I have been told that we are unable to authenticate a Linux client over RDP to a Windows based Domain with PKI credentials.
Questions: 1) Is this supported on Linux 5.3? 2) if no is there a version of Linux that supports this configuration? 3) If yes what version of Linux will is supported? 4) If no is there a work around or do I need to implement a different protocol other than RDP? i.e. PKI over SLL Port 443

Details are below:

Linux version in use is 5.3 and Windows Server 2008R2 (terminal services).
Authentication through terminal services running Windows 2008R2 for a windows 2008R2 domain.

The Linux system is connected through an ASA5525x firewall (System boundary) to the edge switch of the Windows system. Microsoft terminal services are running for the RDP connection. The Linux system would like to authenticate PKI Logon over TCP-3389 for the end user for access to both LAN. In addition the PKI credentials need to be offered to some required WAN.

Thank you for any help in answering these questions.

Welcome to LQ.

Linux 5.3 what distribution? Sounds like RHEL, if so that is old.

Windows Server 2008R2 is older than RHEL 5.3

Both of those products ended normal support and are on extended support from the manufacturers.

RDP and using PKI as well as SSL (if that also was a typo on your part) are all very capable with current versions of both RHEL and Windows server.

You may need to perform upgrades or patches to ensure you can get this working.

Suggest you provide some additional details about the Linux machine if you wish to use it as a client to the W2008 server.

Thank you for welcoming me and the quick reply.

Sorry yes it is a RHEL distribution and I made a mistake about the exact version looks to be 5.8. Linux is used as a client to RDP into the terminal server.

Both RHEL and Windows2008R2 are maintained with patching however updating them is not no option, these 2 systems are military and they are not in a current update cycle.

Yes we need to RDP with PKI credentials form the Linux client to the 2008R2 terminal server. This is the current configuration and I am told it will not work. The SSL approach was an alternative solution to RDP between Linux and windows using PKI authentication.

I have uploaded an attachment of a quick diagram as well.

Attached Files

Visio-System Interface Diagram3.pdf (93.9 KB, 18 views)

I would guess that the detailed answers can come from RedHat support to advise you what exactly you can and cannot do with your particular system, considering that you cannot change it.

You can try to install rdesktop to see if you can establish a client with the 2008 server.

Thank you for your time. It sounds like once we are in an upgrade cycle where we will migrating to RHEL 7.3 and Widnows2016. We will not have an issue and we will be able to RDP with PKI authentication natively between the two systems?

I'm assuming so, however when you are in that upgrade cycle, you can very much contact RedHat to get the specific instructions as to how to install, configure, and use rdesktop to accomplish RDP with the Windows server. And likely they may also have guidance on any important settings recommended for Windows.

I connect to Win200x servers every day using rdesktop.
Never seen it ask for a Certificate, nor any place to utilize one. Must be a GUI/Client issue?

Maybe remmina will do a cert.