26

Is there a way to use rdesktop or another Linux client to connect to a server that requires Network Level Authentication?

From Windows Server 2008 R2 -- Control Panel -- System And Security -- System -- Allow Remote Access there is an option that says "Allow connections only from computers running Remote Desktop with Network Level Authentication". So with this enabled I can con not connect from Linux. I can connect from XP but you need SP3 and I had to edit a couple of things in the registry for it to work.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444

4 Answers4

25

FreeRDP (a spin-off from rdesktop) supports this in recent versions.

Alain
  • 266
  • 3
  • 2
  • I did a git pull from the stable repo this morning, and found it had NLA support now. – sysadmin1138 Mar 02 '11 at 18:07
  • It works very well on Ubuntu 13.10. I too pulled from the repository on github. Made a directory called build inside the root directory. Did a cd into build . Ran a "cmake .." followed by a "make" then a "make install" . I was then able to seemlessly rdp using a command " /usr/local/bin/xfreerdp -u hari.lastname 10.0.150.1" It worked flawlessly with the Network Level authentication. – harijay Jan 29 '14 at 21:41
5

Sadly, I dont know if you are going to have much luck. I had to disable NLA to get our linux thinclients to connect when I was setting this up a year ago as I could not find any support for it in linux

Looking on sourceforge for rdesktop I see a feature request for it that is still open and some posts from 2009 with people asking for support.

http://sourceforge.net/tracker/index.php?func=detail&aid=1773895&group_id=24366&atid=381350

Chris Disbro
  • 358
  • 2
  • 6
  • +1, NLA only works with MSTSC 6+ on Win 6.0+ – Chris S Jun 28 '10 at 17:41
  • 3
    +1. Agree, it isn't supported. Also keep in mind that **rdesktop** will not support redirection by a connection broker. All round **rdesktop** is pretty broke when combined with windows 2008 – Zoredache Jun 28 '10 at 18:12
  • Yes. The amount of pain being felt by the 'administering windows from linux' crowd is getting to the point that someone may actually Do Something About It. – sysadmin1138 Jun 28 '10 at 18:15
  • @sysadmin1138 It's also keeping a lot of people on XP/Server 2003; Microsoft don't realise that they're losing sales by changing their technologies. – Andrew Jun 29 '10 at 00:42
  • 1
    @Andrew: are you saying Microsoft is losing sales by making its products more secure? If Linux can't keep up with Windows is not a Microsoft issue. Basically it is as if a Windows sysadmin would ask to use telnet instead SSH to manage a server because Windows has no built-in SSH client. – ldsandon Sep 15 '11 at 15:18
  • @ChrisS It works on XP (5.1) through a very small and easy registry hack. – sinni800 Nov 07 '11 at 21:56
  • @sinni800, yes, the registry hack to load the CredSSP provider "works" for very liberal and prone to failure definitions of "works". For an admin or poweruser it might be an option, but for normal users and especially non-company controlled hardware it's straight out. – Chris S Nov 08 '11 at 03:12
3

Remmina which appears to be FreeRDP-based, negotiates the right settings (for me, connecting to a Windows 7 machine which requires NLA) out of the box.

Eric Anderson
  • 161
  • 4
0

rdesktop v1.7.0 has various fixes (probably the same as the recent FreeRDP version) for RDP 6.0 / RDP 6.1 (Windows 7 / 2008) compatibility problems.

See the changelog: http://sourceforge.net/projects/rdesktop/files/rdesktop/1.7.0/

  • Improved support for Windows 2008 Session Broker
  • Windows 2008 R2 / 7: Fix sound playback when not using other redirections
  • Windows 2008 R2 / 7: Solve disk redirection read-only issues
  • Windows 2008 R2 / 7: Solve issue with recursive deletion

But NLA (Network Level Authentication) is still not supported.

As for FreeRDP, only the release notes of v0.7.1 mentions it in the "work in progress" section: "Network Level Authentication is half-way done (TLS works, but NTLM authentication is partially implemented)"

Release notes of the following versions do not even mention it. Thus it's probably still in the same "half-way done" state.

müzso
  • 1
  • 1
    Anna Martynova reported in April that rdesktop v1.7.0 did not solve the problems of connecting through a Windows 2008 R2 session broker for her. See the message in the archive of the rdesktop-devel mailing list: http://sourceforge.net/mailarchive/message.php?msg_id=27907218 – müzso Sep 16 '11 at 13:11