Note that samab AD should not matter as its setup has not changed for years on these boxes and gnome-remote-desktop only started to fail a few weeks ago when I switched for Debian forky.
on gnome-remote-desktop server (I have the exact same Debian release and setup on the client):
libfreerdp and libwinpr were 3.18.0+dfsg-1 in my previous report, and I upgraded it to 3.19.0+dfsg-1 with same failure and errors from gnome-remote-deskop 49.1-2.
libei is 1.5.0-2
systems is 259~rc2-1
libmutter-17-0 and gnome-shell 49.2-1
I tried remmina 1.4.40+dfsg-2 and gnome-connections 49.0-1 on the client, same error on the gnome-remote-desktop server in sharing user session mode (and also same error for the login mode running as gnome-remote-desktop system user).
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:513] [1470515:0016848a] [ERROR][com.winpr.sspi.Kerberos] - [retrieveTgtForPrincipal]: krb5_kt_start_seq_get (Permission denied [13])
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:513] [1470515:0016848a] [ERROR][com.winpr.sspi.Kerberos] - [retrieveTgtForPrincipal]: krb5_kt_start_seq_get (Permission denied [13])
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:514] [1470515:0016848a] [WARN][com.winpr.sspi] - [winpr_AcceptSecurityContext]: AcceptSecurityContext status SEC_E_INVALID_HANDLE [0x80090301]
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:514] [1470515:0016848a] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: AcceptSecurityContext failed with SEC_E_INVALID_HANDLE [0x80090301]
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:514] [1470515:0016848a] [ERROR][com.freerdp.core.transport] - [transport_accept_nla]: client authentication failure
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:514] [1470515:0016848a] [ERROR][com.freerdp.api] - [peer_recv_callback_internal]: CONNECTION_STATE_NEGO - rdp_server_accept_nego() fail
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:514] [1470515:0016848a] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [RDP] Network or intentional disconnect, stopping session
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:514] [1470515:00167033] [WARN][com.freerdp.core.rdp] - [rdp_send_deactivate_all][0x55b7dff21820]: rdpMcs::userId == 0, skip sending PDU_TYPE_DEACTIVATE_ALL
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:562] [1470515:0016848d] [ERROR][com.winpr.sspi.Kerberos] - [retrieveTgtForPrincipal]: krb5_kt_start_seq_get (Permission denied [13])
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:562] [1470515:0016848d] [ERROR][com.winpr.sspi.Kerberos] - [retrieveTgtForPrincipal]: krb5_kt_start_seq_get (Permission denied [13])
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:563] [1470515:0016848d] [WARN][com.winpr.sspi] - [winpr_AcceptSecurityContext]: AcceptSecurityContext status SEC_E_INVALID_HANDLE [0x80090301]
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:563] [1470515:0016848d] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: AcceptSecurityContext failed with SEC_E_INVALID_HANDLE [0x80090301]
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:563] [1470515:0016848d] [ERROR][com.freerdp.core.transport] - [transport_accept_nla]: client authentication failure
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:563] [1470515:0016848d] [ERROR][com.freerdp.api] - [peer_recv_callback_internal]: CONNECTION_STATE_NEGO - rdp_server_accept_nego() fail
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:563] [1470515:0016848d] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [RDP] Network or intentional disconnect, stopping session
