NoMachine NX for OS X Successfully Authenticates But Won’t Load Sessions

I recently discovered NoMachine’s NX while looking for an easy way to encrypt VNC. NX, if you aren’t familiar with it, is generally a PITA to setup, but well worth the pain (on Linux anyway). All traffic goes over SSH and while the performance isn’t as great as Windows’ RDP, it’s faster and more secure than VNC. NoMachine’s NX client works on Windows, OS X and Linux and even works well on roaming profiles.

Installing NX Server on OS X is challenging. Well, installing it is easy, getting it to work is another story.

First, starting with Mountain Lion, Apple no longer ships OS X with X11 already installed so XQuartz must be downloaded and installed manually. Initially, I installed XQuartz X11 2.7.4 and NX for OSX 4.0.181-7.

After adding the nx user to my allowed list of SSH logins, connecting was easy using the account I use to login to my MacBook Pro everyday. When prompted for Desktop type, I selected Shadow.



Once I connected, my session would appear for a split second then disappear. If you’re quick, sometimes you can catch the session before it disappears then click Attach.


Oops! Missed it :(




Got it!

Now, initially when I’d attach, it would hang at “Requesting users authorization” but no window would pop up to request the authorization. I checked to ensure that PhysicalDesktopAuthorization 0 was set in server.cfg and sure enough it was. I thought, then, that maybe there was an issue with xauth. I spent about a day troubleshooting that, and eventually tried a different version of XQuartz. I uninstalled everything across the board. Then reinstalled everything across the board and still no dice. Messing with shadowing in the configs proved fruitless and decided to pour over NX’s documentation one last time. This time, I saw that it should have installed the nxnode –mirror service, but no such service was running.

I created /Library/LaunchDaemons/com.nomachine.node.plist and pasted the following into it, ensuring that Username was set to my regular user account (otherwise, my session never showed)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>com.nomachine.node</string>
        <key>KeepAlive</key>
        <false/>
        <key>ProgramArguments</key>
        <array>
                <string>/Applications/NoMachine Service.app/Contents/Frameworks/bin/nxnode</string>
                <string>--mirror</string>
        </array>
        <key>UserName</key>
        <string>chrissylemaire</string>
        <key>RunAtLoad</key>
        <true/>
        <key>StandardErrorPath</key>
        <string>/Applications/NoMachine Service.app/Contents/Frameworks/var/log/nxnode_stderr.log</string>
        <key>StandardOutPath</key>
        <string>/Applications/NoMachine Service.app/Contents/Frameworks/var/log/nxnode_stdout.log</string>
        <key>WorkingDirectory</key>
        <string>/Applications/NoMachine Service.app/Contents/Frameworks/bin/</string>
        <key>Debug</key>
        <true/>
</dict>
</plist>



I ran launchctl load -w /Library/LaunchDaemons/com.nomachine.node.plist and voila! My screen appeared. It was ugly and smudgy, though, no matter how well I optimized my client settings. Look:

Also, it often freezes about 10 seconds after. Seeing that the screen quality wasn’t worth it anyway, I decided to go with VNC over SSL until NoMachine NX is out of beta for OS X. Ultimately, I really wanted remote access to manage my virtual Windows farm, so I finally got around to installing and configuring Remote Desktop Gateway. If you’re a Windows admin who wants secure Remote Desktop access, you should try Remote Desktop Gateway which does RDP over SSL RPC. It was easy-ish to setup and the quality is just as you’d expect from RDP. Slick!

Posted in OS X & iDevices, Security
Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">