www.cendio.com
Bug 7144 - Reconnection with smart card auth fails with "incorrect pin" after redirection
: Reconnection with smart card auth fails with "incorrect pin" after redirection
Status: CLOSED FIXED
: ThinLinc
| rdesktop (deprecated)
: trunk
: PC Unknown
: P2 Normal
: 4.9.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2018-04-12 15:26 by
Modified: 2018-04-20 13:25 (History)
Acceptance Criteria:


Attachments
Screenshot of the error on Windows Server 2008 R2 (29.31 KB, image/png)
2018-04-12 15:26, Samuel Mannehed
Details
Screenshot of the error on Windows Server 2016 (246.18 KB, image/png)
2018-04-12 15:27, Samuel Mannehed
Details


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2018-04-12 15:26:41
Created an attachment (id=853) [details]
Screenshot of the error on Windows Server 2008 R2

Steps to reproduce:

1. Find a RDS farm with at least 2 servers
2. Login using smart card authentication
3. Note which RDS host you ended up on
4. Disconnect (don't log out)
5. Try to login to one of the other servers in the farm (not the one with your
disconnected session)

You will now be redirected to the server where your disconnected session is,
and get the "incorrect pin" error. Happens all the time on both Windows Server
2008 R2 and Windows Server 2016. We have not tested Windows Server 2012.
------- Comment #1 From cendio 2018-04-12 15:27:13 -------
Created an attachment (id=854) [details]
Screenshot of the error on Windows Server 2016
------- Comment #2 From cendio 2018-04-12 15:29:16 -------
This has been observed with thinlinc 4.9.0 but also with older versions.
------- Comment #4 From cendio 2018-04-17 17:01:18 -------
Fix comitted upstream in 567b1f74
------- Comment #5 From cendio 2018-04-19 10:27:07 -------
Let's do this now since we found an easy fix.
------- Comment #7 From cendio 2018-04-19 13:53:28 -------
Fixed now.

I verified that I could reproduce the problem against tl-4.9.0rc1 on Ubuntu
16.04 and Windows Server 2016. I then upgraded the rdesktop package to a newly
built deb that includes the fix and verified that the problem doesn't exist
anymore. I also briefly redirection for regular password authentication with
and without CredSSP.
------- Comment #9 From cendio 2018-04-20 13:25:00 -------
Verified with 2008 and 2016. Redirect failed with an older rdesktop, but works
fine with an upgraded one.