déc. 07 05:42:46 hermes gnome-remote-desktop-daemon[1470515]: [05:42:46:563] [1470515:00167033] [WARN][com.freerdp.core.rdp] - [rdp_send_deactivate_all][0x55b7dff21820]: rdpMcs::userId == 0, skip sending PDU_TYPE_DEACTIVATE_ALL
if I change /etc/Krb5.Keytab permissions from 600 to 644 I get the same failure’ without the kerberos permission error:
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:395] [1470515:00169073] [WARN][com.winpr.sspi] - [winpr_AcceptSecurityContext]: AcceptSecurityContext status SEC_E_INVALID_HANDLE [0x80090301]
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:395] [1470515:00169073] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: AcceptSecurityContext failed with SEC_E_INVALID_HANDLE [0x80090301]
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:395] [1470515:00169073] [ERROR][com.freerdp.core.transport] - [transport_accept_nla]: client authentication failure
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:395] [1470515:00169073] [ERROR][com.freerdp.api] - [peer_recv_callback_internal]: CONNECTION_STATE_NEGO - rdp_server_accept_nego() fail
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:395] [1470515:00169073] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:395] [1470515:00167033] [WARN][com.freerdp.core.rdp] - [rdp_send_deactivate_all][0x55b7dff21820]: rdpMcs::userId == 0, skip sending PDU_TYPE_DEACTIVATE_ALL
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [RDP] Network or intentional disconnect, stopping session
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:430] [1470515:00169075] [WARN][com.winpr.sspi] - [winpr_AcceptSecurityContext]: AcceptSecurityContext status SEC_E_INVALID_HANDLE [0x80090301]
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:430] [1470515:00169075] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: AcceptSecurityContext failed with SEC_E_INVALID_HANDLE [0x80090301]
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:430] [1470515:00169075] [ERROR][com.freerdp.core.transport] - [transport_accept_nla]: client authentication failure
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:430] [1470515:00169075] [ERROR][com.freerdp.api] - [peer_recv_callback_internal]: CONNECTION_STATE_NEGO - rdp_server_accept_nego() fail
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:430] [1470515:00169075] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [05:51:21:430] [1470515:00167033] [WARN][com.freerdp.core.rdp] - [rdp_send_deactivate_all][0x55b7dff21820]: rdpMcs::userId == 0, skip sending PDU_TYPE_DEACTIVATE_ALL
déc. 07 05:51:21 hermes gnome-remote-desktop-daemon[1470515]: [RDP] Network or intentional disconnect, stopping session
Edit: I might have a clue: the client logs shows:
déc. 07 05:58:08 cyclope org.remmina.Remmina.desktop[49584]: [05:58:08:980] [49584:0000c5d0] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure 'self-signed certificate (18)' at stack position 0
déc. 07 05:58:08 cyclope org.remmina.Remmina.desktop[49584]: [05:58:08:980] [49584:0000c5d0] [WARN][com.freerdp.crypto] - [verify_cb]: CN = GNOME, C = US
déc. 07 05:58:08 cyclope org.remmina.Remmina.desktop[49584]: [05:58:08:988] [49584:0000c5d0] [WARN][com.winpr.sspi] - [winpr_InitializeSecurityContextA]: InitializeSecurityContextA status SEC_E_INVALID_TOKEN [0x80090308]
déc. 07 05:58:08 cyclope org.remmina.Remmina.desktop[49584]: [05:58:08:988] [49584:0000c5d0] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: InitializeSecurityContext failed with SEC_E_INVALID_TOKEN [0x80090308]
déc. 07 05:58:08 cyclope org.remmina.Remmina.desktop[49584]: [05:58:08:991] [49584:0000c5d0] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x55f9c77b2130]: CONNECTION_STATE_NLA - nla_recv_pdu() fail
