[FreeNX-kNX] FreeNX connection issues behind router

Thu Jul 17 16:30:50 UTC 2008

I ave been getting connection timed out errors for a while now and I cannot figure out what the issue is.  By all accounts I have the correct configuration.  Can someone go over the following and let me know what holes you see in my config?  I also changed all of the IPs to x.x.x.100 and so on.  

x.x.x.100 = master
x.x.x.100-119 = nodes

Configuration:
     Load Balanced cluster:  20 nodes behind Cisco 2611.
     Load balancing configured in node.conf.
     Session forwarding configured in nodes' node.conf pointing to the master.

Router:
     Static NATs from internet facing IPs to internal IPs on port 22.
     Static NAT from Internet facing IP to internal on master on ports 22 and 80 (for the web based client).

nxserver.log:
     Master:

-- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND=
HELLO NXSERVER - Version 2.1.0-72 OS (GPL, using backend: not detected)
NX> 105 hello NXCLIENT - Version 2.1.0
NX> 134 Accepted protocol: 2.1.0
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: root
NX> 102 Password:
Info: Auth method: passdb ssh
NX> 103 Welcome to: SDVPC01 user: root
NX> 105 listsession --user="root" --status="suspended,running" --geometry="1440x900x32+render" --type="unix-application"
NX> 127 Sessions list of user 'root' for reconnect:

Display Type             Session ID                       Options  Depth Screen         Status      Session Name
------- ---------------- -------------------------------- -------- ----- -------------- ----------- ------------------------------

NX> 148 Server capacity: not reached for user: root
NX> 105 startsession  --virtualdesktop="1" --application="lxp-startup" --link="wan" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="session" --type="unix-application" --geometry="1440x837" --client="winnt" --keyboard="pc102/en_US" --screeninfo="1440x837x32+render"

Info: Load-Balancing (if possible) to x.x.x.113 ...
&virtualdesktop=1&application=lxp-startup&link=wan&backingstore=1&encryption=1&cache=16M&images=64M&shmem=1&shpix=1&strict=0&composite=1&media=0&session=session&type=unix-application&geometry=1440x837&client=winnt&keyboard=pc102/en_US&screeninfo=1440x837x32+render&clientproto=2.1.0&user=root&userip=68.209.123.36&uniqueid=0351427BD84C5BADAC9A0C0A722DED15&display=1000&host=x.x.x.113
ssh: connect to host x.x.x.113 port 22: Connection refused
expect: spawn id exp5 not open
    while executing
"expect -nobrace {Are you sure you want to continue connecting (yes/no)?} { send "yes\r" } assword*: { sleep 0.3; send "$password\r" } {Permission deni..."
    invoked from within
"expect {
                "Are you sure you want to continue connecting (yes/no)?" { send "yes\r" }
                "assword*:"  { sleep 0.3; send "$password\r" }
                "Permission de..."
    ("while" body line 2)
    invoked from within
"while {1} {
        expect {
                "Are you sure you want to continue connecting (yes/no)?" { send "yes\r" }
                "assword*:"  { sleep 0.3; send "$password\r" }
                "..."
    (file "/usr/bin/nxnode-login" line 69)
NX> 1004 Error: Session did not start.
NX> 596 Session start failed.
NX> 999 Bye

/var/log/secure:
     Master:

Jul 17 11:53:06 SDVPC01 sshd[21173]: pam_unix(sshd:session): session closed for user root
Jul 17 11:54:23 SDVPC01 sshd[21766]: Accepted publickey for nx from "myIP" port 50888 ssh2
Jul 17 11:54:24 SDVPC01 sshd[21766]: pam_unix(sshd:session): session opened for user nx by (uid=0)
Jul 17 11:54:28 SDVPC01 sshd[21845]: Accepted password for root from 127.0.0.1 port 60862 ssh2
Jul 17 11:54:28 SDVPC01 sshd[21845]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 17 11:54:28 SDVPC01 sshd[21845]: pam_unix(sshd:session): session closed for user root
Jul 17 11:55:33 SDVPC01 sshd[21766]: pam_unix(sshd:session): session closed for user nx
Jul 17 11:56:34 SDVPC01 sshd[22131]: Accepted password for root from "myIP" port 50903 ssh2
Jul 17 11:56:35 SDVPC01 sshd[22131]: pam_unix(sshd:session): session opened for user root by (uid=0)

node.conf:
     Master:

