharing = "1"  

9.6 Enabling Session Shadowing

The EnableSessionShadowing key must be enabled in the /usr/NX/etc/server.cfg configuration file:

 EnableSessionShadowing = "1"  

9.7. Configuring Interaction Level to the Shadowed Session

The EnableInteractiveSessionShadowing key in the /usr/NX/etc/server.cfg configuration file allows you to define the interaction level for the user attaching to the master session. By default, the user attaching to the session can interact with the session.

 EnableInteractiveSessionShadowing = "1"  
9.8. Requiring Authorization for Shadowing the NX Session

The EnableSessionShadowingAuthorization key in the /usr/NX/etc/server.cfg configuration file disables/enables the explicit authorization of the master session owner to attach to the session. This key is enabled by default:

 EnableSessionShadowingAuthorization = "1"  
9.9. The Shadow Monitor

When one or more users are sharing/shadowing the session, a draggable window-application, named Shadow Monitor, is issued on the desktop of the native/master session when one or more users are attached to the session. This application monitors who is currently attached to the session and allows you to send a message to the selected user and disconnect him/her.

10. Administering NX Sessions

 

10.1. Listing Running Sessions

The general form of the command is:

 nxserver --list
 nxserver --list USERNAME
 nxserver --list SESSIONID

For example: 

  nxserver --list user_test
  nxserver --list  F46653240EA3A9C8DE6EFA2D4E947EF4

10.2. Listing all Sessions

The general form of the command is:

 nxserver --history
 nxserver --history  USERNAME
 nxserver --history  SESSIONID

For example: 

  nxserver --history user_test
  nxserver --history  F46653240EA3A9C8DE6EFA2D4E947EF4

 

10.3. Clearing Session History

The server maintains the history backlog for the amount of seconds specified in the SessionHistory key in the /usr/NX/etc/server.cfg configuration file. To clear the history just run:

 nxserver --history clear

10.4. Suspending a Running Session

The general form of the command is:

nxserver --suspend  OPTION
OPTION is any of the following:
SESSIONID    Suspend the session by the given ID. 
DISPLAY      Suspend the session by the given display number.
USERNAME     Suspend all the sessions for the given user.

For example: 
  
  nxserver --suspend 1026
  nxserver --suspend  F46653240EA3A9C8DE6EFA2D4E947EF4
  nxserver --suspend user_test

10.5. Terminating a Session

The general form of the command is:

 nxserver --terminate OPTION
OPTION is any of the following:
SESSIONID    Terminate the session by the given ID. 
DISPLAY      Terminate the session by the given display number.
USERNAME     Terminate all the session for the given user.

For example: 
  
  nxserver --terminate 1026
  nxserver --terminate  F46653240EA3A9C8DE6EFA2D4E947EF4
  nxserver --terminate user_test

To hard kill the session:

nxserver --kill OPTION

OPTION is any of the following:

SESSIONID  Kill -9 the session by the given ID. 
DISPLAY    Kill -9 the session by the given display number.
USERNAME   Kill -9 all the session for the given user.

For example:

nxserver --kill 1026
nxserver --kill F46653240EA3A9C8DE6EFA2D4E947EF4
nxserver --kill user_test

 

10.6. Increase the Maximum Number of Concurrent Sessions

If the subscription type allows unlimited connections, the default configuration of NX server permits 20 concurrent connections.
You can increase the maximum number of concurrent sessions by setting a reasonable value in the following configuration key in /usr/NX/etc/server.cfg:

SessionLimit = "20" 
10.7. Making Room for new Sessions on new Logins

When the following key is enabled in /usr/NX/etc/server.cfg:

EnableAutokillSessions = "0"

and the server capacity has been reached, i.e. the maximum number of concurrent sessions could be exceeded, the server will kill the oldest suspended sessions to make room for the new ones.

10.8. Configuring the User NX Directory on the Node

The UserNXDirectoryPath key available in the /usr/NX/etc/node.cfg file, allows you to specify the path where the .nx directory, i.e. the directory where all the session files will be written, has to be created on the node. By default, the node creates the User NX directory (.nx) in the user's home. If this key is activated, NX node will try to create, if it doesn't already exist, a directory named as username in the specified path and the .nx directory will be created there. For example, if this key is set to /tmp/nxdir/, the node will try to create the /tmp/nxdir/nxtest/ directory once user nxtest is running their first session and the .nx directory will be created there as: /tmp/nxdir/nxtest/.nx/. Please note that the directory specified in the UserNXDirectoryPath key needs to have the proper ownership and permissions to ensure that the node, running as the user, can access it. Alternatively, the administrator could create a directory under the UserNXDirectoryPath with proper attributes for each of the users and named as username.

UserNXDirectoryPath = “”

10.9. Gaining Control over Copy&Paste

You can allow or forbid copy&paste operations between the end-user local desktop and the NX session by configuring the following key in the /usr/NX/etc/server.cfg file:

EnableClipboard = "both"

By default, copy&paste is allowed both from the local desktop to the NX session and viceversa.