déc. 07 05:58:08 cyclope org.remmina.Remmina.desktop[49584]: [05:58:08:991] [49584:0000c5d0] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x55f9c77b2130]: CONNECTION_STATE_NLA status STATE_RUN_FAILED [-1]
déc. 07 05:58:08 cyclope org.remmina.Remmina.desktop[49584]: [05:58:08:991] [49584:0000c5d0] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
déc. 07 05:58:08 cyclope org.remmina.Remmina.desktop[49584]: [05:58:08:991] [49584:0000c5d0] [ERROR][com.freerdp.core] - [rdp_client_wait_for_activation]: ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
déc. 07 05:58:09 cyclope org.remmina.Remmina.desktop[49584]: [05:58:09:018] [49584:0000c5d0] [WARN][com.winpr.sspi] - [winpr_InitializeSecurityContextA]: InitializeSecurityContextA status SEC_E_INVALID_TOKEN [0x80090308]
déc. 07 05:58:09 cyclope org.remmina.Remmina.desktop[49584]: [05:58:09:018] [49584:0000c5d0] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: InitializeSecurityContext failed with SEC_E_INVALID_TOKEN [0x80090308]
déc. 07 05:58:09 cyclope org.remmina.Remmina.desktop[49584]: [05:58:09:018] [49584:0000c5d0] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x55f9c77b2130]: CONNECTION_STATE_NLA - nla_recv_pdu() fail
déc. 07 05:58:09 cyclope org.remmina.Remmina.desktop[49584]: [05:58:09:018] [49584:0000c5d0] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x55f9c77b2130]: CONNECTION_STATE_NLA status STATE_RUN_FAILED [-1]
déc. 07 05:58:09 cyclope org.remmina.Remmina.desktop[49584]: [05:58:09:018] [49584:0000c5d0] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
déc. 07 05:58:09 cyclope org.remmina.Remmina.desktop[49584]: [05:58:09:018] [49584:0000c5d0] [ERROR][com.freerdp.core] - [rdp_client_wait_for_activation]: ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
déc. 07 05:58:09 cyclope org.remmina.Remmina.desktop[49584]: [05:58:09:018] [49584:0000c5d0] [ERROR][com.freerdp.core] - [freerdp_connect]: freerdp_post_connect failed
-
for gnome-connections:
déc. 07 06:00:41 cyclope org.gnome.Connections[50941]: [06:00:41:787] [50941:0000c6fd] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure 'self-signed certificate (18)' at stack position 0
déc. 07 06:00:41 cyclope org.gnome.Connections[50941]: [06:00:41:787] [50941:0000c6fd] [WARN][com.freerdp.crypto] - [verify_cb]: CN = GNOME, C = US
and I read on https://askubuntu.com/questions/1419705/gnome-remote-desktop-couldnt-retrieve-rdp-username-credentials-not-set-and|gnome-remote-desktop- Couldn’t retrieve RDP username- Credentials not set - AND MORE that
NLA has two possible providers NTLM and Kerberos. Only the former one is implemented in FreeRDP 2.x.
I conclude that maybe freerdp 3 introduced Kerberos support but might fallback to NTLM. So the kerberos errors are harmless but the self signed GNOEM certificate for gnome-remote-desktop is not.
I am the first user to use gnome-remote-desktop with freerdp 3 and it cannot work? Or is there another issue?
Edit2: Or is this GNOME certificate missing from Debian certificate chain?
Edit3: maybe the certificate is a red erring as it is only a warning and I found that gnome-connections errors is in its entirety:
déc. 07 06:22:36 cyclope org.gnome.Connections[60899]: [06:22:36:888] [60899:0000ede3] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure 'self-signed certificate (18)' at stack position 0
déc. 07 06:22:36 cyclope org.gnome.Connections[60899]: [06:22:36:888] [60899:0000ede3] [WARN][com.freerdp.crypto] - [verify_cb]: CN = GNOME, C = US
déc. 07 06:22:41 cyclope org.gnome.Connections[60899]: [06:22:41:663] [60899:0000ede3] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_InitializeSecurityContextA]: krb5_get_credentials (Server not found in Kerberos database [-1765328377])
