archef2000
commented
1 year ago I face the same problem, but still have no solution
Closed sven3 closed 4 months ago
archef2000
commented
1 year ago I face the same problem, but still have no solution
bolkedebruin
commented
1 year ago O haha, well because in the case of local-auth you do not any special settings you can just directly point your Renote Desktop client at the the gateway. Obviously you need to set the connection to use the gateway, but that's handled inside the client. So there is no need to point your browser to https://xxx/connect :-)
sven3
commented
1 year ago Many thanks for the help, @bolkedebruin !
I tried to access rdpgw using xfreerdp, but xfreerdp insists on rdpgw not supporting HTTP transport. :cry:
xfreerdp /gt:auto /sec:tls /g:myexternalfqdn:1443 /gu:sven /gp:unixpassword /u:sven /p:windowspassword /cert:ignore /v:win-vm.lan /log-level:info
[16:57:06:839] [326550:326551] [INFO][com.freerdp.core.gateway.rdg] - RD Gateway does not support HTTP transport.
[16:57:06:943] [326550:326551] [WARN][com.winpr.sspi] - InitializeSecurityContextA status SEC_E_INVALID_TOKEN [0x80090308]
[16:57:06:944] [326550:326551] [WARN][com.winpr.sspi] - InitializeSecurityContextA status SEC_E_INVALID_TOKEN [0x80090308]
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.rpc] - error! Status Code: 404
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - HTTP/1.1 404 Not Found
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - Content-Type: text/plain; charset=utf-8
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - X-Content-Type-Options: nosniff
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - Date: Mon, 28 Nov 2022 15:57:06 GMT
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - Content-Length: 19
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.tsg] - tsg_check failure
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core] - rdp_client_connect:freerdp_set_last_error_ex ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failureI know that i don't need to go to /connect but what is unclear to me is how to setup users
sven3
commented
1 year ago If you use local auth, you must setup users within your underlying Linux system. At least that's how I unstood it.
archef2000
commented
1 year ago So now I at least can auth can auth but it still fails. With following message (this is all one try on the mobile app): 
For testing i created a user with this command.
And used the config from @sven3 in this issue with the only change beeing the address, cert path and allowed hosts.
archef2000
commented
1 year ago Update another client and i get:
With a short peak at the desktop
archef2000
commented
1 year ago I got new results with the official RDP client on Android, but it still fails with this message
2022/12/01 21:18:26 User abc authenticated
2022/12/01 21:18:26 Client handshakeRequest from <ipv6>
2022/12/01 21:18:26 major: 1, minor: 0, version: 0, ext auth: 0
2022/12/01 21:18:26 Tunnel create
2022/12/01 21:18:26 Tunnel auth
2022/12/01 21:18:26 Channel create
2022/12/01 21:18:26 Verifying xrdp:3389 host connection
2022/12/01 21:18:26 Checking host for user abc
2022/12/01 21:18:26 Establishing connection to RDP server: xrdp:3389
2022/12/01 21:18:26 Connection established
2022/12/01 21:18:26 Cannot read message from stream 0xcb6cf0
2022/12/01 21:18:35 Identity SessionId: a6551b86-1625-4c10-a524-da73e15ba7ae, UserName: : Authenticated: false
2022/12/01 21:18:35 Identity SessionId: 14e7d7c1-c40f-4703-b053-0a89b6e0fb65, UserName: : Authenticated: false
2022/12/01 21:18:35 Identity SessionId: 27b81b7d-0fc6-42fc-b598-94c6e3cb2d2e, UserName: : Authenticated: false
2022/12/01 21:18:36 User: abc authenticated
2022/12/01 21:18:36 User abc authenticated
2022/12/01 21:18:36 Cannot read message from stream 0xcb6cf0Does it work on a different client for you @Archef2000 ?
archef2000
commented
1 year ago On other clients i also can't get a picture but also no logs of a connection try in rdpgw
archef2000
commented
1 year ago Could you may share a full example of a local setup of rdpgw
archef2000
commented
10 months ago @sven3 Have you found a way to use the local option I am still failing.
sven3
commented
10 months ago @archef2000 unfortunately not, the problem still persists for me.
bolkedebruin
commented
4 months ago basic / local /kerberos do not use the connect endpoint. Use the terminal client directly to connect. An example docker-compose for local auth is available in ./dev/docker/
First of all, many thanks for sharing your project!
I would like to use rdpgw with local authentication. I already own a valid LetsEncrypt certificate, so I put together this configuration: (I just replaced my external FQDN in this snippet, the keys are the ones I actually use, but no worries, I will exchange them as soon as I got this running)
Then I fired up rdpgw-auth with root rights and rdpgw with my local user (sven). rdpgw-auth says:
2022/11/22 10:30:29 Starting auth server on /tmp/rdpgw-auth.sockrdpgw says:
However, as soon as I point my browser to https://myexternalfqdn:1443/connect , I only see
404 page not foundI am not asked for credentials (no basic authentication) Accessing https://myexternalfqdn:1443/tokeninfo showsaccess_token missing in requestwhich is fine and tells me that rdpgw is running.I am using Debian Bullseye (11.5) on amd64. rpdgw compiled using go from official Debian Bullseye backports.
Any hints why I'm not asked for a username/password or what I could do to debug? I already did an
strace -f -eopen ./rdpgwto see whether it can't open needed files, but this does not reveal anything to me.Many thanks! Sven