Howto[F10]: Install and configure freenx-server( including SELinux)

[einbert]

Hi,

As freenx-server (on F10) does not work out of the box, here a little howto for configuring it.

######################################
# Valid for freenx-server 0.7.3 for Fedora 10 #
######################################
Before starting, you should be sure that you have a running and working ssh daemon.

1) Become root
sudo su -

2) Install freenx-server and xorg-x11-fonts-misc
yum install freenx-server xorg-x11-fonts-misc

The last package is perhaps not needed, but I installed it as I read somewhere that it is needed.

3) Put selinux in permissive mode
setenforce 0

4) Add following path to /root/.bash_profile
PATH=$PATH:$HOME/bin:/usr/libexec/nx

5) "Load" the file again
. /root/.bash_profile

6) Change to /usr/share/doc/freenx-server-0.7.3/

7) Execute nxsetup
./nxsetup --setup-nomachine-key

==> This will configure the freenx server using the standard key

8) If not already done, create the /etc/nxserver/node.conf and configure it (at least enable authentication via ssh and force encryption)
cd /etc/nxserver
cp node.conf.sample node.conf

9) Go back to /usr/share/doc/freenx-server-0.7.3 and test your freenx setup
./nxsetup --test

You should have some warning about some missing libraries...

10) Fixing 3 missing libraries problem. Change to /usr/lib64/nx/
ln -s libXcomp.so.3 libXcomp.so
ln -s libXcompext.so.3 libXcompext.so
ln -s libXrender.so.1.2.2 libXrender.so.1.2

11) Test again your freenx setup as in 9) . This time you should not have any other libraries warnings. If the nxserver is still not running, then start it:
nxserver --start

12) Install the NX client on another machine (on the same machine should also be fine) from Nomachine.com: http://www.nomachine.com/download.php .
The connection from the NX client should work this time.

13) The next time you reboot, SELinux will be again in enforcing mode and the connection with the NX client will not work anymore. The easiest thing is disable SELinux and you are done. If you do not want to disable SELinux, go on.
As we do not want to reboot now, we close the NX client connection and change SELinux mode again to enforcing
setenforce 1

14) Disable auditd
service auditd stop

15) Move /var/log/audit/audit.log somewhere else. For example
mv /var/log/audit/audit.log /var/log/audit/audit.log_currentDate

16) Enable again auditd
service auditd start

17) Try another connection with the NX client. This time it should not work... If you have a look in the freshly created /var/log/audit/audit.log, you will see some problems due to the authorized_keys file and SSHD. As I am not an SELinux expert, I followed the simple way... I generated a policy from the audit.log file :
cat /var/log/audit/audit.log | audit2allow -M freenx
semodule -i freenx.pp

You can have a look at the freenx.te file to see what policy was added.

18) For me, unfortunately, the NX client connection still did not work due to another SELinux problem. I repeated points 14) to 17), but I created a freenx2 module (instead of freenx). Do not forget then to install the newly created freenx2.pp policy (and not again freenx.pp).

19) The NX client connection worked this time for me...

################ END ################################################

As you certainly noticed, I am really far away from what we could call a SELinux specialist . I would be glad if some SELinux guru could give us the right and better way to do it (not just this bad hack that certainly opened some other unwanted doors in SELinux).
This howto can certainly also be improved, so feal free (oups, of course you already feel free as you work on Linux ).

Seeu

Chris

[einbert]

By the way, I would like to deactivate the start of the freenx server at boot time, but I cannot find where it is activated... Does anybody know?

Thanks

Chris

[neochi]

Awesome write-up BTW.. many thanks!!
I was able to remove NoMachine's rpms & switch back to the F10 freenx-server with the help of your howto.

Still receiving an odd connection error message when starting the nx client session.

Turns out I'm missing the /tmp/.X11-unix directory which is required for creating the X session special socket file.
(My default runlevel is 3, which may be the reason the directory is not there after reboot)
Added following to the end of /etc/rc.local :
[ -d /tmp/.X11-unix ] || mkdir -m 1777 /tmp/.X11-unix

Also.. /usr/libexec/nx/nxagent was missing library links for:
libXcomp.so.3, libXcompext.so.3 & libXcompshad.so.3

Fix this with:
cd /usr/lib64
ln -s nx/libXcomp.so.3.2.0 libXcomp.so.3
ln -s nx/libXcompext.so.3.2.0 libXcompext.so.3
ln -s nx/libXcompshad.so.3.2.0 libXcompshad.so.3

[boyan7640]

Hi all,

Please, check this out (so simple and nice, and it's working ):
http://www.savelono.com/linux/freenx...ult-setup.html

Details:
------------------------------------------------------------
[root@hostname nxserver]# rpm -qa | grep nx
nx-3.3.0-33.fc10.i386
freenx-server-0.7.3-11.fc10.i386
[root@hostname nxserver]#

[root@hostname nxserver]# getenforce
Enforcing
[root@hostname nxserver]#

[root@hostname nxserver]# grep -v '^#' /etc/nxserver/node.conf
DISPLAY_BASE=1001
NX_LOG_LEVEL=7
NX_LOG_SECURE=1
NX_LOGFILE=/var/log/nx/nxserver.log
[root@hostname nxserver]#

Fedora 10
PC i686
------------------------------------------------------------

Best Regards,

Boyan Boychev
Stara Zagora, Bulgaria

[oleg_svarog]

Oh, man. I wasted a couple of days beating my brains out - why the remote screen appears for a moment and then connections fail!

The reason was xorg-x11-fonts-misc. After installing it all systems go!

[xtian]

Einbert! is you alter ego Mel Kham? Cuz your tutorial is quoted verbatim here:
http://www.unixmen.com/install-and-c...freenx-server/
And no, I'm not trolling. I'm trying to install NX on CentOS6 which uses FreeNX 0.7 and I've been bashing my brains out for weeks to get here.