external authentication module returned 'access denied'

[betsuin]

Hi

I have VirtualBox 5.1_5.1.12-11 installed on a Debian8 host. Client OS is Win7 Ultimate.
I have Auth setup as per the documentation 7.1.5 RDP Auth - All is working fine when I use RDP from a Win7 machine as the user who set up the VM on the Debian host. However when I add other users I can not access.

I initially added the user that setup the VM originally using the command syntax:
VBoxManage setextradata "VM name" "VBoxAuthSimple/users/<user>" <hash>
And as above can login either via the LAN or from outside (portforward from the gateway machine) but can not login when trying a different user name. I have added the new user name as a regular user to the Debian host with the same password.

Here is a failed attempt:

00:17:22.423659 VRDP: New connection:
00:17:22.423698 VRDP: Connection opened (IPv4): 7
00:17:22.424366 VRDP: Negotiating security method with the client.
00:17:22.435083 VRDP: Methods 0x0000001b
00:17:22.435103 VRDP: Channel: [rdpdr] [1004]. Accepted.
00:17:22.435112 VRDP: Channel: [rdpsnd] [1005]. Accepted.
00:17:22.435120 VRDP: Channel: [drdynvc] [1006]. Accepted.
00:17:22.435128 VRDP: Channel: [cliprdr] [1007]. Accepted.
00:17:22.435136 VRDP: Unsupported SEC_TAG: 0xC006/8. Skipping.
00:17:22.435145 VRDP: Unsupported SEC_TAG: 0xC00A/8. Skipping.
00:17:22.517613 VRDP: Client seems to be MSFT.
00:17:22.517633 VRDP: Logon: SUB31 (192.168.10.22) build 9200. User: [New_User] Domain: [] Screen: 0
00:17:22.519023 AUTH: User: [New_User]. Domain: []. Authentication type: [External]
00:17:26.368759 AUTH: external authentication module returned 'access denied'
00:17:26.368794 AUTH: Access denied.
00:17:26.368809 VRDP: Connection closed: 7

Here is an accepted attempt:

00:01:30.301873 VRDP: New connection:
00:01:30.301908 VRDP: Connection opened (IPv4): 5
00:01:30.302467 VRDP: Negotiating security method with the client.
00:01:30.327360 VRDP: Methods 0x0000001b
00:01:30.327374 VRDP: Channel: [rdpdr] [1004]. Accepted.
00:01:30.327380 VRDP: Channel: [rdpsnd] [1005]. Accepted.
00:01:30.327386 VRDP: Channel: [drdynvc] [1006]. Accepted.
00:01:30.327391 VRDP: Channel: [cliprdr] [1007]. Accepted.
00:01:30.327396 VRDP: Unsupported SEC_TAG: 0xC006/8. Skipping.
00:01:30.327402 VRDP: Unsupported SEC_TAG: 0xC00A/8. Skipping.
00:01:30.362342 VRDP: Client seems to be MSFT.
00:01:30.362356 VRDP: Logon: SUB31 (192.168.10.22) build 9200. User: [User_WHo_Setup_VM] Domain: [] Screen: 0
00:01:30.363196 AUTH: User: [User_WHo_Setup_VM]. Domain: []. Authentication type: [External]
00:01:30.546338 AUTH: external authentication module returned 'access granted'
00:01:30.546360 AUTH: Access granted.

Not sure what I am missing - and apologies if this has been addressed elsewhere, a search did not turn anything relevant up.

Regards & TIA

[scottgus1]

As I read in the manual, section 7.1.5, subsection 2 for AuthSimple, you need to configure each username and password hash that will remote into the guest using the Vboxmanage command. This appears to be separate from setting up users that can log onto the host PC. Apparently, just because the user can log onto the PC doesn't mean s/he can automatically now remote into an authsimple'd guest.

[betsuin]

Cheers Scott - yeah I have done that as in:
# VBoxManage internalcommands passwordhash #assword
# VBoxManage setextradata Win7 "VBoxAuthSimple/users/MrX" #assword_hash

I'm a bit perplexed as the doc specifically states users other than the VM creator can log in with auth on.

[betsuin]

Oh - looks like it is this bug here: https://www.virtualbox.org/ticket/15653