Because my VM is publicly accessible, I would like to setup authenticated remote access and according to the manual (https://www.virtualbox.org/manual/ch07.html#idm3499):
On Mac OS X hosts, VBoxAuth.dylib authenticates users against the host's directory service.
In other words, the "external" method per default performs authentication with the user accounts that exist on the host system. Any user with valid authentication credentials is accepted, i.e. the username does not have to correspond to the user running the VM.
I am able to successfully use "null", but as the manual states,
The "null" method means that there is no authentication at all; any client can connect to the VRDP server and thus the virtual machine. This is, of course, very insecure and only to be recommended for private networks.
As soon as I change the Remote Display > Authentication Method from Null to External, I am no longer able to connect using the latest version of Microsoft Remote Desktop. The screen shows "Connecting RDP..." and the screen disappears with no error.
Any ideas on how to get this working would be greatly appreciated.
Bob Cassidy
IT Director
Somerton School District
[ link removed ]
Remote Display using External Authentication
Remote Display using External Authentication
Last edited by mpack on 18. Dec 2017, 10:26, edited 1 time in total.
Reason: Non VM relevant external link removed.
Reason: Non VM relevant external link removed.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Remote Display using External Authentication
I'm not sure who's to blame here; VirtualBox, OSX, or MS-RDP:
The developers are out at the moment, so this might have to wait for a week or two...
- Maybe the OSX "Screen sharing" has to be enabled? And the users approved?
- Maybe VirtualBox's "VBoxAuth" doesn't work with specific OSX versions?
- Maybe the "webservice" needs to be enabled?
- Maybe MS-RDP doesn't support the authentication level required?
Code: Select all
00:01:00.720390 VRDP: Connection opened (IPv4): 1
00:01:00.720659 VRDP: Negotiating security method with the client.
00:01:00.743324 VRDP: Methods 0x0000001b
00:01:00.743336 VRDP: Channel: [CLIPRDR] [1004]. Accepted.
00:01:00.743340 VRDP: Channel: [RDPSND] [1005]. Accepted.
00:01:00.743343 VRDP: Channel: [drdynvc] [1006]. Accepted.
00:01:00.743347 VRDP: Channel: [rail] [1007]. Not supported.
00:01:00.743350 VRDP: Channel: [rdpdr] [1008]. Accepted.
00:01:00.743353 VRDP: Unsupported SEC_TAG: 0xC006/8. Skipping.
00:01:00.743356 VRDP: Unsupported SEC_TAG: 0xC00A/8. Skipping.
00:01:00.745245 VRDP: Client seems to be MSFT.
00:01:00.745253 VRDP: Logon: 127.0.0.1 build 27325. User: [socratis] Domain: [] Screen: 0
00:01:00.745695 AUTH: User: [socratis]. Domain: []. Authentication type: [External]
00:01:09.768451 AUTH: external authentication module returned 'access denied'
00:01:09.768465 AUTH: Access denied.
00:01:09.768473 VRDP: Connection closed: 1
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.