10.10. Disabling the Pulldown Menu

The X11 agent in rootless mode shows the pulldown dialog when the mouse pointer is in proximity of the middle of the top boundary of the window. It allows users to suspend or terminate session without the need to use the ctrl+alt+T key combination. You can disable the displaying of the pulldown menu by setting the following key in the /usr/NX/etc/node.cfg file:

EnablePulldownMenu = "0" 

10.11. Executing Custom Scripts on NX Server Events

The following keys, available in the /usr/NX/etc/server.cfg file, allow you to specify a custom script that has to be executed upon an nxserver event. According to the event, a number of parameters can be specified for each script. These scripts will be executed on the NX Server and are common to all the users who are accessing the server. They can't be specific for each user, since the server is not running as the logged user, but as the nx user. This implies also that if you want to run a script to log the remote IP of the connecting user, you need to ensure that the output can be written in a directory accessible by the nx user. The custom scripts defined in the node configuration file, on the other hand, are executed on the node since it is the node which is running as the logged user.

UserScriptBeforeLogin = ""            Parameter: remote ip.
UserScriptAfterLogin  = ""            Parameter: username.
UserScriptBeforeSessionStart = ""     Parameters: session id, username, 
                                      node host,node port.
                                      
UserScriptAfterSessionStart = ""      Parameters: session id, username, 
                                      node host,node port.
UserScriptBeforeSessionSuspend = ""   Parameters: session id, username, 
                                      node host,node port.
UserScriptAfterSessionSuspend = ""    Parameters: session id, username, 
                                      node host,node port.
UserScriptBeforeSessionClose = ""     Parameters: session id, username, 
                                      node host,node port.
UserScriptAfterSessionClose = ""      Parameters: session id, username, 
                                      node host,node port.
UserScriptBeforeSessionReconnect = "" Parameters: session id, username, 
                                      node host,node port.
UserScriptAfterSessionReconnect = ""  Parameters: session id, username, 
                                      node host,node port. 
UserScriptBeforeSessionFailure = ""   Parameters: session id, username, 
                                      node host,node port.
UserScriptAfterSessionFailure = ""    Parameters: session id, username, 
                                      node host,node port.

UserScriptBeforeCreateUser = ""   Parameter: username
UserScriptAfterCreateUser = ""    Parameter: username.
UserScriptBeforeDeleteUser = ""   Parameter: username.
UserScriptAfterDeleteUser = ""    Parameter: username.
UserScriptBeforeEnableUser = ""   Parameter: username.
UserScriptAfterEnableUser = ""    Parameter: username.
UserScriptBeforeDisableUser = ""  Parameter: username.
UserScriptAfterDisableUser = ""   Parameter: username.

10.12. Executing Custom Scripts on NX Node Events

The following keys, available in the /usr/NX/etc/node.cfg file, allow you to specify a custom script that has to be executed upon an NX Node event. According to the event, a number of parameters can be specified for each script.

UserScriptBeforeSessionStart = ""    Parameters: username, session id, 
                                     session type, display.
UserScriptAfterSessionStart = ""     Parameters: username, session id, 
                                     session type, display.
UserScriptBeforeSessionSuspend  = "" Parameters: username, session id, 
                                     display.
UserScriptAfterSessionSuspend = ""   Parameters: username, session id,
                                     display.
UserScriptBeforeSessionClose =""     Parameters: username, session id,
                                     display.
UserScriptAfterSessionClose = ""     Parameters: username, session id,
                                     display.
UserScriptBeforeSessionReconnect ="" Parameters: username, session id,
                                     display.
UserScriptAfterSessionReconnect =""  Parameters: username, session id,
                                     display.
UserScriptAfterSessionFailure =""    Parameters: username, session id, 
                                     session type, display.
10.13. Starting or Resuming a Session by SSH -X

The general form of the command to allow the forwarding of the NX session, via SSH, to any machine which has exported its X display for connection is:

 --startsession OPTIONS [--display host:port] 

OPTIONS is the list of options that can be specified for configuring the session and should be passed in the format –optionName=value. If no option is specified, the server will assume the session is unix-default and will start it according to the user's ~/.xsession file.

For example:

Start the default unix-default application:
/usr/NX/bin/nxserver –startsession 	

Start a console in floating-window mode:
/usr/NX/bin/nxserver --startsession –type=unix-application 
                     --application=xterm --rootless=1 

Start a KDE desktop
/usr/NX/bin/nxserver --startsession --link="modem" type="unix-kde" 
                     --geometry="800x600"   

Start a GNOME desktop
/usr/NX/bin/nxserver --startsession --link="adsl" --type="unix-gnome" \
                       geometry="1024x768" --keyboard="pc102\057us"
10.14. Starting RDP and RFB Sessions

Starting from version 3.0, NX allows RDP and RFB sessions inside an X11 session, giving in this way a number of benefits such as the possibility to support desktop sharing and session shadowing functionalities as well as reconnection feature to RDP and VNC session.
Prerequisite for running RDP and RFB sessions is that the RDP and VNC clients (by default rdesktop and vncviewer) are installed on the NX node host machine.
The following keys, available in the /usr/NX/etc/node.cfg file, allow you to specify either a different path or command to start the RDP and VNC clients:

 CommandStartRDP="rdesktop -f"
 CommandStartRFB="vncviewer -fullscreen"


11. Sharing Resources with NX

NX provides support for the SMB protocol, by which both local printers and file systems can be made available to the remote session.

