Closed sven3 closed 4 months ago
I face the same problem, but still have no solution
O haha, well because in the case of local-auth you do not any special settings you can just directly point your Renote Desktop client at the the gateway. Obviously you need to set the connection to use the gateway, but that's handled inside the client. So there is no need to point your browser to https://xxx/connect :-)
Many thanks for the help, @bolkedebruin !
I tried to access rdpgw using xfreerdp, but xfreerdp insists on rdpgw not supporting HTTP transport. :cry:
xfreerdp /gt:auto /sec:tls /g:myexternalfqdn:1443 /gu:sven /gp:unixpassword /u:sven /p:windowspassword /cert:ignore /v:win-vm.lan /log-level:info
[16:57:06:839] [326550:326551] [INFO][com.freerdp.core.gateway.rdg] - RD Gateway does not support HTTP transport.
[16:57:06:943] [326550:326551] [WARN][com.winpr.sspi] - InitializeSecurityContextA status SEC_E_INVALID_TOKEN [0x80090308]
[16:57:06:944] [326550:326551] [WARN][com.winpr.sspi] - InitializeSecurityContextA status SEC_E_INVALID_TOKEN [0x80090308]
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.rpc] - error! Status Code: 404
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - HTTP/1.1 404 Not Found
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - Content-Type: text/plain; charset=utf-8
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - X-Content-Type-Options: nosniff
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - Date: Mon, 28 Nov 2022 15:57:06 GMT
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.http] - Content-Length: 19
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.gateway.tsg] - tsg_check failure
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core] - rdp_client_connect:freerdp_set_last_error_ex ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[16:57:06:945] [326550:326551] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
I know that i don't need to go to /connect
but what is unclear to me is how to setup users
If you use local auth, you must setup users within your underlying Linux system. At least that's how I unstood it.
So now I at least can auth can auth but it still fails. With following message (this is all one try on the mobile app): For testing i created a user with this command.
And used the config from @sven3 in this issue with the only change beeing the address, cert path and allowed hosts.
Update another client and i get:
With a short peak at the desktop
I got new results with the official RDP client on Android, but it still fails with this message
2022/12/01 21:18:26 User abc authenticated
2022/12/01 21:18:26 Client handshakeRequest from <ipv6>
2022/12/01 21:18:26 major: 1, minor: 0, version: 0, ext auth: 0
2022/12/01 21:18:26 Tunnel create
2022/12/01 21:18:26 Tunnel auth
2022/12/01 21:18:26 Channel create
2022/12/01 21:18:26 Verifying xrdp:3389 host connection
2022/12/01 21:18:26 Checking host for user abc
2022/12/01 21:18:26 Establishing connection to RDP server: xrdp:3389
2022/12/01 21:18:26 Connection established
2022/12/01 21:18:26 Cannot read message from stream 0xcb6cf0
2022/12/01 21:18:35 Identity SessionId: a6551b86-1625-4c10-a524-da73e15ba7ae, UserName: : Authenticated: false
2022/12/01 21:18:35 Identity SessionId: 14e7d7c1-c40f-4703-b053-0a89b6e0fb65, UserName: : Authenticated: false
2022/12/01 21:18:35 Identity SessionId: 27b81b7d-0fc6-42fc-b598-94c6e3cb2d2e, UserName: : Authenticated: false
2022/12/01 21:18:36 User: abc authenticated
2022/12/01 21:18:36 User abc authenticated
2022/12/01 21:18:36 Cannot read message from stream 0xcb6cf0
Does it work on a different client for you @Archef2000 ?
On other clients i also can't get a picture but also no logs of a connection try in rdpgw
Could you may share a full example of a local setup of rdpgw
@sven3 Have you found a way to use the local option I am still failing.
@archef2000 unfortunately not, the problem still persists for me.
basic / local /kerberos do not use the connect endpoint. Use the terminal client directly to connect. An example docker-compose for local auth is available in ./dev/docker/
First of all, many thanks for sharing your project!
I would like to use rdpgw with local authentication. I already own a valid LetsEncrypt certificate, so I put together this configuration: (I just replaced my external FQDN in this snippet, the keys are the ones I actually use, but no worries, I will exchange them as soon as I got this running)
Then I fired up rdpgw-auth with root rights and rdpgw with my local user (sven). rdpgw-auth says:
2022/11/22 10:30:29 Starting auth server on /tmp/rdpgw-auth.sock
rdpgw says:
However, as soon as I point my browser to https://myexternalfqdn:1443/connect , I only see
404 page not found
I am not asked for credentials (no basic authentication) Accessing https://myexternalfqdn:1443/tokeninfo showsaccess_token missing in request
which is fine and tells me that rdpgw is running.I am using Debian Bullseye (11.5) on amd64. rpdgw compiled using go from official Debian Bullseye backports.
Any hints why I'm not asked for a username/password or what I could do to debug? I already did an
strace -f -eopen ./rdpgw
to see whether it can't open needed files, but this does not reveal anything to me.Many thanks! Sven