Samuel Wolf
2023-Jul-13 08:38 UTC
[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
Hi Fabio,> For RDP using hostname and specifying the domain still does not work (in my configuration, the RDP client is a non-domain PC with windows 10 or 11 and the RDP server is a windows 10 PC that is in the domain, and the username involved is a domain user, not a local one).thats what I see, domain pc's work (because cache?) over RDP but non-domain pc's don't work. Example from Debian workstation with freerdp: NTSTATUS: STATUS_TRUSTED_RELATIONSHIP_FAILURE I don't want to think about what happens when the cache expires if I'm correct with my theory. Samuel
Fabio Muzzi
2023-Jul-13 09:08 UTC
[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
On 13/07/2023 10.38, Samuel Wolf via samba wrote:>> For RDP using hostname and specifying the domain still does not >> work (in my configuration, the RDP client is a non-domain PC with >> windows 10 or 11 and the RDP server is a windows 10 PC that is in >> the domain, and the username involved is a domain user, not a local >> one). > > thats what I see, domain pc's work (because cache?) over RDP but > non-domain pc's don't work. > > Example from Debian workstation with freerdp: NTSTATUS: > STATUS_TRUSTED_RELATIONSHIP_FAILURE > > I don't want to think about what happens when the cache expires if > I'm correct with my theory.Samuel, I get the same error from a xfreerdp (non domain) machine to a win10. The same situation as yours. Also it does not work from a windows non-domain pc, with more or less the same error. Have you tried disabling NLA on the windows 10 pc that is the RDP "server"? I don't know about your theory about caches, I'm not so into MS AD mechanisms, sadly, so I don't know about how caches are used for RDP and if they expire. I only know about local cache on the clients that allows to logon without the domain controller. -- Fabio Muzzi Frabetti