LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Failed to connect, CredSSP required by server. (https://www.linuxquestions.org/questions/linux-networking-3/failed-to-connect-credssp-required-by-server-4175611983/)

hack3rcon 08-15-2017 04:41 AM
Failed to connect, CredSSP required by server.
 
1 Attachment(s)
Hello.
I use "rdesktop" for remote to a Windows Server but I got below error:
Code:
Autoselected keyboard map en-us
ERROR: CredSSP: Initialize failed, do you have correct kerberos tgt initialized ?
Failed to connect, CredSSP required by server.
I found the solution at https://www.syskit.com/blog/credssp-...ver-solutions/ and it is because of my Windows remote connection setting just accept trusted users. I used "rdesktop -u mydomain\\username" but I got same error. Why?

Any idea?

Thank you.

josephf63 08-16-2017 02:20 PM
You need to uncheck the require from NLA check box

hack3rcon 08-21-2017 03:47 AM
Quote:
Originally Posted by josephf63 (Post 5748960)
You need to uncheck the require from NLA check box
"NLA check box" ? How?

hack3rcon 12-11-2017 02:29 AM
Problem solved via "FreeRDP".
Code:
$ xfreerdp /u:"User name" /v:IP:3389

aSToViRuS 09-20-2018 05:40 AM
Quote:
Originally Posted by hack3rcon (Post 5791750)
Problem solved via "FreeRDP".
Code:
$ xfreerdp /u:"User name" /v:IP:3389
After almost a year this helped us a lot trying to access an Azure VM... Thanks a lot!

Anyway, for anyone interested in the future (or future me!), we installed FreeRDP2 this way:
Code:
sudo apt-get install freerdp2-x11
And then run it with:
Code:
xfreerdp /u:"administrator" /v:my.server.net:61220

oneindelijk 07-09-2019 04:19 AM
Use kerberos ticket
 
In a domain you can request a kerberos ticket from the server like so:
Code:
kinit <user>
(This implies that your /etc/krb5.conf is configured to use the domain)
You can verify a ticket with
Code:
klist
which should yield something like
Code:
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: <user>@<Kerberos DOMAIN>

Valid starting    Expires            Service principal
09-07-19 10:37:55  09-07-19 20:37:55  krbtgt/<domain>@<domain>
        renew until 10-07-19 10:37:49
Then you should be able to connect to the server while NLA is still turned on with this command
Code:
rdesktop -u <user> -d <domain> <IP-or-resolvable-hostname>


All times are GMT -5. The time now is 03:57 PM.