Howto[F10]: Install and configure freenx-server( including SELinux)
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 6 of 6
  1. #1
    Join Date
    Nov 2007
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Arrow Howto[F10]: Install and configure freenx-server( including SELinux)

    Hi,

    As freenx-server (on F10) does not work out of the box, here a little howto for configuring it.

    ######################################
    # Valid for freenx-server 0.7.3 for Fedora 10 #
    ######################################
    Before starting, you should be sure that you have a running and working ssh daemon.

    1) Become root
    sudo su -

    2) Install freenx-server and xorg-x11-fonts-misc
    yum install freenx-server xorg-x11-fonts-misc

    The last package is perhaps not needed, but I installed it as I read somewhere that it is needed.

    3) Put selinux in permissive mode
    setenforce 0

    4) Add following path to /root/.bash_profile
    PATH=$PATH:$HOME/bin:/usr/libexec/nx

    5) "Load" the file again
    . /root/.bash_profile

    6) Change to /usr/share/doc/freenx-server-0.7.3/

    7) Execute nxsetup
    ./nxsetup --setup-nomachine-key

    ==> This will configure the freenx server using the standard key

    8) If not already done, create the /etc/nxserver/node.conf and configure it (at least enable authentication via ssh and force encryption)
    cd /etc/nxserver
    cp node.conf.sample node.conf

    9) Go back to /usr/share/doc/freenx-server-0.7.3 and test your freenx setup
    ./nxsetup --test

    You should have some warning about some missing libraries...

    10) Fixing 3 missing libraries problem. Change to /usr/lib64/nx/
    ln -s libXcomp.so.3 libXcomp.so
    ln -s libXcompext.so.3 libXcompext.so
    ln -s libXrender.so.1.2.2 libXrender.so.1.2

    11) Test again your freenx setup as in 9) . This time you should not have any other libraries warnings. If the nxserver is still not running, then start it:
    nxserver --start

    12) Install the NX client on another machine (on the same machine should also be fine) from Nomachine.com: http://www.nomachine.com/download.php .
    The connection from the NX client should work this time.

    13) The next time you reboot, SELinux will be again in enforcing mode and the connection with the NX client will not work anymore. The easiest thing is disable SELinux and you are done. If you do not want to disable SELinux, go on.
    As we do not want to reboot now, we close the NX client connection and change SELinux mode again to enforcing
    setenforce 1

    14) Disable auditd
    service auditd stop

    15) Move /var/log/audit/audit.log somewhere else. For example
    mv /var/log/audit/audit.log /var/log/audit/audit.log_currentDate

    16) Enable again auditd
    service auditd start

    17) Try another connection with the NX client. This time it should not work... If you have a look in the freshly created /var/log/audit/audit.log, you will see some problems due to the authorized_keys file and SSHD. As I am not an SELinux expert, I followed the simple way... I generated a policy from the audit.log file :
    cat /var/log/audit/audit.log | audit2allow -M freenx
    semodule -i freenx.pp

    You can have a look at the freenx.te file to see what policy was added.

    18) For me, unfortunately, the NX client connection still did not work due to another SELinux problem. I repeated points 14) to 17), but I created a freenx2 module (instead of freenx). Do not forget then to install the newly created freenx2.pp policy (and not again freenx.pp).

    19) The NX client connection worked this time for me...

    ################ END ################################################

    As you certainly noticed, I am really far away from what we could call a SELinux specialist . I would be glad if some SELinux guru could give us the right and better way to do it (not just this bad hack that certainly opened some other unwanted doors in SELinux).
    This howto can certainly also be improved, so feal free (oups, of course you already feel free as you work on Linux ).

    Seeu

    Chris

  2. #2
    Join Date
    Nov 2007
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    By the way, I would like to deactivate the start of the freenx server at boot time, but I cannot find where it is activated... Does anybody know?

    Thanks

    Chris

  3. #3
    neochi Guest

    Cool Just in case .. some additional things I had to do.

