-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[arch,kerberos] Freerdp 3 authentication hangs due to broken krb5.conf #10138
Comments
what is written in your |
Yes, it definitely looks like some example
Is it enough to comment out everything, or do I need to create a proper configuration, I don't know how to do at the moment, but I can probably figure it out? I'm currently on freerdp 2 again, so it takes a while to switch and test, therefore I'm asking instead of testing it myself. |
@fredizzimo no, an empty file (or commented) is ok. |
Ok, I will try that out now, and come back to you with the results. |
Unfortunately, it did not help, not even after restarting the system. But I see the following in the journal log now
I also tried restarting the service after I joined the VPN, but it gives the same result. So maybe I need to try to configure it? Also while doing that I noticed that after 10 minutes, the xfreerdp printed this in the log, but was still hanging The domain name is the correct, so it got that right at least. Maybe it's misconfiguration on the workplace side? I can try to contact the IT support there. |
no, that is ok (it should fail fast if you are not using |
@fredizzimo also, why is your system trying to start a |
Ah, I just double checked, all of the activation of that was by myself through
|
@fredizzimo so, does your initial use case work now or is there still something to look at? |
No, my response was just about the I understand that it's hard to know what the problem is with this little information, so I can try to debug it during the weekend, to at least provide more information. |
a debug build with a running debugger to have a |
I don't have the symbols for the system libraries at the moment, but this is the callstack
So it looks like it's the Kerberos connection that fails to connect. I will try to check if freerdp 2 does something different, since that works. |
I bisected it down to this commit c9e61ff (cmake] simplify krb5 detection) NOTE: I had to do the bisecting with a clean build directory each time, if I just tried incremental builds then event the latest version would work, which also indicate that there might be something wrong with the cmake configuration. Probably detecting the wrong type of Kerberos implementation |
Ah, now I see, before that commit it defaulted to And it also works with If it can be disabled, I guess it "fixes" my problem, not sure if it's worth trying to dig further into this and found out the cause for the hang though. |
Very similar problem here. I have just switched to (K)Ubuntu 24.04 on a couple of PC, and I can no longer connect by numeric IP address to AD domain member machines with Remmina.
The error is:
The problem disappear by using a FQDN hostname instead of a numeric IP address, or by adding Same problem when manually compiling master branch of FreeRDP3 on a Ubuntu 22.04 or Ubuntu 20.04 |
I opened a Remmina feature request for being able to disable Kerberos. https://gitlab.com/Remmina/Remmina/-/issues/3104 |
Some more information, by just looking at my callstack and the krb5 code, it's this nameserver lookup called from this that fail My guess is that some parts of the company internal network are not reachable through the VPN, and therefore fail. |
@fredizzimo can you try with the short netbios domain In my case it works as workaround. But I'm still having a customer that has NETBIOS doman identical to DNS domain (with dot inside). So I cannot use this workaround. |
@giox069 @fredizzimo the the issue I mentioned before ( @giox069 you run a build with |
I'm using two xfreerdp 3: the stock version of Ubuntu 24.04, and my own compiled version from master branch on Ubuntu 22.04. In CMakeCache.txt of the compiled version can find |
@giox069 seems active. |
I did some bisecting, the commit that introduced the problem is c9e61ff |
... and it's the same commit bisected by @fredizzimo ;) |
@giox069 and as @fredizzimo already found out the commit that enabled |
@fredizzimo @giox069 can you add a full log of your failed connections with kerberos debugging enabled? (see https://web.mit.edu/kerberos/krb5-1.12/doc/admin/env_variables.html for details for kerberos debugging) |
@giox069 also, do you have some stuff in your only message is |
@fredizzimo ok, did manage to get a slowdown (DNS lookup delay) but no hang.
