NoMachine Support

Your questions answered

Knowledge Base

Searching in: Trouble Reports
Filter the search results
Last update:
Searching in: Trouble Reports
ID: TR02R09554
Added on: 2020-02-25
Last update: 2020-03-25
Affects: 6
Due to be solved in:  6.x
Platform: All Linux Platforms
Product: NoMachine Server
Severity: Minor
Status: Open
In a multi-host environment users can still connect to desktop even if their access disabled

Even if NoMachine access to a child server in a multi-host environment is disabled for a certain user, he/she is still able to connect to the desktop of that server. The user is instead forbidden to access when trying to connect to the child server directly (without passing through the Cloud Server).

Problem has been reproduced with NoMachine v. 6.9.2 and affects both connections by NX and SSH protocol.

Steps to reproduce:

1) Setup multi-server environment (e.g. CS + WS):

sudo /etc/NX/nxserver --serveradd IP_OF_CHILD_SERVER

2) Enable Users DB on child server by setting in /usr/NX/etc/server.cfg:

    EnableUserDB 1

3) Disable a given user on child server:

    sudo /etc/NX/nxserver --userdisable nxtest01

4) Connect to the Cloud Server as user nxtest01 and try to create a new virtual desktop on the child server: this is still possible.

User's access is instead forbidden as expected when the user connects directly to the child server:
Error: User: nxtest01 is not an NX user

As a possible workaround, try to set the forward method between server and node to 'system': 

/etc/NX/nxserver --serveredit  IP_OF_CHILD_SERVER:PORT --forward-nx-methods system,tunnel

/etc/NX/nxserver --serveredit  IP_OF_CHILD_SERVER:PORT --forward-ssh-methods system,tunnel

Notify me when the TR is closed.