External authentication not working on VRDP

Discussions related to using VirtualBox on Windows hosts.
avok00
Posts: 29
Joined: 29. Apr 2009, 14:58
Primary OS: MS Windows Vista
VBox Version: PUEL
Guest OSses: Windows XP

External authentication not working on VRDP

Post by avok00 »

00:05:07.627 VRDPAUTH: User: [inka]. Domain: []. Authentication type: [External]
00:05:07.628 VRDPAUTH: ConsoleVRDPServer::Authenticate: loading external authentication library 'VRDPAuth'
00:05:07.630 VRDPAUTH: Could not resolve import 'VRDPAuth2'. Error code: VERR_SYMBOL_NOT_FOUND
00:05:07.630 VRDPAUTH: Using entry point 'VRDPAuth'.
00:05:07.631 VRDPAUTH: external authentication module returned 'access denied'
00:05:07.631 VRDPAUTH: Access denied.

The users has all rights but he cannot login. no user can login, always 'access denied'

Host VIsta Business SP1. guest windows XP SP3, VirtualBox 2.2.4 r47978 win.amd64 (May 29 2009 18:44:42) release
This is also true for all versions up to the latest 3.04
Last edited by avok00 on 8. Sep 2009, 19:37, edited 1 time in total.
avok00
Posts: 29
Joined: 29. Apr 2009, 14:58
Primary OS: MS Windows Vista
VBox Version: PUEL
Guest OSses: Windows XP

Re: External authentication not working on VRDP - 2.2.4

Post by avok00 »

Can anyone explain why the bug ticket on this issue stayed open for two months and no one is paying any attention to it?

http://www.virtualbox.org/ticket/4406
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: External authentication not working on VRDP

Post by Perryg »

Well no I can't but if you put the (.virtualbox folder) that has the file (VRDPAuth.dll) in your path statement on Vista it will work.
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: PUEL
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: External authentication not working on VRDP

Post by Sasquatch »

User Manual, chapter 7.4.4 wrote: The "external" method provides external authentication through a special authentication library.
VirtualBox comes with two default libraries for external authentication:
  • On Linux hosts, VRDPAuth.so authenticates users against the host's PAM system.
  • On Windows hosts, VRDPAuth.dll authenticates users against the host's WinLogon system.
In other words, the "external" method per default performs authentication with the user accounts that exist on the host system. Any user with valid authentication credentials is accepted, i.e. the username does not have to correspond to the user running the VM.
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
avok00
Posts: 29
Joined: 29. Apr 2009, 14:58
Primary OS: MS Windows Vista
VBox Version: PUEL
Guest OSses: Windows XP

Re: External authentication not working on VRDP

Post by avok00 »

Perryg wrote:Well no I can't but if you put the (.virtualbox folder) that has the file (VRDPAuth.dll) in your path statement on Vista it will work.
Thanks pal, but it won't work :(

I put vbox home C:\Program Files\Sun ... where this VRDPAuth.dll is to windows user path, tried system path, I tested it, I was able to run the vbox command line tools from everywhere.

But when trying external VRDP I still get this in the logs

00:10:40.057 VRDP: Client seems to be MSFT.
00:10:40.057 VRDP: Logon: BORIS-HAMANOV (192.168.180.111) build 6002. User: [inka] Domain: [] Screen: 0
00:10:40.058 VRDPAUTH: User: [inka]. Domain: []. Authentication type: [External]
00:10:40.059 VRDPAUTH: ConsoleVRDPServer::Authenticate: loading external authentication library 'VRDPAuth'
00:10:40.088 VRDPAUTH: Could not resolve import 'VRDPAuth2'. Error code: VERR_SYMBOL_NOT_FOUND
00:10:40.100 VRDPAUTH: Using entry point 'VRDPAuth'.
00:10:40.101 VRDPAUTH: external authentication module returned 'access denied'
00:10:40.101 VRDPAUTH: Access denied.
00:10:40.101 VRDP: Connection closed:


The user has full administrative rights
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: External authentication not working on VRDP

Post by Perryg »

What are the guest settings for VM that you are trying to access? IE: the server port? By default it is 3389 and more than likely is in conflict with one that is already setup for MS remote.

Also you do not RDP into the VM. You VRDP into the host with the connection port. (just in case you are not familiar with it) 192.168.1.2:3390 where the 192.168.1.2 is the host IP not the guest IP.

Also after you set the path you did reboot the host machine, right?

Finally the user name and password are the user name and password for the host and not the VM. You do not need to be admin just in the user group of the host.
avok00
Posts: 29
Joined: 29. Apr 2009, 14:58
Primary OS: MS Windows Vista
VBox Version: PUEL
Guest OSses: Windows XP

Re: External authentication not working on VRDP

Post by avok00 »

Perryg wrote:What are the guest settings for VM that you are trying to access? IE: the server port? By default it is 3389 and more than likely is in conflict with one that is already setup for MS remote.

