NLA and Rap connections in guacamole 0.9.10

[Craig Gibb <cr...@me.com>]

Hi i have a question maybe someone can answer, i have installed the new version together with a postgres DB using 
docker and everything went quite smooth but one difference i have seen between the new version and the old one 0.9.6, 
is that when you configure RDP connections it seems that they will not work unless a account and password are configured 
on the connection. This is also regardless if you choose to select any under the security mode.
Can anyone tell me if is this by design ?
In the older version we could configure rep connections without adding any credentials at all, and the user when executing then adds
the account and password at the time of logon.
The newer version reminds me more of NLA (Network Level Authentication) but with no possability of choosing anything else.


/Regards Craig

Re: NLA and Rap connections in guacamole 0.9.10

[Craig Gibb <cr...@me.com>]

Hi Mike thanks for the your answer, this exactly what i thought but no, we are using guacamole mainly to remote 
in to Window7 and Windows 10 clients and they are still configured the same way. The new guacamole installation using docker
is installed side by side of the old but using a new ip, so i would expect everything to work as before apart from the changes that due
to the new version of the product.
So i cant really understand why, i can clearly see in the log that when i attempt to connect with a rdp connection configure as before but
on the new version i get a security protocol negotiation error, och can not connect but if i then change and add the account and password 
it works fine.

/Craig


> 9 jan. 2017 kl. 10:00 skrev Mike Jumper <mi...@guac-dev.org>:
> 
> Hi Craig,
> 
> Guacamole's authentication behavior has not changed. The new "any"
> option allows the RDP server to select the security mode of the
> connection, and it may well choose NLA, but the behavior of the past
> options has not been altered (including the default behavior).
> 
> Newer versions of Windows will use NLA by default, with some requiring
> it for all connections. Could it be that the configuration of your RDP
> server has simply changed? Or that it's a different version of Windows
> than you used previously?
> 
> Thanks,
> 
> - Mike
> 
> 
> On Sun, Jan 8, 2017 at 9:04 AM, Craig Gibb <cr...@me.com> wrote:
>> Hi i have a question maybe someone can answer, i have installed the new version together with a postgres DB using
>> docker and everything went quite smooth but one difference i have seen between the new version and the old one 0.9.6,
>> is that when you configure RDP connections it seems that they will not work unless a account and password are configured
>> on the connection. This is also regardless if you choose to select any under the security mode.
>> Can anyone tell me if is this by design ?
>> In the older version we could configure rep connections without adding any credentials at all, and the user when executing then adds
>> the account and password at the time of logon.
>> The newer version reminds me more of NLA (Network Level Authentication) but with no possability of choosing anything else.
>> 
>> 
>> /Regards Craig

Re: NLA and Rap connections in guacamole 0.9.10

[Mike Jumper <mi...@guac-dev.org>]

Hi Craig,

Guacamole's authentication behavior has not changed. The new "any"
option allows the RDP server to select the security mode of the
connection, and it may well choose NLA, but the behavior of the past
options has not been altered (including the default behavior).

Newer versions of Windows will use NLA by default, with some requiring
it for all connections. Could it be that the configuration of your RDP
server has simply changed? Or that it's a different version of Windows
than you used previously?

Thanks,

- Mike


On Sun, Jan 8, 2017 at 9:04 AM, Craig Gibb <cr...@me.com> wrote:
> Hi i have a question maybe someone can answer, i have installed the new version together with a postgres DB using
> docker and everything went quite smooth but one difference i have seen between the new version and the old one 0.9.6,
> is that when you configure RDP connections it seems that they will not work unless a account and password are configured
> on the connection. This is also regardless if you choose to select any under the security mode.
> Can anyone tell me if is this by design ?
> In the older version we could configure rep connections without adding any credentials at all, and the user when executing then adds
> the account and password at the time of logon.
> The newer version reminds me more of NLA (Network Level Authentication) but with no possability of choosing anything else.
>
>
> /Regards Craig