|
@akallabeth my /ectkrb5.conf does not exists. I will able to produce debug trace later this night (CET), not now. If you need, I can open a remote TCP port from a fixed IP address/subnet so you can do tests by yourself. I can setup it this night. Remember that the error appears when: |
@giox069 ok, I´ll wait. |
@giox069 @fredizzimo ok, I´ve found a way to fix this for my case here with the following
this effectively disables |
This workaround is working! 👍 |
Describe the bug
After the Arch Linux remmina package was updated to use freerdp3 the remote connection to my workplace Windows 11 computer stopped working. I first thought that it was a remmina problem, but it does seem to be freerdp one, since I can repeat it with
xfreerdp
. Freerdp 2 works fine.To Reproduce
xfreerdp /v:computer.domain.org /u:user.name@domain.org /p:password /log-level:TRACE +auth-only
Expected behavior
It should login and exit
Application details
xfreerdp /version
): 3.5.2-dev0 (c172713)xfreerdp /v:computer.domain.org /u:user.name@domain.org /p:password /log-level:TRACE +auth-only
xfreerdp /buildconfig
buildconfig
``` [15:25:21:504] [335632:00051f10] [INFO][com.winpr.timezone] - [winpr_detect_windows_time_zone]: tzid: Europe/Helsinki This is FreeRDP version 3.5.2-dev0 (c172713) Build configuration: BUILD_TESTING=OFF WINPR_HAVE_AIO_H=1 WINPR_HAVE_EXECINFO_BACKTRACE=1 WINPR_HAVE_EXECINFO_BACKTRACE_SYMBOLS=1 WINPR_HAVE_EXECINFO_BACKTRACE_SYMBOLS_FD=1 WINPR_HAVE_EXECINFO_HEADER=1 WINPR_HAVE_FCNTL_H=1 WINPR_HAVE_GETLOGIN_R=1 WINPR_HAVE_GETPWUID_R=1 WINPR_HAVE_INTTYPES_H=1 WINPR_HAVE_POLL_H=1 WINPR_HAVE_PTHREAD_MUTEX_TIMEDLOCK_LIB=1 WINPR_HAVE_PTHREAD_MUTEX_TIMEDLOCK_LIBS= WINPR_HAVE_PTHREAD_MUTEX_TIMEDLOCK_SYMBOL=1 WINPR_HAVE_STDBOOL_H=1 WINPR_HAVE_STDINT_H=1 WINPR_HAVE_STRNDUP=1 WINPR_HAVE_SYSLOG_H=1 WINPR_HAVE_SYS_EVENTFD_H=1 WINPR_HAVE_SYS_FILIO_H= WINPR_HAVE_SYS_SELECT_H=1 WINPR_HAVE_SYS_SOCKIO_H= WINPR_HAVE_SYS_TIMERFD_H=1 WINPR_HAVE_TM_GMTOFF=1 WINPR_HAVE_UNISTD_H=1 WINPR_HAVE_UNWIND_H=1 WITH_AAD=ON WITH_ABSOLUTE_PLUGIN_LOAD_PATHS=ON WITH_ADD_PLUGIN_TO_RPATH=OFF WITH_ALSA=ON WITH_BINARY_VERSIONING=OFF WITH_CAIRO=OFF WITH_CCACHE=ON WITH_CHANNELS=ON WITH_CLANG_FORMAT=ON WITH_CLIENT=ON WITH_CLIENT_AVAILABLE=1 WITH_CLIENT_CHANNELS=ON WITH_CLIENT_CHANNELS_AVAILABLE=1 WITH_CLIENT_COMMON=ON WITH_CLIENT_INTERFACE=OFF WITH_CLIENT_SDL=ON WITH_CLIENT_SDL_AVAILABLE=1 WITH_CUPS=ON WITH_DEBUG_ALL=OFF WITH_DEBUG_CAPABILITIES=OFF WITH_DEBUG_CERTIFICATE=OFF WITH_DEBUG_CHANNELS=OFF WITH_DEBUG_CLIPRDR=OFF WITH_DEBUG_CODECS=OFF WITH_DEBUG_DVC=OFF WITH_DEBUG_EVENTS=OFF WITH_DEBUG_KBD=OFF WITH_DEBUG_LICENSE=OFF WITH_DEBUG_MUTEX=OFF WITH_DEBUG_NEGO=OFF WITH_DEBUG_NLA=OFF WITH_DEBUG_NTLM=OFF WITH_DEBUG_RAIL=OFF WITH_DEBUG_RDP=OFF WITH_DEBUG_RDPDR=OFF WITH_DEBUG_RDPEI=OFF WITH_DEBUG_RDPGFX=OFF WITH_DEBUG_REDIR=OFF WITH_DEBUG_RFX=OFF WITH_DEBUG_RINGBUFFER=OFF WITH_DEBUG_SCARD=OFF WITH_DEBUG_SCHANNEL=OFF WITH_DEBUG_SDL_EVENTS=OFF WITH_DEBUG_SDL_KBD_EVENTS=OFF WITH_DEBUG_SND=OFF WITH_DEBUG_SVC=OFF WITH_DEBUG_SYMBOLS=OFF WITH_DEBUG_THREADS=OFF WITH_DEBUG_TIMEZONE=OFF WITH_DEBUG_TRANSPORT=OFF