On Friday, January 10, 2025 at 06:00:04 PM GMT+1, Nick Couchman <[email protected]> wrote:
> or the credentials could actually be wrong. Thanks, Nick. I finally found the relationship between the guacd and Tomcat logs by searching for timestamps (not easy when there are a lot of users connecting at once, but I'm quite sure I got the right lines). So I finally got hold of the cause: SPNEGO received NTSTATUS: STATUS_LOGON_FAILURE [0xC000006D] from server So it's obviously because the user inputs the wrong credentials. All of the users I manage connect to these RDP servers with the same protocol details (NLA, etc.). They all initially authenticate with Guacamole client via SAML SSO. They then select an RDP connection which is configured without user credentials since I cannot automatically retrieve the user password from the IdP (Shibboleth). The user is thus forced to reauth on the RDP server (the typical login screen with black background on Guacamole). When a user enters the wrong credentials at this stage, they are usually presented with a Guacamole client message with something like "login failed, will retry in x seconds". However, after that x-seconds timeout, the login prompt to the RDP server is shown again. The user has to type it in again. In this case, I'm seeing a considerable amount of attempts /failures one after another. So this is either Homer Simpson trying to log in, or the browser the user's using is caching/reusing the same wrong credentials, but I don't think that's possible (or is it? -- I haven't found a way to reproduce it, and it's hard to communicate with the remote user to find out what he/she is doing). Anyway, I think I can work with the logs now. Thanks for the help, Vieri --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
