NLA - client authentication failure #7244
Replies: 4 comments 3 replies
-
shadow does not support |
Beta Was this translation helpful? Give feedback.
-
If I run the windows client with -sec-nla, ex: in linux server side, it supports only (server supports only NLA Security error) refer the server side log below. [14:39:02:858] [2227:2231] [INFO][com.freerdp.core.connection] - Client Security: NLA:0 TLS:0 RDP:1 [14:39:02:858] [2227:2231] [TRACE][com.freerdp.server.shadow.mcevent] - Release Subscriber 0x00007f04400043c0. Quit event 0. 0 clients. |
Beta Was this translation helpful? Give feedback.
-
Then how to do NLA authentication ? |
Beta Was this translation helpful? Give feedback.
-
@akallabeth Thanks for the info.
TLS security is enabled. Still am getting client authentication failed. |
Beta Was this translation helpful? Give feedback.
-
In ubuntu 18.04 side:
Am running the freerdp server. Am getting the below logs:
:~$ freerdp-shadow-cli -version
[11:12:13:322] [2747:2747] [INFO][com.freerdp.server.shadow] - FreeRDP version 2.2.0 (git n/a)
:~$freerdp-shadow-cli /sam-file:/etc/freerdp/SAM /sec:nla
[11:13:10:810] [2772:2772] [INFO][com.freerdp.server.shadow.x11] - X11 Extensions: XFixes: 1 Xinerama: 1 XDamage: 0 XShm: 0
[11:13:10:812] [2772:2772] [INFO][com.freerdp.core.listener] - Listening on [0.0.0.0]:3389
[11:13:23:114] [2772:2773] [DEBUG][com.winpr.thread] - Thread running, setting to detached state!
[11:13:23:118] [2772:2776] [TRACE][com.freerdp.server.shadow.mcevent] - Get subscriber 0x00007fb3440030f0. Wait event 0. 0 clients.
[11:13:23:119] [2772:2776] [TRACE][com.freerdp.server.shadow.mcevent] - Get subscriber 0x00007fb3440030f0. Quit event 0. 0 clients.
[11:13:23:119] [2772:2776] [DEBUG][com.freerdp.core.nego] - RDP_NEG_REQ: RequestedProtocol: 0x00000003
[11:13:23:119] [2772:2776] [INFO][com.freerdp.core.connection] - Client Security: NLA:1 TLS:1 RDP:0
[11:13:23:119] [2772:2776] [INFO][com.freerdp.core.connection] - Server Security: NLA:1 TLS:0 RDP:0
[11:13:23:119] [2772:2776] [INFO][com.freerdp.core.connection] - Negotiated Security: NLA:1 TLS:0 RDP:0
[11:13:23:122] [2772:2776] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[11:13:23:157] [2772:2774] [TRACE][com.freerdp.server.shadow.mcevent] - Server published event 1. 1 clients.
[11:13:23:157] [2772:2774] [TRACE][com.freerdp.server.shadow.mcevent] - Server wait event 1. 1 clients.
[11:13:41:517] [2772:2776] [DEBUG][com.freerdp.core.nla] - CredSSP protocol support 6, peer supports 6
[11:13:41:517] [2772:2776] [DEBUG][com.freerdp.core.nla] - Receiving Authentication Token
[11:13:41:517] [2772:2776] [DEBUG][com.freerdp.core.nla] - NLA.negoToken (length = 40):
[11:13:41:517] [2772:2776] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
[11:13:41:517] [2772:2776] [TRACE][com.freerdp.core.nla] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
[11:13:41:517] [2772:2776] [DEBUG][com.freerdp.core.nla] - Sending Authentication Token
[11:13:41:517] [2772:2776] [DEBUG][com.freerdp.core.nla] - NLA.negoToken (length = 158):
[11:13:41:621] [2772:2776] [DEBUG][com.freerdp.core.nla] - Receiving Authentication Token
[11:13:41:621] [2772:2776] [DEBUG][com.freerdp.core.nla] - NLA.negoToken (length = 216):
[11:13:41:621] [2772:2776] [DEBUG][com.freerdp.core.nla] - NLA.pubKeyAuth (length = 48):
[11:13:41:621] [2772:2776] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308]
[11:13:41:621] [2772:2776] [WARN][com.winpr.sspi] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308]
[11:13:41:621] [2772:2776] [TRACE][com.freerdp.core.nla] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308]
[11:13:41:621] [2772:2776] [ERROR][com.freerdp.core.nla] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308]
[11:13:41:621] [2772:2776] [ERROR][com.freerdp.core.transport] - client authentication failure
[11:13:41:621] [2772:2776] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail
[11:13:41:621] [2772:2776] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
[11:13:41:621] [2772:2776] [DEBUG][com.freerdp.core.rdp] - transport_check_fds() - -1
[11:13:41:621] [2772:2776] [ERROR][com.freerdp.client.shadow] - Failed to check FreeRDP file descriptor
[11:13:41:621] [2772:2776] [TRACE][com.freerdp.server.shadow.mcevent] - Release Subscriber 0x00007fb3440030f0. Drop event 1. 1 clients.