WITH_DEBUG_TSG=OFF WITH_DEBUG_TSMF=OFF WITH_DEBUG_TSMF_AVAILABLE=0 WITH_DEBUG_URBDRC=OFF WITH_DEBUG_WND=OFF WITH_DEBUG_X11=OFF WITH_DEBUG_X11_LOCAL_MOVESIZE=OFF WITH_DEBUG_XV=OFF WITH_DSP_EXPERIMENTAL=OFF WITH_DSP_FFMPEG=ON WITH_DSP_FFMPEG_AVAILABLE=1 WITH_EVENTFD_READ_WRITE=1 WITH_FAAC=OFF WITH_FAAD2=OFF WITH_FFMPEG=ON WITH_FREERDP_DEPRECATED=OFF WITH_FREERDP_DEPRECATED_COMMANDLINE=OFF WITH_FUSE=ON WITH_GFX_H264=ON WITH_GPROF=OFF WITH_GSM=OFF WITH_ICU=ON WITH_INTERNAL_MD4=OFF WITH_INTERNAL_MD5=OFF WITH_INTERNAL_RC4=OFF WITH_JPEG=ON WITH_KRB5=ON WITH_KRB5_NO_NTLM_FALLBACK=OFF WITH_LAME=OFF WITH_LIBRARY_VERSIONING=ON WITH_LIBRESSL=OFF WITH_LODEPNG=OFF WITH_MACAUDIO=OFF WITH_MACAUDIO_AVAILABLE=0 WITH_MANPAGES=ON WITH_MBEDTLS=OFF WITH_NATIVE_SSPI=OFF WITH_NEON=OFF WITH_OPENCL=OFF WITH_OPENH264=OFF WITH_OPENSSL=ON WITH_OPUS=OFF WITH_OSS=ON WITH_PCSC=ON WITH_PKCS11=ON WITH_PLATFORM_SERVER=ON WITH_POLL=ON WITH_PROFILER=OFF WITH_PROXY=ON WITH_PROXY_APP=ON WITH_PROXY_EMULATE_SMARTCARD=OFF WITH_PROXY_MODULES=ON WITH_PULSE=ON WITH_RDTK=ON WITH_SAMPLE=ON WITH_SANITIZE_ADDRESS=OFF WITH_SANITIZE_ADDRESS_AVAILABLE=1 WITH_SANITIZE_MEMORY=OFF WITH_SANITIZE_MEMORY_AVAILABLE=1 WITH_SANITIZE_THREAD=OFF WITH_SANITIZE_THREAD_AVAILABLE=1 WITH_SDL_IMAGE_DIALOGS=OFF WITH_SDL_LINK_SHARED=ON WITH_SERVER=ON WITH_SERVER_CHANNELS=ON WITH_SERVER_INTERFACE=ON WITH_SHADOW=ON WITH_SMARTCARD_EMULATE=ON WITH_SMARTCARD_INSPECT=OFF WITH_SMARTCARD_PCSC=ON WITH_SOXR=OFF WITH_SSE2=OFF WITH_SWSCALE=ON WITH_SYSTEMD=ON WITH_THIRD_PARTY=OFF WITH_UNICODE_BUILTIN=OFF WITH_URIPARSER=OFF WITH_VAAPI=OFF WITH_VAAPI_AVAILABLE=1 WITH_VALGRIND_MEMCHECK=OFF WITH_VALGRIND_MEMCHECK_AVAILABLE=1 WITH_VERBOSE_WINPR_ASSERT=ON WITH_VIDEO_FFMPEG=ON WITH_VIDEO_FFMPEG_AVAILABLE=1 WITH_WAYLAND=ON WITH_WEBVIEW=ON WITH_WEBVIEW_QT=OFF WITH_WINPR_DEPRECATED=OFF WITH_WINPR_TOOLS=ON WITH_WIN_CONSOLE=ON WITH_X11=ON WITH_XCURSOR=ON WITH_XEXT=ON WITH_XFIXES=ON WITH_XI=ON WITH_XINERAMA=ON WITH_XRANDR=ON WITH_XRENDER=ON WITH_XV=ON Build type: Release CFLAGS: -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -g -ffile-prefix-map=/build/freerdp-git/src=/usr/src/debug/freerdp-git -flto=auto -Wall -Wpedantic -Wno-padded -Wno-cast-align -Wno-declaration-after-statement -fPIC -Wall -fvisibility=hidden -Wimplicit-function-declaration -Wredundant-decls -fno-omit-frame-pointer Compiler: GNU, 13.2.1 Target architecture: x64 Keyboard Shortcuts: releases keyboard and mouse grab ++ toggles fullscreen state of the application ++c toggles remote control in a remote assistance session Action Script Executes a predefined script on key press. Should the script not exist it is ignored. Scripts can be provided at the default localtion ~/.config/freerdp/action.sh or as command line argument /action:script: The script will receive the current key combination as argument. The output of the script is parsed for 'key-local' which tells that the script used the key combination, otherwise the combination is forwarded to the remote. ```/log-level:trace 2>&1 | tee log.txt
freerdp3
freerdp3
freerdp 2
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: