[
https://issues.apache.org/jira/browse/GUACAMOLE-2057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18045853#comment-18045853
]
Axel D'Olislager commented on GUACAMOLE-2057:
---------------------------------------------
[~vnick] I wanted to confirm this was also working containerised, but am
constantly receiving the following error when building the Dockerfile. Any idea
on how to fix this? This is on the guacamole-client repo, guacamole-server repo
build just fine.
!image-2025-12-17-15-08-08-873.png!
> Allow RDP connections to leverage FreeRDP3 Kerberos Security
> ------------------------------------------------------------
>
> Key: GUACAMOLE-2057
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2057
> Project: Guacamole
> Issue Type: New Feature
> Components: RDP
> Reporter: Axel D'Olislager
> Assignee: Nick Couchman
> Priority: Major
> Labels: security
> Fix For: 1.7.0
>
> Attachments: image-2025-05-09-15-15-00-772.png,
> image-2025-05-13-15-54-24-075.png, image-2025-05-13-15-54-36-254.png,
> image-2025-05-13-15-54-49-336.png, image-2025-05-13-15-55-00-950.png,
> image-2025-05-19-12-54-13-755.png, image-2025-06-06-10-29-54-989.png,
> image-2025-06-06-12-35-22-685.png, image-2025-06-06-12-53-24-559.png,
> image-2025-07-10-15-28-40-971.png, image-2025-07-10-15-31-15-908.png,
> image-2025-07-10-15-32-40-753.png, image-2025-12-16-16-16-42-418.png,
> image-2025-12-17-15-08-08-873.png
>
>
> Since in Guacamole 1.6.0 there will be support for FreeRDP3.0, there is
> currently no way to make use of the new kerberos authentication functionality
> within FreeRDP.
>
> As per deprication of NTLM and security issues the demand for it is becoming
> reasonably high, as in a Active Directory domain, your users cannot be part
> of the Protected Users security group which blocks legacy protocols.
> [https://www.reddit.com/r/sysadmin/comments/1b5o6kx/apache_guacamole_kerberos_support_or_roadmap_for/]
>
> I've personally been playing around with this.
> Manually I am able to create a connection using the FreeRDP package using the
> following command and modifying my krb5.conf file:
> {code:java}
> xfreerdp /auth-pkg-list:'!ntlm,kerberos' /u:<username> /v:<host_ip>
> /d:<domainname> /cert:ignore{code}
>
> krb5.conf:
> {code:java}
> includedir /etc/krb5.conf.d/
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
> default_realm = LEXAPHIX.LAB
> dns_lookup_realm = false
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> rdns = false
> [realms]
> LEXAPHIX.LAB = {
> kdc = besnlexdc03.lexaphix.lab
> admin_server = besnlexdc03.lexaphix.lab
> }[domain_realm]
> .lexaphix.lab = LEXAPHIX.LAB
> lexaphix.lab = LEXAPHIX.LAB{code}
>
>
> I've been trying to get this to work, but because I do not have the knowledge
> of this code base, I'm unable to add these things.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
