Saturday, May 06, 2006

Giving FreeNX a Try

I decided to finally give FreeNX a try on my system. NX is an open source terminal server technology developed by NoMachine for thin clients. After a couple days of solving problems, I finally got it working. I must say, it was worth the pain. I can now sit comfortably on my couch, booting Knoppix 4 on an old notebook I have, and run the desktop on my main machine as if I were sitting right there.

It will be interesting to see what it takes to get this working securely through my WRT54GS router from the WAN side and how well it performs. They claim it works very well, even over a 56K modem.

Since I was installing on a Debian Unstable/Testing (Etch) system with latest v7 of XOrg, I encountered a few problems. Maybe the following will save some folks some pain. Note that most of the HOWTOs and docs at the FreeNX website (freenx.berlios.de) talk about building from source, but I installed from binaries.

First, I added the following line to my /etc/apt/sources.list file:

deb http://packages.debianbase.de/etch/i386/nx/ ./

Then, as root of course,:

aptitude update
aptitude install freenx

Next, I wanted to first get it working entirely on my local machine, so I downloaded the Linux .deb package from the NoMachine download page and installed:

dpkg -i /home/share/download/nxclient_1.5.0-141_i386.deb

Still as root, I ran

nxsetup

with no options and went with the defaults at all prompts. This scripts creates the "nx" user, installs the NoMachine keys, sets up the server, and performs a basic connect test, which failed for me for several reasons.

First, ssh prompted me that localhost was an "untrusted" host. Since the script wasn't prepared to deal with this prompt, it failed. This was easily fixed by manually running ssh to localhost and answering the same prompt in the affirmative.

Rerunning nxsetup next gave me an authentication error "publickey". I needed to make the following changes to my /etc/ssh/sshd_config file:

PasswordAuthentication yes
AllowUsers *@192.168.1.* *@localhost nx
AuthorizedKeysFile %h/.ssh/authorized_keys2

Note the "2" at the end of that last line. Your "AllowUsers" may vary, but the essential changes were the "*@localhost nx".

After making these changes, restart the sshd:

/etc/init.d/ssh --restart

With nxsetup running successfully to completion, next I tried to run the nxclient as a normal user:

/usr/bin/NX/nxclient --wizard

This runs a wizard to help you specify an nxclient configuration and creates an icon for the desktop. I specified "localhost" as the host machine, "UNIX" "KDE" as the Desktop, and went with the defaults for everything else. When it tried to connect to the nx server, it failed, saying "Error: Lost connection to peer proxy on FD#10". Now began a long search through the freenx-knx mailing list and NoMachine knowledgebase for a solution. The upshot is that XOrg v7 changed the location of the X11 fonts and xauth utility. I had to make the following changes to /etc/nxserver/node.conf file:

AGENT_EXTRA_OPTIONS_X="-fp /usr/share/fonts/X11/misc/,
/usr/share/fonts/X11/75dpi/:unscaled,
/usr/share/fonts/X11/100dpi/:unscaled,
/usr/share/fonts/X11/Type1/,
/usr/share/fonts/X11/100dpi/,
/usr/share/fonts/X11/75dpi/"

Note: Although this looks like multiple lines, this is actually one long line in the conf file. The directories you specify here vary according to the fonts you have installed. Just do "ls /usr/share/fonts/X11" to figure out what you need.

Also made the following change in the node.conf file:

COMMAND_XAUTH=/usr/bin/xauth

Finally, there were still some files on my system from the old v6 of X11, so I moved them out of the way:

mv /usr/X11R6 /usr/X11R6_old

If you don't do this, apparently NX will get confused.

Once these changes were in place, NX worked like a charm. Performance is extremely good over my LAN and most everything works as if I were sitting right there at my main machine. Much better then VNC. Wow. Many thanks to NoMachine and the FreeNX devs.

A few issues I still need to investigate:

1. Audio isn't working.
2. What port forwarding do I need to set on my router so I can connect from the WAN, and how best to do it securely?
3. CUPS printing seems to configure fine but I haven't tested remote printing.