Bug 327476 - krdc won't connect if Windows is asking the user to change the password
Summary: krdc won't connect if Windows is asking the user to change the password
Status: CONFIRMED
Alias: None
Product: krdc
Classification: Applications
Component: RDP (show other bugs)
Version: 4.11.2
Platform: Ubuntu Linux
: NOR normal
Target Milestone: ---
Assignee: Urs Wolfer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-11 23:46 UTC by Dima Ryazanov
Modified: 2016-04-09 12:04 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Detect the connection failure and leave the rdp window (1.15 KB, patch)
2016-02-04 07:30 UTC, AceLan Kao
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dima Ryazanov 2013-11-11 23:46:25 UTC
I wasn't able to connect to a Windows 8 machine using krdc. It would just display a blank screen, with no messages. (Same as when the server is not responding, or DNS name does not resolve, etc.)

After trying to connect using rdesktop, I discovered that the Windows machine was working fine - but it wanted me to change the password. When I did, krdc started working again.


Reproducible: Always
Comment 1 Urs Wolfer 2013-11-12 09:11:30 UTC
KRDC from KDE SC 4.11 uses xfreerdp for RDP support. Please try to reproduce it with xfreerdp. If  you can reproduce it, please report it there and post a link here.
Comment 2 Dima Ryazanov 2014-03-10 19:35:51 UTC
I've reproduced the problem; it's caused by network level authentication: https://github.com/FreeRDP/FreeRDP/issues/1510

This fails:

$ xfreerdp -u [username] [hostname]
connected to [hostname]:3389
Password: SSL_read: Failure in SSL library (protocol error?)
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.

This works:

$ xfreerdp --no-nla -u [username] [hostname]
connected to [hostname]:3389
Comment 3 Urs Wolfer 2014-03-16 10:36:25 UTC
(In reply to comment #2)
> I've reproduced the problem; it's caused by network level authentication:
> https://github.com/FreeRDP/FreeRDP/issues/1510
> 
> This fails:
> 
> $ xfreerdp -u [username] [hostname]
> connected to [hostname]:3389
> Password: SSL_read: Failure in SSL library (protocol error?)
> Authentication failure, check credentials.
> If credentials are valid, the NTLMSSP implementation may be to blame.
> 
> This works:
> 
> $ xfreerdp --no-nla -u [username] [hostname]
> connected to [hostname]:3389

So you think we should pass "--no-nla" by default?
Comment 4 Dima Ryazanov 2015-02-05 21:43:46 UTC
(Sorry, it's been a while, but the password has expired again, so the error message is back.)

I would assume that "--no-nla" will cause the server to always prompt the user to enter the password, even if it's already entered in krdc. One option would be to try the normal way first, and if that fails, then try "--no-nla".
Comment 5 AceLan Kao 2016-02-04 07:30:35 UTC
Created attachment 97001 [details]
Detect the connection failure and leave the rdp window

Read the return message from xfreerdp to check if the connection fails, and then return to the main window.
Comment 6 Matej Susta 2016-03-11 12:09:52 UTC
This one has always complicated my work with krdc! Even though detecting the failure and returning at least some message helps, I don't think it's the right solution.

Isn't it possible to get user to login screen so he can see what's happening while keeping the possibility of storing credentials? Because even if you get error, you'll still need to open console, create a RDP connection manually, get the credentials from wallet, change the password and then store it. Doesn't happen that often, but it's major pain.
Comment 7 AceLan Kao 2016-03-17 03:31:49 UTC
Hi Matej,

Could you explain your issue more detail?
Are you saying that the password doesn't match to the one stored in kwallet?
And you want to prompt a dialog to enter and store the new password if login failed?