Recent versions of Windows enable TLS (with a self-signed cert) and NLA by default.
If you want to be prompted with a traditional Windows login screen, you will need to disable NLA. With NLA enabled, the username and password must be provided in the connection parameters. Integrating guac with AD or LDAP such that the guac username/password is always the same as the Windows username/password would allow use of parameter tokens for this: https://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens For TLS to work with a self-signed cert, you will need to set the connection parameter telling Guacamole to ignore the certificate. - Mike On Mar 15, 2017 11:51 AM, "adrianz" <[email protected]> wrote: > If I enter just the username I get the following errors in guacd: > > guacd[16152]: INFO: Loading keymap "en-us-qwerty" > connected to 192.168.205.168:3389 > creating directory /root/.config/freerdp > creating directory /root/.config/freerdp/certs > creating directory /root/.config/freerdp/server > certificate_store_open: error opening [/root/.config/freerdp/known_hosts] > for writing > guacd[16152]: INFO: Authentication requested but username or password > not given > Could not open SAM file! > Could not open SAM file! > SSL_read: Failure in SSL library (protocol error?) > SSL_read: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access > denied > credssp_recv() error: -1 > Authentication failure, check credentials. > If credentials are valid, the NTLMSSP implementation may be to blame. > Error: protocol security negotiation or connection failure > > > > > > > -- > View this message in context: http://apache-guacamole- > incubating-users.2363388.n4.nabble.com/Cannot-connect- > using-RDP-tp550p552.html > Sent from the Apache Guacamole (incubating) - Users mailing list archive > at Nabble.com. >