# node.conf
#
# This file is provided by FreeNX. It should be placed either into
# /etc/nxserver/node.conf (FreeNX style) or /usr/NX/etc/node.conf
# (NoMachine NX style).
#
# It is mostly compatible with NoMachine node.conf. The most important 
# difference is that no spaces are allowed when assigning values (eg 
# "A=value" is allowed, "A = value" is NOT).
#
# This file is sourced by bash, so you can do some fancy stuff here if you
# want to, but be aware that it is sourced 3 times per connection. If you 
# want autostart stuff, set NODE_AUTOSTART instead!
# 
#
# You surely are aware that FreeNX is based on the fantastic results that
# the hard work by NoMachine.com has achieved. NoMachine.com released the
# core NX libraries under the GPL. The installation of these libs are the
# precondition for all FreeNX scripts to work. If you are installing this
# software with the help of one of the package management tools of your
# Linux distribution, you can assume that this dependency is taken care of
# by the tool.
#
# You have questions about the inner workings of the NX technology?
#
# Then you are recommended to first check out the rich and very detailed
# NoMachine documentation and their online Knowledge Base at 
#
#           http://www.nomachine.com/kb/
#
# Other sources of information are the NoMachine mailing lists 
# (nxusers at nomachine.com and nxdevelopers at nomachine.com):
#
#           http://www.nomachine.com/mailinglists.php
#
# The FreeNX (freenx-knx at kde.org) list is here:
#
#           https://mail.kde.org/mailman/listinfo/freenx-knx
#
# SVN: $Id: node.conf.sample 402 2007-10-14 18:21:43Z fabianx $

#########################################################################
# General FreeNX directives
#########################################################################

# The host name which is used by NX server. It's should be used if it's
# different than the default hostname (as returned by `hostname`)
#SERVER_NAME="$(hostname)"

# The port number where local 'sshd' is listening.
SSHD_PORT=22

#########################################################################
# Authentication / Security directives
#########################################################################

# Authentication directives

ENABLE_PAM_AUTHENTICATION="1"

# This adds the usermode to the possible authentication methods
# Usermode means that a user can start the nxserver as his shell
# and connect directly to the right server via a custom client.
# ENABLE_USERMODE_AUTHENTICATION="0"

# This adds the passdb to the possible authentication methods
# ENABLE_PASSDB_AUTHENTICATION="0"

# This adds SSH to the possible authentication methods. For it to work sshd
# must be set up at localhost accepting password authentication.
#ENABLE_SSH_AUTHENTICATION="1"

# This adds SU to the possible authentication methods. For it to work the 
# "nx" user must be in the wheel (RedHat, Fedora) or the users group (SUSE)
# and the user logging in must have a valid shell that accepts the -c
# parameter.
#ENABLE_SU_AUTHENTICATION="0"

# Require all users to be in the passdb, regardless of authentication method
# ENABLE_USER_DB="0"

# If enabled forces the user to use encryption. This will bail out
# if the user does not have encryption enabled.
ENABLE_FORCE_ENCRYPTION="1"

# Refuse the NX client connection if SSHD does not export the
# SSH_CONNECTION and SSH_CLIENT variables in the environment
# passed to the NX server.
# 1: Will check the remote IP and will not accept the
#    connection if it can't be determined.
# 0: Will accept the connection even if the remote IP
#    is not provided.
SSHD_CHECK_IP="0"

#########################################################################
# Restriction directives
#########################################################################

# The base display number from which sessions are started.
#DISPLAY_BASE=1000

# The maximum number of contemporary sessions that can be run on FreeNX
#SESSION_LIMIT=200

# The maximum number of contemporary sessions that a single user can run
# on FreeNX. Defaults to the value of SESSION_LIMIT.
#SESSION_USER_LIMIT=200

# The number of displays reserved for sessions, it has to be greater or equal
# to the maximum number of contemporary sessions that a server can run.
#DISPLAY_LIMIT=200

# User for which sessions should be persistent. Either the keyword "all" or a
# comma-separated list of usernames or groups in the @groupname syntax.
#ENABLE_PERSISTENT_SESSION="all"

# Users and groups for whom persistent sessions should be disabled.
# Especially useful if ENABLE_PERSISTENT_SESSION="all"
#DISABLE_PERSISTENT_SESSION=""

# This enables the mirroring of running sessions via VNC feature.
# 
# Session is marked as resumable and type is vnc-mirrored.
# 
#ENABLE_MIRROR_VIA_VNC=1