[11:13:41:621] [2772:2776] [TRACE][com.freerdp.server.shadow.mcevent] - Release Subscriber 0x00007fb3440030f0. Quit event 1. 0 clients.
[11:13:41:621] [2772:2774] [TRACE][com.freerdp.server.shadow.mcevent] - Server quit event 1. 0 clients.
In windows 10 side: running the client
wfreerdp.exe /v:192.168.56.101 /cert-ignore /log-level:TRACE > logsfile.log
[11:13:25:449] [5436:00002458] [DEBUG][com.freerdp.client.common] - This is 3.0.0-dev Build configuration: BUILD_TESTING=OFF BUILTIN_CHANNELS=ON HAVE_AIO_H= HAVE_EXECINFO_H= HAVE_FCNTL_H=1 HAVE_INTTYPES_H=1 HAVE_STRNDUP= HAVE_SYSLOG_H= HAVE_SYS_EVENTFD_H= HAVE_SYS_FILIO_H= HAVE_SYS_SELECT_H= HAVE_SYS_SOCKIO_H= HAVE_SYS_TIMERFD_H= HAVE_TM_GMTOFF= HAVE_UNISTD_H= WITH_CAIRO=OFF WITH_CCACHE=ON WITH_CHANNELS=ON WITH_CLANG_FORMAT=ON WITH_CLIENT=ON WITH_CLIENT_AVAILABLE=1 WITH_CLIENT_CHANNELS=ON WITH_CLIENT_CHANNELS_AVAILABLE=1 WITH_CLIENT_COMMON=ON WITH_CLIENT_INTERFACE=OFF WITH_DEBUG_ALL=OFF WITH_DEBUG_CAPABILITIES=OFF WITH_DEBUG_CERTIFICATE=OFF WITH_DEBUG_CHANNELS=OFF WITH_DEBUG_CLIPRDR=OFF WITH_DEBUG_DVC=OFF WITH_DEBUG_KBD=OFF WITH_DEBUG_LICENSE=OFF WITH_DEBUG_MUTEX=OFF WITH_DEBUG_NEGO=OFF WITH_DEBUG_NLA=OFF WITH_DEBUG_NTLM=OFF WITH_DEBUG_RAIL=OFF WITH_DEBUG_RDP=OFF WITH_DEBUG_RDPDR=OFF WITH_DEBUG_RDPEI=OFF WITH_DEBUG_RDPGFX=OFF WITH_DEBUG_REDIR=OFF WITH_DEBUG_RFX=OFF WITH_DEBUG_RINGBUFFER=OFF WITH_DEBUG_SCARD=OFF WITH_DEBUG_SND=OFF WITH_DEBUG_SVC=OFF WITH_DEBUG_SYMBOLS=OFF WITH_DEBUG_THREADS=OFF WITH_DEBUG_TIMEZONE=OFF WITH_DEBUG_TRANSPORT=OFF WITH_DEBUG_TSG=OFF WITH_DEBUG_TSMF=OFF WITH_DEBUG_TSMF_AVAILABLE=0 WITH_DEBUG_WND=OFF WITH_DEBUG_X11=OFF WITH_DEBUG_X11_CLIPRDR=OFF WITH_DEBUG_X11_LOCAL_MOVESIZE=OFF WITH_DEBUG_XV=OFF WITH_DSP_EXPERIMENTAL=OFF WITH_FAAC=OFF WITH_FAAD2=OFF WITH_FFMPEG=OFF WITH_FREERDP_DEPRECATED=OFF WITH_GFX_H264=ON WITH_GPROF=OFF WITH_GSM=OFF WITH_GSSAPI=OFF WITH_ICU=OFF WITH_IPP=OFF WITH_JPEG=OFF WITH_LAME=OFF WITH_LIBRARY_VERSIONING=ON WITH_MACAUDIO=OFF WITH_MACAUDIO_AVAILABLE=0 WITH_MANPAGES=ON WITH_MBEDTLS=OFF WITH_MEDIA_FOUNDATION=ON WITH_NATIVE_SSPI=ON WITH_OPENCL=OFF WITH_OPENH264=OFF WITH_OPENSSL=ON WITH_PROFILER=OFF WITH_SAMPLE=OFF WITH_SERVER=OFF WITH_SERVER_INTERFACE=ON WITH_SMARTCARD_INSPECT=OFF WITH_SOXR=OFF WITH_SSE2=ON WITH_SWSCALE=OFF WITH_THIRD_PARTY=OFF WITH_VERBOSE_WINPR_ASSERT=ON WITH_WIN8=OFF WITH_WINMM=ON WITH_WINPR_DEPRECATED=OFF WITH_WINPR_TOOLS=ON WITH_X264=OFF WITH_ZLIB=OFF
Build type: Release
CFLAGS: /DWIN32 /D_WINDOWS /Gd /W3
Compiler: MSVC, 18.0.40629.0
Target architecture: x64
[11:13:25:449] [5436:00002dbc] [INFO][com.freerdp.core] - freerdp_connect:freerdp_set_last_error_ex resetting error state
[11:13:25:449] [5436:00002dbc] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[11:13:25:449] [5436:00002dbc] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[11:13:25:449] [5436:00002dbc] [DEBUG][com.freerdp.channels.cliprdr.client] - VirtualChannelEntryEx
[11:13:25:449] [5436:00002dbc] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[11:13:25:451] [5436:00002dbc] [DEBUG][com.freerdp.primitives] - primitives benchmark result:
[11:13:25:463] [5436:00002dbc] [DEBUG][com.freerdp.primitives] - * generic= 1
[11:13:25:467] [5436:00002dbc] [DEBUG][com.freerdp.primitives] - * optimized= 1
[11:13:25:467] [5436:00002dbc] [INFO][com.freerdp.primitives] - primitives autodetect, using generic
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - Enabling security layer negotiation: TRUE
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - Enabling restricted admin mode: FALSE
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - Enabling RDP security: TRUE
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - Enabling TLS security: TRUE
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - Enabling NLA security: TRUE
