[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
Fabio Muzzi
liste at kurgan.org
Thu Jul 13 09:08:00 UTC 2023
On 13/07/2023 10.38, Samuel Wolf via samba wrote:
>> For RDP using hostname and specifying the domain still does not
>> work (in my configuration, the RDP client is a non-domain PC with
>> windows 10 or 11 and the RDP server is a windows 10 PC that is in
>> the domain, and the username involved is a domain user, not a local
>> one).
>
> thats what I see, domain pc's work (because cache?) over RDP but
> non-domain pc's don't work.
>
> Example from Debian workstation with freerdp: NTSTATUS:
> STATUS_TRUSTED_RELATIONSHIP_FAILURE
>
> I don't want to think about what happens when the cache expires if
> I'm correct with my theory.
Samuel, I get the same error from a xfreerdp (non domain) machine to a win10. The same situation as yours.
Also it does not work from a windows non-domain pc, with more or less the same error.
Have you tried disabling NLA on the windows 10 pc that is the RDP "server"?
I don't know about your theory about caches, I'm not so into MS AD mechanisms, sadly, so I don't know about how caches are used for RDP and if they expire. I only know about local cache on the clients that allows to logon without the domain controller.
--
Fabio Muzzi Frabetti
More information about the samba
mailing list