Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

APM - Linux native client for RDP


I just tried out the newest builds of freerdp and found them to finally have implemented access tokens. This means that we can finally let users of Linux use a native client while accessing RDP resources through a webtop. However I have only been able to make this work with the cli xfreerdp client.

~ xfreerdp launchxxxx.rdp

So my question is really if anyone has been able to get remmina or any other graphical client that uses freerdp libraries to work?


Rate this Question
Comments on this Question
Comment made 1 month ago by zbirmingham 111

What does your policy look like? I cannot get xfreerdp to work at all and receive the following errors:

transport_connect: getaddrinfo (Name or service not known)
Error: protocol security negotiation failure

I am leveraging multi-factor authentication for my gateway but not for my RDS Host.

Comment made 1 month ago by Henrik S 342

Is it working with native Windows clients?

Do you use FIP VSs and remembered to create a specific FIP VS for wildcard:3389 as noted in the guide:

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-implementations-14-0-0/10.html under "Overview: Processing RDP traffic on a device configured for explicit forward proxy?"

Other than that, our policy is plain and simple by the guides:

Authentication with MFA and a terminal that assigns:

-RDG Policy to both browser and rdp client.

-Browser gets Full Webtop with RDWeb resources in integrated mode

Comment made 1 month ago by zbirmingham 111

I do not have the windcard:3389 VS created as the APM/RDS works from my Windows clients.

I am requiring MFA before launching a webtop, then giving the RDP session file within my policy.

Image Text

Comment made 2 weeks ago by zbirmingham 111

Just an update...

I was able to get passed the transport and security errors by disabling SSO on my RDP connection profiles. Then I run xfreerdp, call my *.rdp file, and manually define my credentials for the remote RDP server in the command.

Still no-go with any GUI clients.

Comment made 1 week ago by Henrik S 342

I have SSO working also for Linux clients.

There was no need of doing anything other than to check that domain, username and password was available in the specified session variables.

However I have not made it work when the users are members of the protected users group in AD.

Other than that, you can fix nautilus or other X-file browsers to open up a .rdp file in xfreerdp by specifying a custom mime handle to open xfreerdp through gnome-terminal.


Answers to this Question


Yes, I have been.

Comments on this Answer
Comment made 1 month ago by Henrik S 342

Would you please elaborate? When I try to open the signed .rdp with access token in remmina 1.3.0 from 18.01.2019 I still get that the file cannot be opened or imported. freerdp2-x11 (xfreerdp) from command line still works.

Comment made 1 month ago by Faruk AYDIN 947

Do you use public or self-signed certificate?
What is the CN of the certificate? It must be same as the website name(F5 APM portal).

Comment made 1 month ago by Henrik S 342

Certificates in use are all trusted. Which certificate are you referring to?

Are you using RDWA/RDSH resources from RDweb in full webtop with APM as RDP gateway

Are you using LTM+APM to RDweb with APM as RDP gateway?

Which GUI client have you been able to use on Linux?