 

11.1. Sharing Files

The NX Server allows access to the filesystem from clients using the SMB or the CIFS file-sharing protocol according to which of these protocols are available both on client and server side. In both cases, the NX server will try to mount the shares running the mount command, specifying the option for SMB or CIFS, using the NX privileged scripts. In this way the NX administrator can gain better control on the host machine, by being the unprivileged users able to mount their shares only within an NX session.

11.2. Enabling File-Sharing
The EnableFileSharing key must be activated in the /usr/NX/etc/node.cfg configuration file:
 EnableFileSharing = “1” 

11.3. Configuring the Share Mount Point

Set the following key in the /usr/NX/etc/node.cfg configuration file to fit your needs:

 ShareBasePath = "$(HOME)/MyShares"

For example:

  ShareBasePath = "$(HOME)/MyShares"
  ShareBasePath = "/mnt/$(USER)/MyShares"

11.4. Specifying the File-Sharing Protocol

The MountShareProtocol key available in the in the /usr/NX/etc/node.cfg configuration file allows you to specify which file-sharing protocol, smbfs and cifs, has to be used for attaching the filesystem to the target directory. If this key is set to 'both', the server will try to use either smbfs or cifs according to the protocol supported on the client side.

 MountShareProtocol = "cifs"

11.5. Sharing Printers

The EnableCUPSSupport key must be activated in the /usr/NX/etc/node.cfg configuration file:

 EnableCUPSSupport = "1"

11.6. Configuring CUPS backend

Set the following key in the /usr/NX/etc/node.cfg configuration file to fit your needs:

 CUPSBackendPath = "/usr/lib/cups/backend" 
 CUPSBinPath = "/usr/bin"
 CUPSSbinPath  = "/usr/sbin"

12. Log Files

12.1. Enabling Debug Level

The SessionLogLevel key must be set to value “7” both in the /usr/NX/etc/node.cfg and /usr/NX/etc/server.cfg configuration files:

 SessionLogLevel = "7" 

12.2. Disabling the Logging of X clients

The ClientLog key must be deactivated in the /usr/NX/etc/node.cfg configuration file:

 ClientLog = "0"

12.3. Setting the Log Maximum Size

You can set the maximum size allowed for both session and X clients log files by modifying the following configuraton keys in /usr/NX/etc/node.cfg. When the maximum size is exceeded, the node terminates the session. By default, the maximum size is 4 MB.

 SessionLogLimit = "4194304"
 ClientLogLimit = "4194304"

13 Network Resources used by NX

13.1. The Display Number

Each NX session runs on a given X display identified by a number. In the default NX Server configuration, the base display number on which sessions are created starts from 1000. This value may be set to a different value in the /usr/NX/etc/server.cfg file by defining the key:

 DisplayBase = "1000"

 

13.2. TCP Ports

A minimal NX session requires at least two TCP ports, the NX proxy port and the X11 port. The first one is used by the NX agent to accept connections from the remote proxy running on the NX Client machine. While the X11 port is used by the NX agent to accept X11 connections from the X clients.

Other ports are the SMB share service port, used for forwarding the SMB protocol, and the Media service port used for sound forwarding. The NX X11 auxiliary channel port forwards an auxiliary X11 connection to the X server running on the machine where the NX Client is installed.

NX Server checks for availability of each of the required TCP ports before starting the session. In the default configuration, the base number for the display is 1000 and the range of displays is 200. In this case, all the sessions are started on the display range of 1000-1200. The NX administrator can change the default values by setting the following keys in the server configuration file (/usr/NX/etc/server.cfg):

 DisplayBase = "1000"
 DisplayLimit = "200"
If one or more of the TCP ports is used by other applications, no NX session can be started on the corresponding display and a warning is sent to local syslog. Obviously, if all the range is occupied by other applications, no NX session can be started.

 

Description
Value
Range in the default NX Server configuration
NX proxy port
displaynumber + 4000
5000 - 5200
X11 port
displaynumber + 6000
7000 - 7200
NX CUPS service port
displaynumber + 2000
3000 - 3200
NX SMB/CIFS share service port
displaynumber + 3000
4000 - 4200
NX Media service port
displaynumber + 7000
8000 - 8200
NX X11 auxiliary channel port
displaynumber + 8000
9000 - 9200

13.3. The Unix Domain Socket

The X11 agent is the X server on which the X-client applications of single sessions connect. Like any other X server, the X11 agent also needs a Unix domain socket per session.

This socket is represented by the following file system entry:

 /tmp/.X11-unix/Xn


Further technical information about the NoMachine NX software range is available in the NoMachine Knowledge Base at  https://www.nomachine.com/knowledge-base