# This enables the sharing of :0 via VNC feature.
# 
# Session is marked as resumable and type is vnc-local.
# 
# Note: You need to have the rights to access the display
#       else it does not work.
#
#ENABLE_DESKTOP_SHARING=1

#
# Enable or disable clipboard:
#
# client:  The content copied on the client can be pasted inside the
#            NX session.
#
# server: The content copied inside the NX session can be pasted
#             on the client.
#
# both:    The copy&paste operations are allowed both between the
#             client and the NX session and vice-versa.
#
# none:   The copy&paste operations between the client and the NX
#            session are never allowed.
#
#ENABLE_CLIPBOARD = "both"

#########################################################################
# Logging directives
#########################################################################

# This directives controls the verbosity of the server-wide log.
# 0: No Logging
# 1: Errors
# 2: Warnings
# 3: Important information
# 4: Server - Client communication
# 5: Information
# 6: Debugging information
# 7: stderror of some applications
NX_LOG_LEVEL=6

# By setting this to 0 the nxserver might be a bit faster, but passwords can be found in the log files.
#NX_LOG_SECURE=1

# Before turning logging on, please make sure that NX_LOGFILE is
# writeable for the "nx" user
NX_LOGFILE=/var/log/nxserver.log

# This directive controls if the temporary session directory
# ($HOME/.nx/C-<hostname>-<display>-<session_id>) should be kept after a
# session has ended. A successfully terminated session will be saved as
# T-C-<hostname>-<display>-<session_id> while a failed session will be saved
# as F-C-<hostname>-<display>-<session_id>.
# The default is to cleanup the directories.
SESSION_LOG_CLEAN=0

# Amount of seconds nxserver is to keep session history. The default of 2592000
# is equivalent to 30 days. If this is 0 no session history will be kept
# and a negative value denotes infinity.
#SESSION_HISTORY=2592000

#########################################################################
# Forwarding directives
#########################################################################

# FreeNX with ENABLE_SERVER_FORWARD="1" will automatically forward all
# connections to the host specified in SERVER_FORWARD_HOST with the
# secret key SERVER_FORWARD_KEY.
#
# This allows to have a "chain" of NX Servers. Note that you will need to
# use "SSL encryption" for all connections.

#ENABLE_SERVER_FORWARD="0"
#SERVER_FORWARD_HOST=""
#SERVER_FORWARD_PORT=22
#SERVER_FORWARD_KEY="/usr/NX/share/client.id_dsa.key"

# FreeNX with ENABLE_NOMACHINE_FORWARD_PORT="1" will automatically forward all
# connections to the commercial NoMachine nxserver installed on the same
# machine, which go in by port NOMACHINE_FORWARD_PORT. This feature is introduced
# to enable the usage of FreeNX and NoMachine NX side by side on the same machine
# without conflicts.
#
# Note: You need to let SSHD listen to several ports to make use of this
#       directive.

#ENABLE_NOMACHINE_FORWARD_PORT="0"
#NOMACHINE_FORWARD_PORT="22"

#NOMACHINE_SERVER="/usr/NX/bin/nxserver"
#NOMACHINE_NX_HOME_DIR="/usr/NX/home/nx"

# LOAD BALANCING
# ==============
#
# To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and
# make:
#
#   - either sure that all incoming connections are sent to the master
#     server by using forwarding directives on the "slave" servers.
#
#   - or share the session database space via NFS between the servers.
#     (not recommended at the moment as race conditions for DISPLAYs can 
#      occur)
#
ENABLE_LOADBALANCE="1"

LOAD_BALANCE_SERVERS="x.x.x.100 x.x.x.101 x.x.x.104 x.x.x.105 x.x.x.108 x.x.x.109 x.x.x.110 x.x.x.111 x.x.x.112 x.x.x.113 x.x.x.114 x.x.x.115 x.x.x.116 x.x.x.117 x.x.x.118"

# The following load_balance_algorithms are available at the moment:
#
# "load", "round-robin", "random"
#
# For "load" you need a script called nxcheckload in PATH_BIN.
# 
# A sample script, which you can change to your needs it shipped with
# FreeNX under the name nxcheckload.sample.

LOAD_BALANCE_ALGORITHM="load"

# By setting ENABLE_LOADBALANCE="1" you can let users choose their
# preferred host, while being forwarded to another server. Of course
# this is just a preference. The loadbalancing algorithm can completely
# choose to ignore the users choice.