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - Enabling NLA extended security: FALSE
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_NLA
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - Attempting NLA security
[11:13:25:477] [5436:00002dbc] [INFO][com.freerdp.core] - freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error state
[11:13:25:477] [5436:00002dbc] [INFO][com.freerdp.core] - freerdp_tcp_default_connect:freerdp_set_last_error_ex resetting error state
[11:13:25:477] [5436:00002dbc] [DEBUG][com.freerdp.core] - connecting to peer 192.168.56.101
[11:13:25:478] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - RequestedProtocols: 3
[11:13:25:484] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - RDP_NEG_RSP
[11:13:25:484] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - selected_protocol: 2
[11:13:25:484] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_FINAL
[11:13:25:484] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - Negotiated NLA security
[11:13:25:484] [5436:00002dbc] [DEBUG][com.freerdp.core.nego] - nego_security_connect with PROTOCOL_HYBRID
[11:13:25:486] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - -- NLA_STATE_INITIAL --> NLA_STATE_INITIAL
[11:13:42:876] [5436:00002dbc] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExW
[11:13:42:877] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - nla_client_init 705 : packageName=Negotiate ; cbMaxToken=48256
[11:13:42:881] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - InitializeSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
[11:13:42:881] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> sending...
[11:13:42:881] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> protocol version 6
[11:13:42:881] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> nego token
[11:13:42:881] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> client nonce
[11:13:42:882] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - -- NLA_STATE_INITIAL --> NLA_STATE_NEGO_TOKEN
[11:13:42:983] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- receiving...
[11:13:42:983] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- protocol version 6
[11:13:42:983] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- nego token
[11:13:42:983] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- client nonce
[11:13:42:985] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - InitializeSecurityContext status SEC_E_OK [0x00000000]
[11:13:42:985] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> sending...
[11:13:42:985] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> protocol version 6
[11:13:42:985] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> nego token
[11:13:42:985] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> public key auth
[11:13:42:985] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - ----->> client nonce
[11:13:42:986] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - -- NLA_STATE_NEGO_TOKEN --> NLA_STATE_PUB_KEY_AUTH
[11:13:43:087] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- receiving...
[11:13:43:087] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- protocol version 6
[11:13:43:087] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- public key info
[11:13:43:089] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- error code FAILURE: 0x00003AFC 0xc00700ea
[11:13:43:089] [5436:00002dbc] [DEBUG][com.freerdp.core.nla] - <<----- client nonce
[11:13:43:089] [5436:00002dbc] [DEBUG][com.freerdp.core.rdp] - transport_check_fds() - -1
[11:13:43:094] [5436:00002dbc] [DEBUG][com.freerdp.client.windows] - Main thread exited with 131081
[11:13:43:095] [5436:00002ca4] [DEBUG][com.freerdp.client.windows] - Keyboard thread exited.
clientlogs.txt
serverlogs.txt
Beta Was this translation helpful? Give feedback.
All reactions