[FreeNX-kNX] shadowing fails, Error: Authorization refused by user: sameuser.

chris at ccburton.com chris at ccburton.com
Thu Oct 6 18:44:56 UTC 2011 

freenx-knx-bounces at kde.org wrote on 06/10/2011 17:48:28:

[SNIP]
>  So in a nutshell to setup shadowing on a centos5 server:
> 
> 1) yum -y install nx freenx
> 2) install the nxclient (latest 3.x) RPM from nomachine
> 3) cp /etc/nxserver/node.conf.sample /etc/nxserver/node.conf
> 4) edit node.conf and set :
> 
> ENABLE_SESSION_SHADOWING_AUTHORIZATION=1
> 
> ENABLE_INTERACTIVE_SESSION_SHADOWING=1
> 
> ^^ set this to 0 if you want shadowers to be able to view only
> 
> 5) create /usr/bin/nxshadowacl and inside it put:
> 
> #!/bin/bash
> 
> exit 0

nxshadowacl is only called

if

the shadowing user differs from the shadowed user.

You tested it by shadowing yourself, so nxshadowacl wasn't an
issue and didn't get executes, as you noticed yourself.

That doesn't mean it actually is you logged in as you tho'
so you are still asked to permit shadowing (by yourself)

> 
> 6) chmod 755 /usr/bin/nxshadowacl
> 7) nxserver --restart (don't even know if this is necessary)

There is no FreeNX server process.

The nxserver service start runs a clean up, and enables
connections.

> 
> Then the person setting up the original session should connect as
> usual and the person going to be doing the shadowing should use the
> Shadow session type rather than Unix in configure. If an nxserver has
> multiple nx sessions running, the person with the original session
> should run "export | grep -i display" to determine the display # of
> the session to give to the shadower.
> 
> Some nice features to give the session owner would be:
> 
> 1) Bring up a list of shadowers connected to the session

        ps -ef|grep "shadow $DISPLAY"

> (can multiple > shadowers connect? haven't tried this yet)

Yup . . . . 

> along with what sort of access they have (view only,
> completely blocked/blacked out screen but still connected,
> fully interactive)

They all get the same depending upon the value of parameter

        ENABLE_INTERACTIVE_SESSION_SHADOWING

You really should be able to specify access based on
username using nxshadowacl to change the value,
however you need to code it because of the way
nxshadowacl is called.

NOTE

        ENABLE_INTERACTIVE_SESSION_SHADOWING=1 gives

         -shadowmode=1

in the results of the above ps -ef

> 2) Allow the session owner to disconnect shadowers.

Hmmm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20111006/bbce5580/attachment.html>

More information about the FreeNX-kNX mailing list