Axel D'Olislager created GUACAMOLE-2057:
-------------------------------------------
Summary: No support for kerberos authentication using FreeRDP3
Key: GUACAMOLE-2057
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2057
Project: Guacamole
Issue Type: New Feature
Components: RDP
Affects Versions: 1.6.0
Environment: Active Directory?
Reporter: Axel D'Olislager
Since in Guacamole 1.6.0 there will be support for FreeRDP3.0, there is
currently no way to make use of the new kerberos authentication functionality
within FreeRDP.
As per deprication of NTLM and security issues the demand for it is becoming
reasonably high, as in a Active Directory domain, your users cannot be part of
the Protected Users security group which blocks legacy protocols.
https://www.reddit.com/r/sysadmin/comments/1b5o6kx/apache_guacamole_kerberos_support_or_roadmap_for/
I've personally been playing around with this.
Manually I am able to create a connection using the FreeRDP package using the
following command and modifying my krb5.conf file:
{code:java}
xfreerdp /auth-pkg-list:'!ntlm,kerberos' /u:<username> /v:<host_ip>
/d:<domainname> /cert:ignore{code}
krb5.conf:
{code:java}
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LEXAPHIX.LAB
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
[realms]
LEXAPHIX.LAB = {
kdc = besnlexdc03.lexaphix.lab
admin_server = besnlexdc03.lexaphix.lab
}[domain_realm]
.lexaphix.lab = LEXAPHIX.LAB
lexaphix.lab = LEXAPHIX.LAB{code}
I've been trying to get this to work, but because I do not have the knowledge
of this code base, I'm unable to add these things.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