déc. 07 06:22:41 cyclope org.gnome.Connections[60899]: [06:22:41:663] [60899:0000ede3] [WARN][com.winpr.sspi] - [winpr_InitializeSecurityContextA]: InitializeSecurityContextA status SEC_E_NO_CREDENTIALS [0x8009030E]
déc. 07 06:22:41 cyclope org.gnome.Connections[60899]: [06:22:41:663] [60899:0000ede3] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: InitializeSecurityContext failed with SEC_E_NO_CREDENTIALS [0x8009030E]
déc. 07 06:22:41 cyclope org.gnome.Connections[60899]: [06:22:41:663] [60899:0000ede3] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x560adfe8f510]: CONNECTION_STATE_NLA - nla_recv_pdu() fail
déc. 07 06:22:41 cyclope org.gnome.Connections[60899]: [06:22:41:663] [60899:0000ede3] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x560adfe8f510]: CONNECTION_STATE_NLA status STATE_RUN_FAILED [-1]
déc. 07 06:22:41 cyclope org.gnome.Connections[60899]: [06:22:41:663] [60899:0000ede3] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
déc. 07 06:22:41 cyclope org.gnome.Connections[60899]: [06:22:41:663] [60899:0000ede3] [ERROR][com.freerdp.core] - [rdp_client_wait_for_activation]: ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
with /etc/krb5.keytab I get from gnome-connections:
déc. 07 06:26:30 cyclope org.gnome.Connections[61524]: GtkFlowBox with a model will ignore sort and filter functions
déc. 07 06:26:37 cyclope org.gnome.Connections[61524]: [06:26:37:668] [61524:0000f054] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure 'self-signed certificate (18)' at stack position 0
déc. 07 06:26:37 cyclope org.gnome.Connections[61524]: [06:26:37:668] [61524:0000f054] [WARN][com.freerdp.crypto] - [verify_cb]: CN = GNOME, C = US
déc. 07 06:26:38 cyclope org.gnome.Characters[61284]: JS LOG: Characters Application exiting
déc. 07 06:26:40 cyclope org.gnome.Nautilus[61283]: Shutting down dropbox extension
déc. 07 06:26:40 cyclope org.gnome.Nautilus[61283]: Initializing Nextcloud-client-nautilus extension
déc. 07 06:26:40 cyclope org.gnome.Nautilus[61283]: Using python version sys.version_info(major=3, minor=13, micro=9, releaselevel='final', serial=0)
déc. 07 06:27:08 cyclope rtkit-daemon[1566]: Supervising 12 threads of 9 processes of 1 users.
déc. 07 06:27:08 cyclope rtkit-daemon[1566]: Supervising 12 threads of 9 processes of 1 users.
déc. 07 06:27:11 cyclope org.gnome.Connections[61524]: [06:27:11:950] [61524:0000f054] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_InitializeSecurityContextA]: krb5_get_credentials (Server not found in Kerberos database [-1765328377])
déc. 07 06:27:11 cyclope org.gnome.Connections[61524]: [06:27:11:950] [61524:0000f054] [WARN][com.winpr.sspi] - [winpr_InitializeSecurityContextA]: InitializeSecurityContextA status SEC_E_NO_CREDENTIALS [0x8009030E]
déc. 07 06:27:11 cyclope org.gnome.Connections[61524]: [06:27:11:950] [61524:0000f054] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: InitializeSecurityContext failed with SEC_E_NO_CREDENTIALS [0x8009030E]
déc. 07 06:27:11 cyclope org.gnome.Connections[61524]: [06:27:11:950] [61524:0000f054] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x55c4d41103e0]: CONNECTION_STATE_NLA - nla_recv_pdu() fail
déc. 07 06:27:11 cyclope org.gnome.Connections[61524]: [06:27:11:950] [61524:0000f054] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x55c4d41103e0]: CONNECTION_STATE_NLA status STATE_RUN_FAILED [-1]
déc. 07 06:27:11 cyclope org.gnome.Connections[61524]: [06:27:11:950] [61524:0000f054] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
déc. 07 06:27:11 cyclope org.gnome.Connections[61524]: [06:27:11:950] [61524:0000f054] [ERROR][com.freerdp.core] - [rdp_client_wait_for_activation]: ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
Note that when the connection fails, gnome-connections always segfaults.