[
https://issues.apache.org/jira/browse/GUACAMOLE-1357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17355284#comment-17355284
]
Mike Jumper commented on GUACAMOLE-1357:
----------------------------------------
If the RDP server is explicitly denying access for connections from Guacamole,
that isn't a bug in Guacamole but rather something that must be reconfigured on
the RDP server. As you note, it's also possible that the RDP server will cease
denying access if the correct additional information is given within the
connection parameters.
Either way, for this or other questions, please instead subscribe and post to
the [email protected] mailing list:
http://guacamole.apache.org/support/#mailing-lists
The community on the list should be able to help you figure out what needs to
be corrected in the connection parameters, the RDP server's configuration, or
both.
> RDP login failed when Active Directory policy "Log on to" is set for user.
> --------------------------------------------------------------------------
>
> Key: GUACAMOLE-1357
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1357
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole, guacd
> Affects Versions: 1.3.0
> Reporter: joe
> Priority: Major
>
> We have a few Windows machines in our environment and wanted to RDP to them
> via Guacamole.
> There is Active Directory Users and Computers policy in place, each user has
> specific computer names in list of their "Log on to" policy. NLA is also
> enforced in the remote access settings.
>
> When users try to use Guacamole to connect their machines, "Login failed"
> error is displayed. The guacd log reads:
> "RDP server closed/refused connection: Authentication failure (invalid
> credentials?)"
>
> When the "Log on to" policy is changed to "All Computers" for that user, the
> problem is resolved. Changing authentication type from "NLA" from both
> Guacamole and the server also resolves the problem. But both of these
> workarounds are against security policies.
>
> Also it's worth noting that the "Log on to" policy is kind of tricky because
> it also restricts the machines which users may use to "Log on _from_". So we
> added both users' machines and servers to their "Log on to" and now they have
> no problem using mstsc connecting to servers, but the problem persists with
> Guacamole.
> [https://www.urtech.ca/2016/01/solved-rdp-the-system-administrator-has-limited-the-computers-you-can-log-on-with-log-on-to/]
>
> I tried adding a "Client name" in Guacamole basic settings and added that
> name in the list of "Log on to" but no chance.
>
> Thanks in advance for your help
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
