From user-return-3459-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Tue Mar 6 15:05:46 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id AEC38180652 for ; Tue, 6 Mar 2018 15:05:45 +0100 (CET) Received: (qmail 75605 invoked by uid 500); 6 Mar 2018 14:05:39 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 75596 invoked by uid 99); 6 Mar 2018 14:05:39 -0000 Received: from mail-relay.apache.org (HELO mailrelay2-lw-us.apache.org) (207.244.88.137) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Mar 2018 14:05:39 +0000 Received: from mail-lf0-f44.google.com (mail-lf0-f44.google.com [209.85.215.44]) by mailrelay2-lw-us.apache.org (ASF Mail Server at mailrelay2-lw-us.apache.org) with ESMTPSA id 7091CEEA for ; Tue, 6 Mar 2018 14:05:38 +0000 (UTC) Received: by mail-lf0-f44.google.com with SMTP id m69so28646618lfe.8 for ; Tue, 06 Mar 2018 06:05:37 -0800 (PST) X-Gm-Message-State: APf1xPAJ17ekwRNAMK7Amwkn7+he2c7u9eEHuvo6Yi+wVsH6qmu4F0VK B6Pm8y8a3/qGSSJ8+MVIpo6Sn5hP0WopuCZmchg= X-Google-Smtp-Source: AG47ELuSNxIeFVRYP5cNy288QC6S/yr+jm3c/P9RxZ6Q/44Et2O/SZnHTDlbb1JhZmQAkdHShj3rGb/L3YUiMPiu8hk= X-Received: by 10.46.86.201 with SMTP id k70mr12666007lje.16.1520345136810; Tue, 06 Mar 2018 06:05:36 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.202.89 with HTTP; Tue, 6 Mar 2018 06:05:36 -0800 (PST) In-Reply-To: References: From: Nick Couchman Date: Tue, 6 Mar 2018 09:05:36 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Azure AD and Guacamole To: user@guacamole.apache.org Content-Type: multipart/alternative; boundary="94eb2c1844f2d0d3900566beefcc" --94eb2c1844f2d0d3900566beefcc Content-Type: text/plain; charset="UTF-8" On Mon, Mar 5, 2018 at 11:40 PM, James Fraser wrote: > Ok > > > A bit of a status update on this > > I have managed to get remote desktop working for Azure AD users. > > > This is on windows 10 desktops, I have had to disable Windows NLA on RDP > and resort to using TLS in guacamole. > > > Yeah, the fact that you don't get any sort of error except RDP server could not reached is very much either a network issue or a NLA issue. As far as NLA goes, have you tried making sure it is enabled in Guacamole (set to NLA) and then check the box marked "Ignore Server Certificates" to see if that works? I suspect that you're correct, that there is something about the format of the credentials with NLA that it isn't liking and is refusing the connection, but best to eliminate certificate issues, as well. For the credentials, as Peter suggests, you might try leaving the domain blank and use various forms of @ or @ and see if something works for that. We use NLA where I work, and I just have to make sure all of the credentials are filled out, but we're mostly doing on-premise stuff and not Azure. -Nick --94eb2c1844f2d0d3900566beefcc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On M= on, Mar 5, 2018 at 11:40 PM, James Fraser <James.Fraser@veritec.= com.au> wrote:

Ok


A bit of a status update on this

I have managed to get remote desktop working for Azure AD users.<= /u>


This is on windows 10 desktops, I have had to disable Windows NLA on RDP an= d resort to using TLS in guacamole.



Yeah, the fact that you don't get any sort of error except RDP server = could not reached is very much either a network issue or a NLA issue.=C2=A0= As far as NLA goes, have you tried making sure it is enabled in Guacamole = (set to NLA) and then check the box marked "Ignore Server Certificates= " to see if that works?=C2=A0 I suspect that you're correct, that = there is something about the format of the credentials with NLA that it isn= 't liking and is refusing the connection, but best to eliminate certifi= cate issues, as well.

For the credentials, as Pete= r suggests, you might try leaving the domain blank and use various forms of= <username>@<domain> or <username>@<domain.tld> and= see if something works for that.=C2=A0 We use NLA where I work, and I just= have to make sure all of the credentials are filled out, but we're mos= tly doing on-premise stuff and not Azure.

-Nick
--94eb2c1844f2d0d3900566beefcc--