[
https://issues.apache.org/jira/browse/GUACAMOLE-2057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950613#comment-17950613
]
Nick Couchman commented on GUACAMOLE-2057:
------------------------------------------
{quote}
Nick Couchman upon configuring your build I can only see guacamole trying to
use freerdp2 instead of freerdp3, which does not support the kerberos
authentication yet. I believe you have forked the 1.5.5 version instead of the
1.6 branch version, is that correct?
{quote}
Do you have the FreeRDP3 development packages installed on your distribution?
{quote}
for the client side I am unable to build the package because of issues in the
POM files:
{quote}
I see lots of references to 1.5.4 version packages - looks like you've got some
weird version of the source code tree that is probably in between versions. I'd
suggest making sure you've got a completely clean source tree and then checking
out the source code, again, and making sure to grab the correct branch:
{code}
git clone https://github.com/necouchman/guacamole-client
git checkout working/rdp-kerberos
mvn clean package
{code}
> Allow RDP connections to leverage FreeRDP3 Kerberos Security
> ------------------------------------------------------------
>
> Key: GUACAMOLE-2057
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2057
> Project: Guacamole
> Issue Type: New Feature
> Components: RDP
> Reporter: Axel D'Olislager
> Assignee: Nick Couchman
> Priority: Major
> Labels: security
> Attachments: image-2025-05-09-15-15-00-772.png
>
>
> Since in Guacamole 1.6.0 there will be support for FreeRDP3.0, there is
> currently no way to make use of the new kerberos authentication functionality
> within FreeRDP.
>
> As per deprication of NTLM and security issues the demand for it is becoming
> reasonably high, as in a Active Directory domain, your users cannot be part
> of the Protected Users security group which blocks legacy protocols.
> [https://www.reddit.com/r/sysadmin/comments/1b5o6kx/apache_guacamole_kerberos_support_or_roadmap_for/]
>
> I've personally been playing around with this.
> Manually I am able to create a connection using the FreeRDP package using the
> following command and modifying my krb5.conf file:
> {code:java}
> xfreerdp /auth-pkg-list:'!ntlm,kerberos' /u:<username> /v:<host_ip>
> /d:<domainname> /cert:ignore{code}
>
> krb5.conf:
> {code:java}
> includedir /etc/krb5.conf.d/
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
> default_realm = LEXAPHIX.LAB
> dns_lookup_realm = false
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> rdns = false
> [realms]
> LEXAPHIX.LAB = {
> kdc = besnlexdc03.lexaphix.lab
> admin_server = besnlexdc03.lexaphix.lab
> }[domain_realm]
> .lexaphix.lab = LEXAPHIX.LAB
> lexaphix.lab = LEXAPHIX.LAB{code}
>
>
> I've been trying to get this to work, but because I do not have the knowledge
> of this code base, I'm unable to add these things.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