#ENABLE_LOAD_BALANCE_PREFERENCE="0"

#########################################################################
# Services directives
#########################################################################

# FreeNX with ENABLE_ESD_PRELOAD="1" will automatically try to setup
# the sound with the help of the esd media helper.
#
# Currently ESD will be used just by the Windows NX Client.
#
# Be sure that $ESD_BIN_PRELOAD is in your path, does exist and work
# before enabling this directive.

#ENABLE_ESD_PRELOAD="0"
#ESD_BIN_PRELOAD="esddsp"

# FreeNX with ENABLE_ARTSD_PRELOAD="1" will automatically try to setup
# the sound with the help of the artsd media helper.
#
# Currently ARTSD will be used just by the Linux NX Client.
#
# Be sure that $ARTSD_BIN_PRELOAD is in your path, does exist and work
# before enabling this directive.

#ENABLE_ARTSD_PRELOAD="0"
#ARTSD_BIN_PRELOAD="artsdsp"

# FreeNX with ENABLE_KDE_CUPS="1" will automatically write 
# $KDE_PRINTRC and put the current used socket into it.
#
# If you additionally enable ENABLE_KDE_CUPS_DYNAMIC it will set the 
# Host entry to the script nxcups-gethost, which dynamically tries all 
# possible entries to find the current printing host.
#
# The order is: CUPS_SERVER (env var), ~/.cups/client.conf, $KDE_PRINTRC,
#               $CUPS_DEFAULT_SOCK, localhost
#
# So this option is most useful with ENABLE_CUPS_SERVER_EXPORT="1".
# 
# $KDE_PRINTRC is automatically calculated if its not set.

#ENABLE_KDE_CUPS="0"
#ENABLE_KDE_CUPS_DYNAMIC="0"
#KDE_PRINTRC="$KDEHOME/share/config/kdeprintrc"

# FreeNX with ENABLE_CUPS_SERVER_EXPORT="1" will automatically
# export the environment variable CUPS_SERVER.

#ENABLE_CUPS_SERVER_EXPORT="1"

# FreeNX with ENABLE_CUPS_SEAMLESS will automatically try to download the 
# necessary ppds from the client.
# 
# As the forwarding is just active as soon as nxagent is started,
# we need a small delay of $CUPS_SEAMLESS_DELAY.
#
# Note: You need to use a patched cupsd on client side.

#ENABLE_CUPS_SEAMLESS="0"
#CUPS_SEAMLESS_DELAY="10"

# FreeNX with ENABLE_FOOMATIC will integrate the foomatic db to the list
# of available ppd drivers via the $COMMAND_FOOMATIC command.

#ENABLE_FOOMATIC="1"
#COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"

# CUPS_BACKEND and CUPS_ETC are the corresponding paths of your CUPS 
# installation.

#CUPS_BACKEND="/usr/lib/cups/backend"
#CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
#CUPS_DEFAULT_SOCK="/var/run/cups/cups.sock"
#CUPS_ETC="/etc/cups"

# SAMBA_MOUNT_SHARE_PROTOCOL is a key to configure the supported 
# protocols for mounting shares.
#
# This key can be set to the following values:
#
# both, either SMB and CIFS protocol are supported, this is the default value.
# smbfs, only SMB protocol is supported.
# cifs, only CIFS protocol is supported.
# none, no network file-sharing protocol is supported.

#SAMBA_MOUNT_SHARE_PROTOCOL="both"

#########################################################################
# Path directives
#########################################################################

# USER_FAKE_HOME is the base directory for the .nx directory. Use this
# parameter instead of the users home directory if $HOME is on a NFS share.
# Note that this directory must be unique for every user! To accomplish this
# it is recommended to include $USER in the path.
#USER_FAKE_HOME=$HOME

# Add the nx libraries to LD_LIBRARY_PATH before starting nx agents.
# WARNING: This will NOT (and should not) affect applications. ONLY Disable
# this if the nx libraries are in a standard system path (such as /usr/lib)!
#SET_LD_LIBRARY_PATH="1"

# The command binary for the default window manager. If set it is run when a
# 'unix-custom' session is requested by the NX Client and an application
# to run is specified. It defaults to empty (ie no WM is run).
# If KILL_DEFAULT_X_WM is set the WM is terminated after the started 
# application finishes. Else FreeNX will wait for the WM to complete.
#DEFAULT_X_WM=""
#KILL_DEFAULT_X_WM="1"

