New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login at RDP Cluster with Session Broker #8
Comments
Confirmed with version from GIT: 1.8.3-17-g2140da0c (cloned on 2016-06-07) and Windows 2012 |
I have the same problem with dns round robin cluster with windows 2012 r2, user/password is asked two times... Thanks |
Still no avail workaround, I need to find a timeslot to dig deeper into this problem. Until the, could someone build rdesktop from latest source which include a better debug logging, reproduce the problem and post the logfile here ? To enable debug logging, run rdesktop like:
|
Maybe I know from where it can come from. |
Hi, I have tried with debug for example: RDESKTOP_DEBUG=All rdesktop server -k es -a 16 -u '' -d domain -r scard I hope that this can help |
Hello, Thank you |
As setting username/domain/password on command line works, I am writing a wrapper which, if the '-p auto' option is on the command line replaces it with '-p' and the actual password got from the .netrc file. |
hi @ppoilbarbe Great job, IT could be a great solution! |
Hello ppoilbarbe, sorry i didnt understand your post very well. So you are writing a something like a patch? Thank you and best regards. |
Not a patch just a script which calls rdesktop with the -p option. The password is stored in $HOME/.netrc file in order to not have it in scripts. |
@ppoilbarbe post your script at https://gist.github.com/ and link it here on this issue Still there is a bug were a authentication should be seamless through redirection. I haven't had the time to look into this yet but I believe there is a magic cookie that is received from the first connection to a server, that isused for authentication against the server the client is redirected to. |
Hello, thank you for your script. Thank you so much |
Just copy it at the place you want. do |
@hean01-cendio it should be nice if this kind of cookie exists... |
Hello ppoilbarbe, i really want to thank you for your help. I was now able to configure it now with your wrapper. Thank you really and best regards. |
It will be great to solve this issue, do you have any schedule? thanks |
@trentasis I will take a look into this next week |
Hello, i saw something interesting right now on an old raspberry we have here. I checked which rdesktop version is running: 1.7.1. Unfortunately I dont know which OS version is running on this raspberry. May you advise me how to install an old version like 1.7.1 on my raspberrys. So i would check if it is normal behaviour with 1.7.1 - that the connection works as it should. Maybe this would help you when you take a look in this problem. Thank you EDIT for not making a doublepost: Regards |
did you already got time to look in this problem? Thank you and best regards. |
Not really, however I have now a test environment with Ad + 2 x 2012r2 so that is not an hinder to start testing this.
If I recall correct rdesktop 1.7.1 doesn't have support for redirection PDU which means it doesnt know how to disconnect and reconnect to another rds server. Thats probably why you dont get the extra login prompts. |
Any news about this issue?
El dijous, 20 d’abril de 2017, Henrik Andersson <notifications@github.com>
va escriure:
… @Bottson <https://github.com/Bottson>
did you already got time to look in this problem?
Not really, however I have now a test environment with Ad + 2 x 2012r2 so
that is not an hinder to start testing this.
I can confirm with rdesktop 1.7.1. there is no double login when
connecting to Terminalserver with a connection broker.
If I recall correct rdesktop 1.7.1 doesn't have support for redirection
PDU which means it doesnt know how to disconnect an reconnect to another
rds server. Thats probably why you dont get the extra login prompts.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#8 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AM316CkvoEN6QvF-KphT2FW0yN4ewQ3zks5rx1D7gaJpZM4F1xz1>
.
|
@trentatis, I have looked a bit into the protocol for redirection but unfortunately I haven't had much time to dig deeper. |
I found a bug were the cookie was never used for authentication which brings the two authentication prompts. Fixed in commit b9481bb. I have tested this against 2 x 2012r2 RDS servers. Everyone with this issue, can you test on your side and report which version of RDS server you use. |
For me it works. |
Thanks!! I have downloaded master versin form zip and ./configure doesn't exist, with 1.8.3 was available, how cna generate this file to compile and test... |
@trentasis you need to run bootstrap script, see README.md file for information |
Sorry @hean01-cendio and thanks for information. @ppoilbarbe How are you trying and in what client (rdesktop command line parameters) and server are you using? thanks |
Do you authenticate using smart card ? What RDS server version are you using ? Are you running the built binary eg. './rdesktop ...' (Just checking...) ? |
Not, auth is with user/password, but we need /smartcard for other applicacions we have tried without /smartcard and then seems that two authentication are not required (/rdesktop server, It could be? |
Ok, I could reproduce your problem. The double login only appears when there is no session available and you are redirected to a second server. If you login and create a session on the second screen, then disconnect and reconnect, you are not prompted for another password. |
Correct, Is not always reproduced in some situations. Any scheduled date for this patch? Thanks! |
My command line parameters (no smartcard used) are:
EDIT: Not so good.... I have also the problem of two password depending on how I quit the session...
