I'm looking into the issue, I am wondering if the problem is not related to
this: http://support.microsoft.com/?id=942564
<http://support.microsoft.com/?id=942564>One problem listed is samba
incompatibility. Since I had to look into samba3 source code during my work,
I guess that might explain why. Not all security features are used in the
current implementation, maybe those were enforced after some recent upgrade
on both Windows Server 2008 and Windows 7 Ultimate.
On Sat, Feb 12, 2011 at 1:57 AM, Vic Lee <ll...@163.com> wrote:
> Hi Marc,
>
> OK, I have tested again have the following scenario:
>
> 1. Win7 Ultimate: Provide only username/password, no domain. I am in
> successfully. The user is actually a domain user, however it seems that the
> server knows to use a default domain if I omit it.
>
> 2. Win7 Ultimate: Provide username/password/domain. I got similar error as
> Jay. You can refer to Jay's logs.
>
> 3. Win2003: negotiation broken. I can connect only if I specify --no-tls.
> Previously freerdp will reconnect when getting "Error:
> SSL_NOT_ALLOWED_BY_SERVER", now it seems the reconnection also fails.
>
> Error: SSL_NOT_ALLOWED_BY_SERVER
> ui_error: ERROR: Connection closed
> ui_error: ERROR: send: Broken pipe
> ui_error: ERROR: Connection closed
> Protocol security negotiation failure, disconnecting
>
> run_xfreerdp: inst->rdp_connect failed
> main thread, all threads did exit
>
> Vic
>
>
> On 02/12/2011 01:52 PM, Marc-André Moreau wrote:
>
>> Hi Vic,
>>
>> On Sat, Feb 12, 2011 at 12:46 AM, Vic Lee <ll...@163.com
>> <mailto:ll...@163.com>> wrote:
>>
>> Hi Marc,
>>
>> This is the log. The computer I am testing is under domain, however
>> I not passing any domain or user to xfreerdp and I am supposed to
>> get the login screen.
>>
>>
>> Actually, no. With NLA, there should be no login screen. This older
>> behavior was vulnerable to denial of service attacks since a full login
>> screen (requires quite some resources) could be obtained without any
>> valid credentials. mstsc.exe can ask credentials "live" during the
>> connection attempt. However, xfreerdp being in X11, we do not really
>> have a nice graphical way of inputting the credentials. Maybe those
>> could be inputted live from the command line.
>>
>
>
>
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Freerdp-devel mailing list
Freerdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