# When a 'unix-default' session is requested by the client the user's X startup
# script will be run if pressent and executable, otherwise the default X
# session will be run.
# Depending on distribution USER_X_STARTUP_SCRIPT might be .Xclients, .xinitrc
# and .Xsession
# Depending on distribution DEFAULT_X_SESSION might be /etc/X11/xdm/Xsession,
# /etc/X11/Sessions/Xsession or /etc/X11/xinit/xinitrc
#USER_X_STARTUP_SCRIPT=.Xclients
#DEFAULT_X_SESSION=/etc/X11/xdm/Xsession

# The key that contains the name of the script that starts a KDE session.
# It's run when a 'unix-kde' session is requested by the client.
#COMMAND_START_KDE="/usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/startkde"

# The key that contains the name of the script that starts a gnome session.
# It's run when a 'unix-gnome' session is requested by the client.
#COMMAND_START_GNOME="/usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/gnome-session"

# The key that contains the name of the script that starts a CDE session.
# It's run when a 'unix-cde' session is requested by the client.
#COMMAND_START_CDE=cdwm

# The key that contains the name of the complete path of command name
# 'xterm'. It is run when a unix "xterm" session is requested by the
# client.
#COMMAND_XTERM=xterm

# The key that contains the name of the complete path of command name
# 'xauth'.
#COMMAND_XAUTH=/usr/X11R6/bin/xauth

# The key that contains the name of the complete path of command name
# 'smbmount'.
#COMMAND_SMBMOUNT=smbmount

# The key that contains the name of the complete path of command name
# 'smbumount'.
#COMMAND_SMBUMOUNT=smbumount

# The key that contains the name of the complete path of command name
# 'mount.cifs'.
#COMMAND_SMBMOUNT_CIFS=/sbin/mount.cifs

# The key that contains the name of the complete path of command name
# 'umount.cifs'.
#COMMAND_SMBUMOUNT_CIFS=/sbin/umount.cifs

# The key that contains the name of the complete path of the 'netcat' command.
#COMMAND_NETCAT=nc

# The key that contains the name of the complete path of the 'ssh' and
# 'ssh-keygen' command.
#COMMAND_SSH=ssh
#COMMAND_SSH_KEYGEN=ssh-keygen

# The key that contains the name of the complete path of the 'cupsd' command.
#COMMAND_CUPSD=/usr/sbin/cupsd

# The tool to generate md5sums with
#COMMAND_MD5SUM="openssl md5"

# The key that contains the name of the complete path of the 'rdesktop' command.
#COMMAND_RDESKTOP=rdesktop

# The key that contains the name of the complete path of the 'vncviewer' command.
#COMMAND_VNCVIEWER=vncviewer

# The key that contains the name of the complete path of the 'vncpasswd' command.
# By default the builtin nxpasswd is used.
#COMMAND_VNCPASSWD="$PATH_BIN/nxpasswd"

# The key that contains the name of the complete path of the 'x11vnc' command.
#COMMAND_X11VNC=x11vnc

#########################################################################
# Misc directives
#########################################################################

# When you installed a 2.0.0 NX Backend, set this to 1.
ENABLE_2_0_0_BACKEND="1"

# When set to 1 this will automatically resume started sessions
#ENABLE_AUTORECONNECT="0"

# When set to 1 this will automatically resume started sessions
# but only if an older client version is used
#ENABLE_AUTORECONNECT_BEFORE_140="1"

# When set to 1 exports NXUSERIP / NXSESSIONID in nxnode
#EXPORT_USERIP="0"
#EXPORT_SESSIONID="1"

# This can be set to any executable, which is started after session startup
# like: $NODE_AUTOSTART {start|restore}
#NODE_AUTOSTART=""

# When set to 1 will start nxagent in rootless mode.
ENABLE_ROOTLESS_MODE="1"

# If enabled writes entries via the COMMAND_SESSREG program
# into utmp/wtmp/lastlog database.
# Note: You have to make sure that you add the nx user to the
#       utmp or tty group or how its called on your system
#       before this directive works.
#ENABLE_USESSION="0"
#COMMAND_SESSREG="sessreg"

# Extra options sent to the different nx agents. See !M documentation
# for examples of useful parameters.
#AGENT_EXTRA_OPTIONS_RFB=""
#AGENT_EXTRA_OPTIONS_RDP=""
#AGENT_EXTRA_OPTIONS_X=""

# The number of seconds we wait for the nxagent to start before
# deciding startup has failed
#AGENT_STARTUP_TIMEOUT="60"

# The font server the agent will use. If set to "" no font server is used.
# For this to do any good, the client has to have the same font server set
# in /etc/X11/XF86Config
#AGENT_FONT_SERVER=""

# Disable or enable use of 'tcp nodelay' on proxy. Old versions of Linux
# kernels have problems using this option on sockets that will cause a loss
# of TCP connections. This option is not set by default to allow clients to
# specify whether to enable or disable TCP nodelay. Setting this option to
# the value of "0" NX proxy avoids using 'tcp nodelay' but it will cause a
# loss of interaction in sessions.
#PROXY_TCP_NODELAY=""

# Extra options to nxproxy. See !M documentation for useful parameters.
#PROXY_EXTRA_OPTIONS=""

# In case you want to use an external 'rdesktop' command
# set this to "1".
# 
# If nxdesktop cannot be found this is set automatically to "1".
#ENABLE_EXTERNAL_NXDESKTOP="0"

# This configuration variable determines if 'rdesktop' command should be run with -k keyboard option
# or if the keyboard should be autodetected.
#
#ENABLE_EXTERNAL_NXDESKTOP_KEYBOARD="1"

# In case you want to use an external 'nxviewer' command
# set this to "1".
# 
# If nxviewer cannot be found this is set automatically to "1".
#ENABLE_EXTERNAL_NXVIEWER="0"

     node:

# node.conf
#
# This file is provided by FreeNX. It should be placed either into
# /etc/nxserver/node.conf (FreeNX style) or /usr/NX/etc/node.conf
# (NoMachine NX style).
#
# It is mostly compatible with NoMachine node.conf. The most important 
# difference is that no spaces are allowed when assigning values (eg 
# "A=value" is allowed, "A = value" is NOT).
#
# This file is sourced by bash, so you can do some fancy stuff here if you
# want to, but be aware that it is sourced 3 times per connection. If you 
# want autostart stuff, set NODE_AUTOSTART instead!
# 
#
# You surely are aware that FreeNX is based on the fantastic results that
# the hard work by NoMachine.com has achieved. NoMachine.com released the
# core NX libraries under the GPL. The installation of these libs are the
# precondition for all FreeNX scripts to work. If you are installing this
# software with the help of one of the package management tools of your
# Linux distribution, you can assume that this dependency is taken care of
# by the tool.
#
# You have questions about the inner workings of the NX technology?
#
# Then you are recommended to first check out the rich and very detailed
# NoMachine documentation and their online Knowledge Base at 
#
#           http://www.nomachine.com/kb/
#
# Other sources of information are the NoMachine mailing lists 
# (nxusers at nomachine.com and nxdevelopers at nomachine.com):
#
#           http://www.nomachine.com/mailinglists.php
#
# The FreeNX (freenx-knx at kde.org) list is here:
#
#           https://mail.kde.org/mailman/listinfo/freenx-knx
#
# SVN: $Id: node.conf.sample 402 2007-10-14 18:21:43Z fabianx $

#########################################################################
# General FreeNX directives
#########################################################################

# The host name which is used by NX server. It's should be used if it's
# different than the default hostname (as returned by `hostname`)
#SERVER_NAME="$(hostname)"

# The port number where local 'sshd' is listening.
SSHD_PORT=22

#########################################################################
# Authentication / Security directives
#########################################################################

# Authentication directives

# This adds the usermode to the possible authentication methods
# Usermode means that a user can start the nxserver as his shell
# and connect directly to the right server via a custom client.
#ENABLE_USERMODE_AUTHENTICATION="0"

ENABLE_PAM_AUTHENTICATION="1"

# This adds the passdb to the possible authentication methods
# ENABLE_PASSDB_AUTHENTICATION="1"

# This adds SSH to the possible authentication methods. For it to work sshd
# must be set up at localhost accepting password authentication.
ENABLE_SSH_AUTHENTICATION="1"

# This adds SU to the possible authentication methods. For it to work the 
# "nx" user must be in the wheel (RedHat, Fedora) or the users group (SUSE)
# and the user logging in must have a valid shell that accepts the -c
# parameter.
# ENABLE_SU_AUTHENTICATION="0"

# Require all users to be in the passdb, regardless of authentication method
# ENABLE_USER_DB="0"

# If enabled forces the user to use encryption. This will bail out
# if the user does not have encryption enabled.
ENABLE_FORCE_ENCRYPTION="1"