It's the same thing except the session number which is very low (<100) when working and very big when not. |
The main thing here is that i don't think RDP protocol supports what we want to accomplish the way we do it. Microsoft RDP client does always ask for credentials before the actual connection is carried out. eg the same thing as when you enter domain,user,password via commandline in rdesktop. This ways providing the credentials works as expected eg. no double prompts. I don't think we could reach the full way with the current approach without changing behavior of rdesktop. One solution might be that we make rdesktop always prompt for missing information that is not provided via commandline, such as domain, username and password (just like freerdp does) to make sure that we have credentials available for authentication before connection is carried out. Any ideas on that ? |
It's what I have done with my rdesktop wrapper (see previous messages: https://gist.github.com/ppoilbarbe/e0c8931d5cfab091f9fa7185b6535cdf)... No need to enter the password twice, or even once if the password is stored in wallet (just activate wallet once by session). And no need too to click on the "other user" screen. |
Hi, I also tested your new version 1.8.3post. |
Any new about this issue... Thanks |
Hi @ppoilbarbe I have one question about your python script, I understand that this only works if you are runnign from linux workstation and user/password from you run rdesktop are the same that rdesktop user has? I have an environment with thinclient where linux boot with generic user, and then a rdesktop commmand is executed and every user (multiple users can user from same thiclient session to open rdesktop sessions) open a rdesktop session, in this environment you script can work? Thanks! |
Fixing issue #127 will solve this problem. |
Commit 1aaafc8 changes the behavior of rdesktop to always prompt for a password if not provided. This should solve this issue. |
Hi, Can you give detail how to use and not asking two times password in a cluster with session broker, what options are required? Thanks |
After you supply a password (-p) it just should simply work. |
Sorry, but in our environment we use rdesktop a thinclient, and we can't
pass -p, we only use -u '' without password, because there are multiple
users in same client, what can I do in our situation?
Thanks
2018-01-09 11:45 GMT+01:00 Alexander Zakharov <notifications@github.com>:
… After you supply a password (*-p*) it just should simply work.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#8 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AM316DRByMsJfpB7JxKyEPT3HaYNpfJIks5tI0NSgaJpZM4F1xz1>
.
|
@trentasis use a askpass application to ask for password before connection, somthing like this:
|
Right now (while it's not yet clear whether we're going to merge #216 or not) you can provide arbitrary password with -p option. |
I can't use because in our environment we use as a thinclient with multiple users, and now with this cahnge always asp password in cmd prompt, and we don't show prompt tried with -p - -u user -d domain server also tried same command from command line and then two time is asked password, one from cmd and another from windows gui. Any suggestion how to recover features used with previous version to use rdesktop without any cmd interaction and also enter to windows 2012r2 wihtout to enter 2 times password.... It's a problem when there are many users... Any suggestion? Thanks |
I experience a problem when connecting rdesktop 1.8.3 to a RDP cluster with a session broker (DNS round robin). The parameters used are
The first connection (no session for the connecting user is running on the cluster) is working. After disconnecting the session and reconnecting, the client is entering the session for about a second (we can see the desktop applications) and is then thrown back to the login screen.
The console output is
When using the Microsoft RDP Client from Windows 8, there is a certificate error displayed after entering the session which can be accepted, then the session is entered. I assume this is the moment where the rdesktop session ends. The same effect happens more clearly when a smartcard login is used. But I couldn't find this inside the rdesktop debug logs.
As a matter of fact. the connection is working only when the DNS round robin returns the server where the session has been created. The "redirected to" output is always leading to a short login and a session disruption (means back to the login screen).
The problem seems to be independent from the pcsc lib when using a smartcard or the underlying Linux System since FreeRDP handles this correctly (with and without smartcard redirection).
Please tell what debug information I can provide if you are interested in fixing this.
The text was updated successfully, but these errors were encountered: