NoMachine Support

Your questions answered

Knowledge Base

Searching in: Feature Requests
Filter the search results
Target version:
Products:
Status:
Last update:
Searching in: Feature Requests
ID: FR03Q03797
Added on:  2019-03-14
Last update: 2019-03-19
Priority: High
Products: NoMachine Server
Target: 6
Status:  Approved
Allowing users to authenticate with separate accounts in a multi-server environments

In case of environments adopting multiple authentication levels, e.g. domain user authentication (AD) and subdomains, users may have to use a different account to log-in to different machines.

When these machines are part of a NoMachine multi-server environment (e.g. Cloud Server + Enterprise Desktops as child servers), by default the client tries to authenticate to the child server by using the same credentials provided by the user for logging-in to the Cloud Server host. Optionally, it should be possibile to configure the NoMachine multi-server infrastructure to let the NoMachine client ask the user for new credentials to log-in to the child server.

In this way, administrators can have a separate account for users to log-in to the Cloud Server host and use one or more different accounts on the child servers, e.g. AD accounts.

A new switch for the '--forward-nx-methods' option in the command 'nxserver --serveradd' will allow to configure the multi-host environment for requesting the user's credentials to log-in to the child server:

nxserver --forward-nx-methods system --auth-required

nxserver --forward-nx-methods tunnel --auth-required

nxserver --forward-ssh-methods system --auth-required

nxserver --forward-ssh-methods tunnel --auth-required

For clients' connections by SSH protocol, the default forward method is system, which means that the client will be authenticated to the federated server by using the same credentials already used for authenticating it on the Cloud Server. If --auth-required  is specified, the client will request to the user login and password for authenticating to the child machine.

With the tunnel method, the traffic is relayed through the parent server with the protocol specified for the server-to-server communication (NX or SSH). The --forward-nx-methods and the  --forward-ssh-methods options define respectively if the NX or the SSH protocol will be used for the CS-child server communication.

The 'nxserver --serveredit' and 'nxserver --serverlist' commands need to be updated as well to be aligned with this new implementation.

 

This new implementation requires changes to the NoMachine clients (GUI and web) for managing the request of authentication on the child server (https://www.nomachine.com/FR03Q03798).

The NoMachine client administrative UI for adding child servers to the Cloud Server will also need to be updated for providing the new option (--auth-required)  (https://www.nomachine.com/FR03Q03800).


Notify me when the FR is implemented.