RDP security negotiation breaks remote login
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PAM FreeRDP Module |
Confirmed
|
Medium
|
David Barth |
Bug Description
Login can fail because of a mismatched certificate:
printf "%s\n" "XXXXXXX" | /usr/lib/
connected to XX.XX.XX.XX:3389
@@@@@@@
@ WARNING: CERTIFICATE NAME MISMATCH! @
@@@@@@@
The hostname used for this connection (XX.XX.XX.XX)
does not match the name given in the certificate:
WINDOWS-XXXXXXX
A valid certificate for the wrong name should NOT be trusted!
SSL_write: Failure in SSL library (protocol error?)
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
The issue turned out to be due to the RDP Security Layer config being set to "Negotiate", instead of the plain "RDP Security Layer". That itself was sufficient to break the remote login in lightdm, whereas a direct xfreerdp connection to the server was still succeeding.