NoMachine Support

Your questions answered

Knowledge Base

Searching in: Feature Requests
Filter the search results
Target version:
Products:
Status:
Last update:
Searching in: Feature Requests
ID: FR07Q03852
Added on:  2019-07-12
Last update: 2019-07-18
Priority: High
Products: NoMachine Server
Target: 6
Status:  Approved
Allowing users to authenticate with separate accounts in a multi-node environment

When the NoMachine multinode setup (Enterprise Terminal Server + Terminal Server Nodes) should integrate with separate authentications on different machines, it can be necessary to allow users to authenticate with different accounts on different machines.

In particular it should be possible to separate the authentication to the Enterprise Terminal Server- ETS (which is the single point of access to the nodes) from the authentication set for the Terminal Server Node - TSN hosts.

A new switch for the command 'nxserver --nodeadd', used to add a Terminal Server Node to the Enterprise Terminal Server, will allow to configure the multi-node environment for requesting the user's credentials to log-in to the node host. This switch can be for example: --auth-required yes|no.

When the following command is provided:

nxserver --nodeadd NODE --auth-required yes

the remote node will require an additional authorization as configured locally (for example by LDAP). This means that the client will not try to re-use the same credentials as for the Enterprise Terminal Server but it will require new credentials. In this way each user can have a different account on the Enterprise Terminal Server and on the nodes.

Note that:

1) only password-based authentication will be supported on the remote nodes
2) there are two possible scenarios:

2.1) users have the same account (username/password) on each of the TSN hosts.
2.2) users have different accounts on the TSN hosts.

In case of 2.2, the client will also need to implement a mechanism to associate and store user's credentials to a specific node.

The flow to start or reconnect a session remains the same as for the default configuration (i.e. when NoMachine re-use the same server's authentication also for the nodes). The user connects to the Enterprise Terminal Server and he/she will able to:

1) create a new session (in case of virtual desktops, the load-balancing algorithm and/or the manual node selection will be applied according to the ETS configuration).

He/she will be requested to provide username and password to login to the selected node where the session will be started. He/she will able to store such credentials to re-use them.

2) reconnect a virtual desktop or custom session running on any of the nodes.

The user will be not requested for login credentials to access the node, if he/she already saved them.

If access credentials to the node are incorrect, the starting or reconnection of the session will be denied.

 

A further note on users' limits

Global limits on how many concurrent sessions each user can run are set in the configuration of the ETS server (ConnectionsUserLimit key) and depend on the username used to log-in to the ETS. On each node it's possible to specify a different limit (given that this doesn't exceed the limit set on the ETS). On the node, the limit will depend on the username used to log-in to that node.

 


Notify me when the FR is implemented.