joe created GUACAMOLE-1357:
------------------------------
Summary: RDP login failed when Active Directory policy "Log on to"
is set for user.
Key: GUACAMOLE-1357
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1357
Project: Guacamole
Issue Type: Bug
Components: guacamole, guacd
Affects Versions: 1.3.0
Reporter: joe
We have a few Windows machines in our environment and wanted to RDP to them via
Guacamole.
There is Active Directory Users and Computers policy in place, each user has
specific computer names in list of their "Log on to" policy. NLA is also
enforced in the remote access settings.
When users try to use Guacamole to connect their machines, "Login failed" error
is displayed. The guacd log reads:
"RDP server closed/refused connection: Authentication failure (invalid
credentials?)"
When the "Log on to" policy is changed to "All Computers" for that user, the
problem is resolved. Changing authentication type from "NLA" from both
Guacamole and the server also resolves the problem. But both of these
workarounds are against security policies.
Also it's worth noting that the "Log on to" policy is kind of tricky because it
also restricts the machines which users may use to "Log on _from_". So we added
both users' machines and servers to their "Log on to" and now they have no
problem using mstsc connecting to servers.
[https://www.urtech.ca/2016/01/solved-rdp-the-system-administrator-has-limited-the-computers-you-can-log-on-with-log-on-to/]
I tried adding a "Client name" in Guacamole basic settings and added that name
in the list of "Log on to" but no chance.
Thanks in advance for your help
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
