[
https://issues.apache.org/jira/browse/GUACAMOLE-1357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper closed GUACAMOLE-1357.
----------------------------------
Resolution: Invalid
> RDP login failed when Active Directory policy "Log on to" is set for user.
> --------------------------------------------------------------------------
>
> Key: GUACAMOLE-1357
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1357
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole, guacd
> Affects Versions: 1.3.0
> Reporter: joe
> Priority: Major
>
> We have a few Windows machines in our environment and wanted to RDP to them
> via Guacamole.
> There is Active Directory Users and Computers policy in place, each user has
> specific computer names in list of their "Log on to" policy. NLA is also
> enforced in the remote access settings.
>
> When users try to use Guacamole to connect their machines, "Login failed"
> error is displayed. The guacd log reads:
> "RDP server closed/refused connection: Authentication failure (invalid
> credentials?)"
>
> When the "Log on to" policy is changed to "All Computers" for that user, the
> problem is resolved. Changing authentication type from "NLA" from both
> Guacamole and the server also resolves the problem. But both of these
> workarounds are against security policies.
>
> Also it's worth noting that the "Log on to" policy is kind of tricky because
> it also restricts the machines which users may use to "Log on _from_". So we
> added both users' machines and servers to their "Log on to" and now they have
> no problem using mstsc connecting to servers, but the problem persists with
> Guacamole.
> [https://www.urtech.ca/2016/01/solved-rdp-the-system-administrator-has-limited-the-computers-you-can-log-on-with-log-on-to/]
>
> I tried adding a "Client name" in Guacamole basic settings and added that
> name in the list of "Log on to" but no chance.
>
> Thanks in advance for your help
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