Also you do not RDP into the VM. You VRDP into the host with the connection port. (just in case you are not familiar with it) 192.168.1.2:3390 where the 192.168.1.2 is the host IP not the guest IP.

Also after you set the path you did reboot the host machine, right?

Finally the user name and password are the user name and password for the host and not the VM. You do not need to be admin just in the user group of the host.
Thank you for the information, I was not aware that the user must not be admin, this is good to know.

The rest I know, I connect succesfully to the VRDP, it works if I set the authentication to null. But this is not secure at all :) And in external authenthication mode it fails to authenticate me and it does this immediately even before the RD client had the chance to actually send the password.

It even worked a couple of times, then is stopped, then worked again. I guess it is another bug in the Vbox
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: PUEL
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: External authentication not working on VRDP

Post by Sasquatch »

I just tested the external on my Linux Host, with a Windows XP VM and it works just fine. I used the following command to connect to the VM:

Code: Select all

rdesktop-vrdp localhost -u sasquatch -p -
I use the supplied vrdp rdesktop version from VB, but the normal rdesktop would work just as well. The '-u' is for the user name, the '-p -' is to ask for my password before the connection is made. On Windows Hosts, you have the same kind of options. This is what I get in my VM log. Note that the first and last tries were without the explicit password or username for the connection:

Code: Select all

00:00:24.089 VRDP: New connection: 
00:00:24.113 VRDP: Flags 0x00000003
00:00:24.114 VRDP: Channel: [cliprdr] [1004]. Accepted.
00:00:24.116 VRDP: Client seems to be rdesktop.
00:00:24.116 VRDP: Logon: Lain (127.0.0.1) build 2600. User: [sasquatch] Domain: [] Screen: 0
00:00:24.116 VRDPAUTH: User: [sasquatch]. Domain: []. Authentication type: [External]
00:00:24.116 VRDPAUTH: ConsoleVRDPServer::Authenticate: loading external authentication library 'VRDPAuth'
00:00:24.126 VRDPAUTH: Could not resolve import 'VRDPAuth2'. Error code: VERR_SYMBOL_NOT_FOUND
00:00:24.126 VRDPAUTH: Using entry point 'VRDPAuth'.
00:00:27.707 VRDPAUTH: external authentication module returned 'access denied'
00:00:27.707 VRDPAUTH: Access denied.
00:00:27.708 VRDP: Connection closed: 
00:00:27.708 VRDP: Logoff: Lain (127.0.0.1) build 2600. User: [sasquatch] Domain: [] Reason 0x0001.
00:00:56.317 VRDP: New connection: 
00:00:56.335 VRDP: Flags 0x00000003
00:00:56.336 VRDP: Channel: [cliprdr] [1004]. Accepted.
00:00:56.338 VRDP: Client seems to be rdesktop.
00:00:56.339 VRDP: Logon: Lain (127.0.0.1) build 2600. User: [sasquatch] Domain: [] Screen: 0
00:00:56.340 VRDPAUTH: User: [sasquatch]. Domain: []. Authentication type: [External]
00:00:56.418 VRDPAUTH: external authentication module returned 'access granted'
00:00:56.418 VRDPAUTH: Access granted.
00:00:56.419 VBVA: VRDP acceleration has been requested.
00:01:08.149 VRDP: Received the Disconnect Request packet.
00:01:08.149 VRDP: Connection closed: 
00:01:08.149 VRDP: Logoff: Lain (127.0.0.1) build 2600. User: [sasquatch] Domain: [] Reason 0x0001.
00:01:08.149 VRDP: TCP server failed to send data to the client!!! Disconnecting the client.
00:01:08.149 VBVA: VRDP acceleration has been disabled.
00:01:11.960 VRDP: New connection: 
00:01:11.975 VRDP: Flags 0x00000003
00:01:11.976 VRDP: Channel: [cliprdr] [1004]. Accepted.
00:01:11.979 VRDP: Client seems to be rdesktop.
00:01:11.979 VRDP: Logon: Lain (127.0.0.1) build 2600. User: [sasquatch] Domain: [] Screen: 0
00:01:11.980 VRDPAUTH: User: [sasquatch]. Domain: []. Authentication type: [External]
00:01:15.205 VRDPAUTH: external authentication module returned 'access denied'
00:01:15.205 VRDPAUTH: Access denied.
00:01:15.205 VRDP: Connection closed: 
00:01:15.205 VRDP: Logoff: Lain (127.0.0.1) build 2600. User: [sasquatch] Domain: [] Reason 0x0001.
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
avok00
Posts: 29
Joined: 29. Apr 2009, 14:58
Primary OS: MS Windows Vista
VBox Version: PUEL
Guest OSses: Windows XP

Re: External authentication not working on VRDP

Post by avok00 »

Sasquatch wrote:I just tested the external on my Linux Host, with a Windows XP VM and it works just fine. I used the following command to connect to the VM:

Code: Select all

rdesktop-vrdp localhost -u sasquatch -p -
I use the supplied vrdp rdesktop version from VB, but the normal rdesktop would work just as well. The '-u' is for the user name, the '-p -' is to ask for my password before the connection is made. On Windows Hosts, you have the same kind of options. This is what I get in my VM log. Note that the first and last tries were without the explicit password or username for the connection:
The guy from Virtualbox development that looked into my logs said that for some reason the external auth modules fails. But he doesn't know why.