    Awesome write-up BTW.. many thanks!!
    I was able to remove NoMachine's rpms & switch back to the F10 freenx-server with the help of your howto.

    Still receiving an odd connection error message when starting the nx client session.

    Turns out I'm missing the /tmp/.X11-unix directory which is required for creating the X session special socket file.
    (My default runlevel is 3, which may be the reason the directory is not there after reboot)
    Added following to the end of /etc/rc.local :
    [ -d /tmp/.X11-unix ] || mkdir -m 1777 /tmp/.X11-unix

    Also.. /usr/libexec/nx/nxagent was missing library links for:
    libXcomp.so.3, libXcompext.so.3 & libXcompshad.so.3

    Fix this with:
    cd /usr/lib64
    ln -s nx/libXcomp.so.3.2.0 libXcomp.so.3
    ln -s nx/libXcompext.so.3.2.0 libXcompext.so.3
    ln -s nx/libXcompshad.so.3.2.0 libXcompshad.so.3
    Last edited by neochi; 8th February 2009 at 10:15 AM. Reason: update information

  4. #4
    boyan7640 Guest

    Thumbs up FreeNX failure in Fedora 9 + 10 default setup SOLVED

    Hi all,

    Please, check this out (so simple and nice, and it's working ):
    http://www.savelono.com/linux/freenx...ult-setup.html

    Details:
    ------------------------------------------------------------
    [root@hostname nxserver]# rpm -qa | grep nx
    nx-3.3.0-33.fc10.i386
    freenx-server-0.7.3-11.fc10.i386
    [root@hostname nxserver]#

    [root@hostname nxserver]# getenforce
    Enforcing
    [root@hostname nxserver]#

    [root@hostname nxserver]# grep -v '^#' /etc/nxserver/node.conf
    DISPLAY_BASE=1001
    NX_LOG_LEVEL=7
    NX_LOG_SECURE=1
    NX_LOGFILE=/var/log/nx/nxserver.log
    [root@hostname nxserver]#

    Fedora 10
    PC i686
    ------------------------------------------------------------

    Best Regards,

    Boyan Boychev
    Stara Zagora, Bulgaria

  5. #5
    Join Date
    Jun 2009
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    xorg-x11-fonts-misc

    Oh, man. I wasted a couple of days beating my brains out - why the remote screen appears for a moment and then connections fail!

    The reason was xorg-x11-fonts-misc. After installing it all systems go!

  6. #6
    Join Date
    Oct 2009
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Howto[F10]: Install and configure freenx-server( including SELinux)

    Einbert! is you alter ego Mel Kham? Cuz your tutorial is quoted verbatim here:
    http://www.unixmen.com/install-and-c...freenx-server/
    And no, I'm not trolling. I'm trying to install NX on CentOS6 which uses FreeNX 0.7 and I've been bashing my brains out for weeks to get here.

Similar Threads

  1. Howto: Install and configure TOR+Privoxy on Fedora 10.
    By xen_yasai in forum Guides & Solutions (Not For Questions)
    Replies: 0
    Last Post: 24th January 2009, 01:34 PM
  2. FreeNx and SeLinux issues
    By cessnadriver in forum Security and Privacy
    Replies: 2
    Last Post: 16th November 2008, 11:57 PM
  3. How Can I Install Without Including SELinux?
    By pushback in forum Installation, Upgrades and Live Media
    Replies: 3
    Last Post: 4th January 2007, 07:55 AM
  4. HOWTO FreeNX on Fedora Core
    By lvansteen in forum Guides & Solutions (Not For Questions)
    Replies: 1
    Last Post: 4th December 2006, 10:57 PM
  5. HOWTO install and configure the new ATI Driver 8.8.25 on FC3 kernel 2.6.10 (latest)
    By LeAkEd in forum Guides & Solutions (Not For Questions)
    Replies: 225
    Last Post: 13th June 2006, 11:33 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •