[Samba] Test-ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
Peter Milesson
miles at atmos.eu
Wed Jul 12 18:46:17 UTC 2023
On 12.07.2023 18:45, Rowland Penny via samba wrote:
>
>
> On 12/07/2023 15:07, Arnaud FLORENT via samba wrote:
>> Hello
>>
>> having also issues with KB5028166on window 10 22H2 with samba
>> 4.15.13-Ubuntu used as old NT domain PDC
>>
>
> At least that points to it not being solely an AD problem, something
> in basic authentication ?
>
> Rowland
>
>
Hi folks,
I did some testing with xfreerdp on Windows 10 PCs (22H2) and a Windows
2016 server (1607), just updated.
1. xfreerdp as a Samba (4.17.8) domain user with sec:nla to updated
Windows 10 PC - does not work
2. xfreerdp as a local user with sec:nla to updated Windows 10 PC - works
3. xfreerdp as a Samba domain user with sec:tls to updated Windows 10 PC
- works after disabling mandatory NLA in the PC. The roaming profile
seems to load without warnings or errors
4. xfreerdp as the same Samba domain user to a Windows 10 PC that was
not updated - works
5. xfreerdp with sec:nla to a recently updated Windows 2016 (1607)
server in a Windows AD domain - works
So for those that need access via RDP as domain users, the only
(hopefully very temporary) way seems to disable mandatory NLA in the PC,
and connect with sec:tls. There seems to be quite a few TLS options for
raising the TLS security level. The drawback is, that the user is
presented with the classic login window, but I guess that is not a big
hurdle.
Regards,
Peter
More information about the samba
mailing list