I just tried out the newest builds of freerdp and found them to finally have implemented access tokens.
This means that we can finally let users of Linux use a native client while accessing RDP resources through a webtop.
However I have only been able to make this work with the cli xfreerdp client.
~ xfreerdp launchxxxx.rdp
So my question is really if anyone has been able to get remmina or any other graphical client that uses freerdp libraries to work?
What does your policy look like? I cannot get xfreerdp to work at all and receive the following errors:
transport_connect: getaddrinfo (Name or service not known)
Error: protocol security negotiation failure
I am leveraging multi-factor authentication for my gateway but not for my RDS Host.
Is it working with native Windows clients?
Do you use FIP VSs and remembered to create a specific FIP VS for wildcard:3389 as noted in the guide:
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-implementations-14-0-0/10.html under "Overview: Processing RDP traffic on a device configured for explicit forward proxy?"
Other than that, our policy is plain and simple by the guides:
Authentication with MFA and a terminal that assigns:
-RDG Policy to both browser and rdp client.
-Browser gets Full Webtop with RDWeb resources in integrated mode
I do not have the windcard:3389 VS created as the APM/RDS works from my Windows clients.
I am requiring MFA before launching a webtop, then giving the RDP session file within my policy.
Just an update...
I was able to get passed the transport and security errors by disabling SSO on my RDP connection profiles. Then I run xfreerdp, call my *.rdp file, and manually define my credentials for the remote RDP server in the command.
Still no-go with any GUI clients.
I have SSO working also for Linux clients.
There was no need of doing anything other than to check that domain, username and password was available in the specified session variables.
However I have not made it work when the users are members of the protected users group in AD.
Other than that, you can fix nautilus or other X-file browsers to open up a .rdp file in xfreerdp by specifying a custom mime handle to open xfreerdp through gnome-terminal.
Yes, I have been.
Would you please elaborate? When I try to open the signed .rdp with access token in remmina 1.3.0 from 18.01.2019 I still get that the file cannot be opened or imported. freerdp2-x11 (xfreerdp) from command line still works.
Do you use public or self-signed certificate?
What is the CN of the certificate? It must be same as the website name(F5 APM portal).
Certificates in use are all trusted. Which certificate are you referring to?
Are you using RDWA/RDSH resources from RDweb in full webtop with APM as RDP gateway
Are you using LTM+APM to RDweb with APM as RDP gateway?
Which GUI client have you been able to use on Linux?