# Refuse the NX client connection if SSHD does not export the
# SSH_CONNECTION and SSH_CLIENT variables in the environment
# passed to the NX server.
# 1: Will check the remote IP and will not accept the
#    connection if it can't be determined.
# 0: Will accept the connection even if the remote IP
#    is not provided.
SSHD_CHECK_IP="0"

#########################################################################
# Restriction directives
#########################################################################

# The base display number from which sessions are started.
#DISPLAY_BASE=1000

# The maximum number of contemporary sessions that can be run on FreeNX
#SESSION_LIMIT=200

# The maximum number of contemporary sessions that a single user can run
# on FreeNX. Defaults to the value of SESSION_LIMIT.
SESSION_USER_LIMIT=2

# The number of displays reserved for sessions, it has to be greater or equal
# to the maximum number of contemporary sessions that a server can run.
#DISPLAY_LIMIT=200

# User for which sessions should be persistent. Either the keyword "all" or a
# comma-separated list of usernames or groups in the @groupname syntax.
#ENABLE_PERSISTENT_SESSION=""

# Users and groups for whom persistent sessions should be disabled.
# Especially useful if ENABLE_PERSISTENT_SESSION="all"
DISABLE_PERSISTENT_SESSION="all"

# This enables the mirroring of running sessions via VNC feature.
# 
# Session is marked as resumable and type is vnc-mirrored.
# 
#ENABLE_MIRROR_VIA_VNC=1

# This enables the sharing of :0 via VNC feature.
# 
# Session is marked as resumable and type is vnc-local.
# 
# Note: You need to have the rights to access the display
#       else it does not work.
#
#ENABLE_DESKTOP_SHARING=1

#
# Enable or disable clipboard:
#
# client:  The content copied on the client can be pasted inside the
#            NX session.
#
# server: The content copied inside the NX session can be pasted
#             on the client.
#
# both:    The copy&paste operations are allowed both between the
#             client and the NX session and vice-versa.
#
# none:   The copy&paste operations between the client and the NX
#            session are never allowed.
#
#ENABLE_CLIPBOARD = "both"

#########################################################################
# Logging directives
#########################################################################

# This directives controls the verbosity of the server-wide log.
# 0: No Logging
# 1: Errors
# 2: Warnings
# 3: Important information
# 4: Server - Client communication
# 5: Information
# 6: Debugging information
# 7: stderror of some applications
NX_LOG_LEVEL=4

# By setting this to 0 the nxserver might be a bit faster, but passwords can be found in the log files.
NX_LOG_SECURE=1

# Before turning logging on, please make sure that NX_LOGFILE is
# writeable for the "nx" user
NX_LOGFILE=/var/log/nxserver.log

# This directive controls if the temporary session directory
# ($HOME/.nx/C-<hostname>-<display>-<session_id>) should be kept after a
# session has ended. A successfully terminated session will be saved as
# T-C-<hostname>-<display>-<session_id> while a failed session will be saved
# as F-C-<hostname>-<display>-<session_id>.
# The default is to cleanup the directories.
#SESSION_LOG_CLEAN=1

# Amount of seconds nxserver is to keep session history. The default of 2592000
# is equivalent to 30 days. If this is 0 no session history will be kept
# and a negative value denotes infinity.
#SESSION_HISTORY=2592000

#########################################################################
# Forwarding directives
#########################################################################

# FreeNX with ENABLE_SERVER_FORWARD="1" will automatically forward all
# connections to the host specified in SERVER_FORWARD_HOST with the
# secret key SERVER_FORWARD_KEY.
#
# This allows to have a "chain" of NX Servers. Note that you will need to
# use "SSL encryption" for all connections.

ENABLE_SERVER_FORWARD="1"
SERVER_FORWARD_HOST="x.x.x.100"
SERVER_FORWARD_PORT=22
SERVER_FORWARD_KEY="/etc/nxserver/client.id_dsa.key"

# FreeNX with ENABLE_NOMACHINE_FORWARD_PORT="1" will automatically forward all
# connections to the commercial NoMachine nxserver installed on the same
# machine, which go in by port NOMACHINE_FORWARD_PORT. This feature is introduced
# to enable the usage of FreeNX and NoMachine NX side by side on the same machine
# without conflicts.
#
# Note: You need to let SSHD listen to several ports to make use of this
#       directive.

