Can you build with WITH_DEBUG_NLA enabled, and send in the results, after carefully removing sensitive information from the debug output?
On Sun, Nov 20, 2011 at 3:40 PM, Max Nemo <max2...@list.ru> wrote: > Hi All, > > I was wondering if anyone experienced the same problem as I am having with > FreeRDP. > > The latest (as of 11.20.2011) FreeRDP source ZIP was extracted and built > on Ubuntu 11.10 (x86). The built process went smoothly. > > The problem appeared when trying to connect to several Windows Server > 2008/Server 2008 R2 TS machines (all of them are domain members of two > separate domains). > > In short, no username/password combination worked to get connected to any > of the TS - FreeRDP always spit the following error: > > loading plugin rdpdr > connected to mars:3389 > SSL_read: Failure in SSL library (protocol error?) > Authentication failure, check credentials. > If credentials are valid, the NTLMSSP implementation may be to blame. > > Adding extra debugging to SSL_read() routine revealed the following > OpenSSL error stack: > > Error: "error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access > denied" File: "s3_pkt.c" Line: 1195 Data: "SSL alert number 49" > > So it seems that the error does not pertain to TLS itself, but to the user > credentials passed to the TS. Moreover, if the TS security level switched > from Negotiate to RDP Security, the connection is established and user is > able to log in to the TS. > > Is there any way to get NTLM/CredSSP working? Or, the other way around, is > there way to connect using TLS but not to invoke NTLM and/or CredSSP for > that matter? > Basically, I'd gladly have TLS-encrypted connection to TS with smart card > redirection mechanism - which it working fine, by the way - and enter my > credentials into TS log on dialog. > > Any help on the matter is greatly appreciated. > > Best regards, > Maxim > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > Freerdp-devel mailing list > Freerdp-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freerdp-devel > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel