Remmina 1.4.35 prompts for RDP credentials at every connection to VRDP servers when built with FreeRDP 3
Problem Description
Since my distribution switched to FreeRDP 3 for Remmina in https://gitlab.archlinux.org/archlinux/packaging/packages/remmina/-/commit/a37eb456e0b6e53a9f3bfd8b8cd42f2fea878fbe, I am prompted with the (pre-filled) RDP credentials window every time I connect to VirtualBox VRDP servers, even those without authentication enabled. Pressing enter to send the saved credentials is enough to make Remmina connect to the server.
I believe the problem is caused by FreeRDP 3 because rebuilding Remmina without -D WITH_FREERDP3=ON
fixes the problem. I see other users having issues with FreeRDP 3 at https://gitlab.archlinux.org/archlinux/packaging/packages/remmina/-/issues/1.
I believe the issue is not with Kerberos, https://github.com/FreeRDP/FreeRDP/issues/10138 and #3104 because a simple xfreerdp3
command works to connect to the server.
Forcing a security protocol in "Advanced" does not help.
What is the expected correct behavior?
Passwords are saved so no prompt should appear.
Remote System Description
- Server (OS name and version): VirtualBox 7 VRDP servers, with or without TLS enabled and with or without authentication enabled.
Relevant logs and/or screenshots
I cannot paste the whole log as it contains a lot of personally identifiable information but these are the lines before the credentials window appears. I can provide the full log for a Remmina + FreeRDP 2 connection and one with FreeRDP 3 privately if necessary.
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_set_negotiation_enabled]: Enabling security layer negotiation: TRUE
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_set_restricted_admin_mode_required]: Enabling restricted admin mode: FALSE
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdp]: Enabling RDP security: TRUE
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_enable_tls]: Enabling TLS security: TRUE
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_enable_nla]: Enabling NLA security: TRUE
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_enable_ext]: Enabling NLA extended security: FALSE
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdstls]: Enabling RDSTLS security: FALSE
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_enable_aad]: Enabling RDS AAD security: FALSE
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0x57084263ed60]: CONNECTION_STATE_INITIAL --> CONNECTION_STATE_NEGO
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core] - [freerdp_tcp_is_hostname_resolvable]: resetting error state
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[02:53:06:659] [144399:0002343e] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer <redacted>
[02:53:06:661] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_connect]: state: NEGO_STATE_NLA
[02:53:06:661] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_attempt_nla]: Attempting NLA security
[02:53:06:661] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_send_negotiation_request]: RequestedProtocols: 3
[02:53:06:663] [144399:0002343e] [DEBUG][com.freerdp.core.nego] - [nego_process_negotiation_response]: RDP_NEG_RSP::flags
If I force TLS, the last lines of the log vary a bit:
[03:26:28:860] [148351:000243ab] [DEBUG][com.freerdp.core] - [freerdp_tcp_is_hostname_resolvable]: resetting error state
[03:26:28:860] [148351:000243ab] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[03:26:28:860] [148351:000243ab] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer <redacted>
[03:26:28:863] [148351:000243ab] [DEBUG][com.freerdp.core.nego] - [nego_connect]: state: NEGO_STATE_TLS
[03:26:28:863] [148351:000243ab] [DEBUG][com.freerdp.core.nego] - [nego_attempt_tls]: Attempting TLS security
[03:26:28:863] [148351:000243ab] [DEBUG][com.freerdp.core.nego] - [nego_send_negotiation_request]: RequestedProtocols: 1
[03:26:28:866] [148351:000243ab] [DEBUG][com.freerdp.core.nego] - [nego_process_negotiation_response]: RDP_NEG_RSP::flags = { [0x01] |EXTENDED_CLIENT_DATA_SUPPORTED }
[03:26:28:866] [148351:000243ab] [DEBUG][com.freerdp.core.nego] - [nego_recv]: selected_protocol: 1
[03:26:28:866] [148351:000243ab] [DEBUG][com.freerdp.core.nego] - [nego_connect]: Negotiated TLS security
[03:26:28:866] [148351:000243ab] [DEBUG][com.freerdp.core.nego] - [nego_try_connect]: nego_security_connect with PROTOCOL_SSL
This leads me to think that these lines are normal logs and that the actual issue happens later but without anything being logged. I have set FreeRDP log level to TRACE and am using G_MESSAGES_PREFIXED=all G_MESSAGES_DEBUG=all
.
Local System Description
- Client (OS name and version): Arch Linux
- Remmina version (
org.remmina.Remmina - 1.4.35 (git n/a)
): - Installation(s):
-
Distribution package. -
PPA. -
Snap. -
Flatpak. -
Compiled from sources. -
Other - detail:
-
- Desktop environment (GNOME, Unity, KDE, ..): Awesome WM
- Plugin(s):
-
RDP - freerdp version ( xfreerdp --version
): 3.5.1 -
VNC -
SSH -
SFTP -
SPICE -
WWW -
EXEC -
Other (please specify):
-
- GTK backend (Wayland, Xorg): Xorg