#ENABLE_NOMACHINE_FORWARD_PORT="0"
#NOMACHINE_FORWARD_PORT="22"

#NOMACHINE_SERVER="/usr/NX/bin/nxserver"
#NOMACHINE_NX_HOME_DIR="/usr/NX/home/nx"

# LOAD BALANCING
# ==============
#
# To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and
# make:
#
#   - either sure that all incoming connections are sent to the master
#     server by using forwarding directives on the "slave" servers.
#
#   - or share the session database space via NFS between the servers.
#     (not recommended at the moment as race conditions for DISPLAYs can 
#      occur)
#

#LOAD_BALANCE_SERVERS=""

# The following load_balance_algorithms are available at the moment:
#
# "load", "round-robin", "random"
#
# For "load" you need a script called nxcheckload in PATH_BIN.
# 
# A sample script, which you can change to your needs it shipped with
# FreeNX under the name nxcheckload.sample.

#LOAD_BALANCE_ALGORITHM="random"

# By setting ENABLE_LOADBALANCE="1" you can let users choose their
# preferred host, while being forwarded to another server. Of course
# this is just a preference. The loadbalancing algorithm can completely
# choose to ignore the users choice.

#ENABLE_LOAD_BALANCE_PREFERENCE="0"

#########################################################################
# Services directives
#########################################################################

# FreeNX with ENABLE_ESD_PRELOAD="1" will automatically try to setup
# the sound with the help of the esd media helper.
#
# Currently ESD will be used just by the Windows NX Client.
#
# Be sure that $ESD_BIN_PRELOAD is in your path, does exist and work
# before enabling this directive.

#ENABLE_ESD_PRELOAD="0"
#ESD_BIN_PRELOAD="esddsp"

# FreeNX with ENABLE_ARTSD_PRELOAD="1" will automatically try to setup
# the sound with the help of the artsd media helper.
#
# Currently ARTSD will be used just by the Linux NX Client.
#
# Be sure that $ARTSD_BIN_PRELOAD is in your path, does exist and work
# before enabling this directive.

#ENABLE_ARTSD_PRELOAD="0"
#ARTSD_BIN_PRELOAD="artsdsp"

# FreeNX with ENABLE_KDE_CUPS="1" will automatically write 
# $KDE_PRINTRC and put the current used socket into it.
#
# If you additionally enable ENABLE_KDE_CUPS_DYNAMIC it will set the 
# Host entry to the script nxcups-gethost, which dynamically tries all 
# possible entries to find the current printing host.
#
# The order is: CUPS_SERVER (env var), ~/.cups/client.conf, $KDE_PRINTRC,
#               $CUPS_DEFAULT_SOCK, localhost
#
# So this option is most useful with ENABLE_CUPS_SERVER_EXPORT="1".
# 

# $KDE_PRINTRC is automatically calculated if its not set.

#ENABLE_KDE_CUPS="0"
#ENABLE_KDE_CUPS_DYNAMIC="0"
#KDE_PRINTRC="$KDEHOME/share/config/kdeprintrc"

# FreeNX with ENABLE_CUPS_SERVER_EXPORT="1" will automatically
# export the environment variable CUPS_SERVER.

#ENABLE_CUPS_SERVER_EXPORT="1"

# FreeNX with ENABLE_CUPS_SEAMLESS will automatically try to download the 
# necessary ppds from the client.
# 
# As the forwarding is just active as soon as nxagent is started,
# we need a small delay of $CUPS_SEAMLESS_DELAY.
#
# Note: You need to use a patched cupsd on client side.

#ENABLE_CUPS_SEAMLESS="0"
#CUPS_SEAMLESS_DELAY="10"

# FreeNX with ENABLE_FOOMATIC will integrate the foomatic db to the list
# of available ppd drivers via the $COMMAND_FOOMATIC command.

#ENABLE_FOOMATIC="1"
#COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"

# CUPS_BACKEND and CUPS_ETC are the corresponding paths of your CUPS 
# installation.

#CUPS_BACKEND="/usr/lib/cups/backend"
#CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
#CUPS_DEFAULT_SOCK="/var/run/cups/cups.sock"
#CUPS_ETC="/etc/cups"

# SAMBA_MOUNT_SHARE_PROTOCOL is a key to configure the supported 
# protocols for mounting shares.
#
# This key can be set to the following values:
#
# both, either SMB and CIFS protocol are supported, this is the default value.
# smbfs, only SMB protocol is supported.
# cifs, only CIFS protocol is supported.
# none, no network file-sharing protocol is supported.

#SAMBA_MOUNT_SHARE_PROTOCOL="both"

#########################################################################
# Path directives
#########################################################################