I guess the problem is with some custom setting on my side.

My system if fairly standard, it is used as a server, so almost no additional software installed, default settings mostly. One setting I can think of that is likely to affect it is System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" That is turned on in my system. For more information, plese refer to http://support.microsoft.com/kb/811833

I cannot turn that off due to security policies and current configurations. If somebody can test this, please do and post the result here. I also updated the bug status - http://www.virtualbox.org/ticket/4406
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: PUEL
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: External authentication not working on VRDP

Post by Sasquatch »

So you have also tried to connect to the VRDP server with already filled in username and password? From my tests, if either one is missing, the connection will be refused.
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
avok00
Posts: 29
Joined: 29. Apr 2009, 14:58
Primary OS: MS Windows Vista
VBox Version: PUEL
Guest OSses: Windows XP

Re: External authentication not working on VRDP

Post by avok00 »

Sasquatch wrote:So you have also tried to connect to the VRDP server with already filled in username and password? From my tests, if either one is missing, the connection will be refused.
If it refuses the connection before asking for the password, how can it know if you have the password :)
Maybe your test results have something to do with NLA (http://en.wikipedia.org/wiki/Network_Le ... entication)

Anyway for Vista RDP client I managed to solve the problem the following way:

Go to Control Panel\User Accounts - Manage your network passwords. This will give you options to Store your credentials for servers.
Just Add the TERMSRV/IPaddress|host of the sever or name you need to Log on to and Username and Password.
Select "A Web site or program Credential" as credential type and OK. (Save and exit)

This makes Vista save the password permanently and then it works with Virtual box VRDP. If I don't do this and try to connect, VIsta RDP client still asks me for user and password before the actual connection attempt (or at least it looks that way) but then it won't work. Very strange.

Unfortunately this trick is not for Windows XP. I tried with XP SP3, even enabled NLA, but no luck, it asks me for user and password, I tick the box that saves them, they are remembered successfuly. Still if fails to connect.

rdesktop is not for windows I am afraid

I don't know what to do :shock:
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: PUEL
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: External authentication not working on VRDP

Post by Sasquatch »

I know what you can do: report this as a bug in the Bugtracker (separate account needed). This isn't normal behaviour, the external authentication should ask for credentials, instead of waiting for them to be supplied and if they aren't, refuse the connection.
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: External authentication not working on VRDP

Post by Perryg »

You know I remember having a problem similar to this. But the OP said that he could connect using <null> and I don't remember if that was the case for me or not. The problem that I found in the end was I needed to use a different port, still don't know why because it worked and I simply took it for what it was. The symptoms were the same right down to an immediate refusal. Once I changed to a different port I got the user name and password prompt.
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: PUEL
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: External authentication not working on VRDP

Post by Sasquatch »

Well, I just tested it with two VMs, one with VRDP enabled, the other playing the RDP client. Both were Windows XP, and because my host is Linux, I don't have port 3389 in use so that's ruled out of the equation. Now, when I tried to connect to my Host for the VRDP, it never asked for my username and password, but instead gave me two errors. Attached are the two errors I got, the last one is really strange because neither side has run out of memory (VMs have 512, and about 100 MB in use, Host has 3 GB of RAM, with more than 2 left).
Attachments
Came right after the time out period, no credentials asked
Came right after the time out period, no credentials asked
rdp-error-1.png (10.92 KiB) Viewed 9280 times
Memory issue, no way
Memory issue, no way
rdp-error-2.png (11.05 KiB) Viewed 9268 times
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
avok00
Posts: 29
Joined: 29. Apr 2009, 14:58
Primary OS: MS Windows Vista
VBox Version: PUEL
Guest OSses: Windows XP

Re: External authentication not working on VRDP

Post by avok00 »

Sasquatch wrote:Well, I just tested it with two VMs, one with VRDP enabled, the other playing the RDP client. Both were Windows XP, and because my host is Linux, I don't have port 3389 in use so that's ruled out of the equation. Now, when I tried to connect to my Host for the VRDP, it never asked for my username and password, but instead gave me two errors. Attached are the two errors I got, the last one is really strange because neither side has run out of memory (VMs have 512, and about 100 MB in use, Host has 3 GB of RAM, with more than 2 left).
Thanks! Those are exactly the errors I get. So, this is not isolated case, only about my system! Please, update the bug here - http://www.virtualbox.org/ticket/4406 with your information, that should make them take this more seriously, I hope :roll:
Post Reply