hi everyone I realise this not exactly on topic, I'm hoping an expert or two could confirm that following is not caused somehow by samba: I try xfreerdp to connect to a Win10 which is a member of NT-style domain and it fails this way: [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.nla] - SPNEGO failed with NTSTATUS: 0xC0000017 [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_AUTHENTICATION_FAILED [0x00020009] [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.rdp] - rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1 but! if that user is already logged in then xfreerdp will succeed. Any thoughts? many thanks, L.
Few questions. If kerberos ticket proxy/forward allowed on that machine. And what happens if you kinit username at REALM and then use freerdp. vi ~/.freerdp/known_hosts And delete the ip your connecting to. And, it might also be a samba bug. Try this also : ntlm_auth --request-nt-key --domain=NTDOM --username=[user] --password=[pw] For the error code: 0xc0000017 i cant determin exact what that is. I see samba bugs, with memory references. https://bugzilla.samba.org/show_bug.cgi?id=11957 https://github.com/FreeRDP/FreeRDP/issues?q=is%3Aissue+0xc0000017+is%3Aclosed Shows also the error code in 5 closed tickets there. And remember with windows 10 1709, its more and more hostnames and domainnames. Like things as : not working \\ip and working \\hostname Or login as : notworking "username" but working "DOMAIN\username" or username at REALM Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > lejeczek via samba > Verzonden: donderdag 22 februari 2018 16:00 > Aan: samba at lists.samba.org > Onderwerp: [Samba] xfreerdp and SPNEGO failed > > hi everyone > > I realise this not exactly on topic, I'm hoping an expert or > two could confirm that following is not caused somehow by samba: > > I try xfreerdp to connect to a Win10 which is a member of > NT-style domain and it fails this way: > > [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.nla] - > SPNEGO failed with NTSTATUS: 0xC0000017 > [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core] - > freerdp_set_last_error ERRCONNECT_AUTHENTICATION_FAILED > [0x00020009] > [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.rdp] - > rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail > [14:55:33:905] [8048:8055] > [ERROR][com.freerdp.core.transport] - transport_check_fds: > transport->ReceiveCallback() - -1 > > but! if that user is already logged in then xfreerdp will > succeed. > Any thoughts? > many thanks, L. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Thu, 22 Feb 2018 16:56:24 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Few questions. > > If kerberos ticket proxy/forward allowed on that machine. > And what happens if you kinit username at REALM and then use freerdp. > > vi ~/.freerdp/known_hosts > And delete the ip your connecting to. > > And, it might also be a samba bug. > Try this also : > ntlm_auth --request-nt-key --domain=NTDOM --username=[user] > --password=[pw] > > For the error code: 0xc0000017 > i cant determin exact what that is.Hi Louis, my googlefoo must be better than yours: 0xC0000017 STATUS_NO_MEMORY {Not Enough Quota} Not enough virtual memory or paging file quota is available to complete the specified operation. See here: https://msdn.microsoft.com/en-gb/library/cc704588.aspx?f=255&MSPPError=-2147217396 Rowland
Hi On 22 February 2018 at 15:00, lejeczek via samba <samba at lists.samba.org> wrote:> > I try xfreerdp to connect to a Win10 which is a member of NT-style domain > and it fails this way: > > [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.nla] - SPNEGO failed > with NTSTATUS: 0xC0000017 > [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core] - > freerdp_set_last_error ERRCONNECT_AUTHENTICATION_FAILED [0x00020009] > [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.rdp] - > rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail > [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.transport] - > transport_check_fds: transport->ReceiveCallback() - -1 >Does it successfully connect to any other Win10 machines in the same domain? i.e. is it just this one machine, or something more generic? I wonder if it might be due to the NLA authentication mechanism (or I might be clutching at straws here, just from the NLA strings above). A thread here has some more discussion.. it's not the same problem you are having, but contains some pointers to other resources on the subject, if that is indeed where the problem lies: https://social.technet.microsoft.com/Forums/azure/en-US/9f7881d5-1960-41c7-9528-c1a671ee88b7/rdp-issues-remote-computers-requires-network-level-authentication?forum=winserverTS Or perhaps https://www.parallels.com/blogs/ras/disabling-network-level-authentication-for-remote-desktop-services-connections-2/ Hope that helps, or at least gives some pointers.. J -- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
On 23/02/18 11:12, Jonathan Hunter via samba wrote:> Hi > > On 22 February 2018 at 15:00, lejeczek via samba <samba at lists.samba.org> > wrote: > >> I try xfreerdp to connect to a Win10 which is a member of NT-style domain >> and it fails this way: >> >> [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.nla] - SPNEGO failed >> with NTSTATUS: 0xC0000017 >> [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core] - >> freerdp_set_last_error ERRCONNECT_AUTHENTICATION_FAILED [0x00020009] >> [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.rdp] - >> rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail >> [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.transport] - >> transport_check_fds: transport->ReceiveCallback() - -1 >> > Does it successfully connect to any other Win10 machines in the same > domain? i.e. is it just this one machine, or something more generic?It indeed seem to be problem of this one win-box, I have three more, one metal + two virtual and those work ok. This one after a cumulative update went haywire, I email of that with another tread: "win 10 login - Not enough storage is available to process this command". Now after some more(latest) update that problem has gone but... Maybe I should make this box a clean slate... (?) many thanks.> I wonder if it might be due to the NLA authentication mechanism (or I might > be clutching at straws here, just from the NLA strings above). > > A thread here has some more discussion.. it's not the same problem you are > having, but contains some pointers to other resources on the subject, if > that is indeed where the problem lies: > https://social.technet.microsoft.com/Forums/azure/en-US/9f7881d5-1960-41c7-9528-c1a671ee88b7/rdp-issues-remote-computers-requires-network-level-authentication?forum=winserverTS > > Or perhaps > https://www.parallels.com/blogs/ras/disabling-network-level-authentication-for-remote-desktop-services-connections-2/ > > Hope that helps, or at least gives some pointers.. > > J >