Debdiff for Noble ** Description changed:
- The version of Remmina currently in Ubuntu 24.04 (v1.4.35) is unable to - perform initial RDP authentication via smartcard. While general - smartcard redirection works once a session is established, the initial - login handshake defaults to password-based NLA. This is because Remmina - does not expose or pass the xfreerdp /smartcard-logon flag to the - underlying libfreerdp library. Accessing modern secured Windows - Server/Desktop environments (specifically those with NLA and smartcard- - only policies) is impossible without this flag. + [ Impact ] - The fix provided in Upstream Merge Request 2680 introduces two new - configuration options to the RDP plugin: + - Accessing modern secured Windows environments (specifically those with smartcard-only policies) is currently impossible with the version of Remmina in the Ubuntu archives. + - While smartcard redirection works once a session is established, smartcards cannot presently be used to login to user accounts, which makes it impossible to connect to certain Windows machines. - Checkbox: "Use a smartcard for logon" - Password Textbox: "Smartcard PIN" + [ Test Plan ] - When enabled, Remmina configures libfreerdp to use the smartcard for the - initial authentication phase. If a suitable smartcard is not found, it - gracefully exits with an error: "Could not authenticate using - smartcard." + 1. Set up a Windows user with smartcard login + 2. Verify smartcard login works without RDP + 3. Enable RDP and smartcard login over RDP on Windows host + 4. Disable Network Level Authentication (see Other Info) + 5. Connect with password via RDP + 6. Connect with smartcard via RDP: + a. Open Remmina and add a connection for windows server + b. Set Server IP + c. Set Username to `<DOMAIN>\<USER>` + d. Check login with smart card + e. Set smart card pin + f. Set security type to TLS + g. Connect to Windows machine - Upstream References: + [ Where problems could occur ] - 1.4.42 Release: https://gitlab.com/Remmina/Remmina/-/merge_requests/2726 - GitLab Issue: https://gitlab.com/Remmina/Remmina/-/issues/2953 - Upstream Fix (Merged): https://gitlab.com/Remmina/Remmina/-/merge_requests/2680 + - This code primarily touches the login UI, so it is possible that edge cases could lead to malfunctioning UI elements. + - Passing the smartcard-logon flag to the existing FreeRDP functionality could also surface currently unexposed bugs in the Remmina RDP logon flow. - The fix is localized to the RDP plugin's UI and credential-handling - logic. It does not alter the core connection engine. Risk to existing - password-based users is negligible, as the new logic is only active when - the specific "Smartcard for logon" checkbox is toggled on. + [ Other Info ] - This fix is released upstream in version 1.4.42 and needs to be - backported to the Remmina package in Ubuntu 24.04 to allow smart card - login for RDP with NLA. + - FreeRDP does not currently support smartcard logon in conjunction with Network Layer Authentication. See https://github.com/FreeRDP/FreeRDP/wiki/smartcard-logon. + - MR: https://gitlab.com/Remmina/Remmina/-/merge_requests/2680 + - Applied-Upstream: as of Remmina 1.4.42 + - This change is a single commit localized entirely to credential handling logic and UI. ** Also affects: remmina (Ubuntu Questing) Importance: Undecided Status: New ** Also affects: remmina (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: remmina (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: remmina (Ubuntu Resolute) Importance: Undecided Status: New ** Changed in: remmina (Ubuntu Noble) Status: New => In Progress ** Changed in: remmina (Ubuntu Questing) Status: New => In Progress ** Changed in: remmina (Ubuntu Resolute) Status: New => In Progress ** Patch added: "lp2142615-noble.debdiff" https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/2142615/+attachment/5957385/+files/lp2142615-noble.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142615 Title: [SRU] Smartcard logon not possible in Remmina (RDP) To manage notifications about this bug go to: https://bugs.launchpad.net/remmina/+bug/2142615/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
