Just saw your other question: You can use TLS without NLA with the --sec tls option. Maybe this will solve the problem, but I'd like to learn more about why NLA fails in your case.
Best regards, - Marc-Andre On Sun, Nov 20, 2011 at 3:47 PM, Marc-André Moreau < marcandre.mor...@gmail.com> wrote: > Can you build with WITH_DEBUG_NLA enabled, and send in the results, after > carefully removing sensitive information from the debug output? > > > On Sun, Nov 20, 2011 at 3:40 PM, Max Nemo <max2...@list.ru> wrote: > >> Hi All, >> >> I was wondering if anyone experienced the same problem as I am having >> with FreeRDP. >> >> The latest (as of 11.20.2011) FreeRDP source ZIP was extracted and built >> on Ubuntu 11.10 (x86). The built process went smoothly. >> >> The problem appeared when trying to connect to several Windows Server >> 2008/Server 2008 R2 TS machines (all of them are domain members of two >> separate domains). >> >> In short, no username/password combination worked to get connected to any >> of the TS - FreeRDP always spit the following error: >> >> loading plugin rdpdr >> connected to mars:3389 >> SSL_read: Failure in SSL library (protocol error?) >> Authentication failure, check credentials. >> If credentials are valid, the NTLMSSP implementation may be to blame. >> >> Adding extra debugging to SSL_read() routine revealed the following >> OpenSSL error stack: >> >> Error: "error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access >> denied" File: "s3_pkt.c" Line: 1195 Data: "SSL alert number 49" >> >> So it seems that the error does not pertain to TLS itself, but to the >> user credentials passed to the TS. Moreover, if the TS security level >> switched from Negotiate to RDP Security, the connection is established and >> user is able to log in to the TS. >> >> Is there any way to get NTLM/CredSSP working? Or, the other way around, >> is there way to connect using TLS but not to invoke NTLM and/or CredSSP for >> that matter? >> Basically, I'd gladly have TLS-encrypted connection to TS with smart >> card redirection mechanism - which it working fine, by the way - and enter >> my credentials into TS log on dialog. >> >> Any help on the matter is greatly appreciated. >> >> Best regards, >> Maxim >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a definitive record of customers, application performance, >> security threats, fraudulent activity, and more. Splunk takes this >> data and makes sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-novd2d >> _______________________________________________ >> Freerdp-devel mailing list >> Freerdp-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/freerdp-devel >> > > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
