7144 – Reconnection with smart card auth fails with "incorrect pin" after redirection

Bug 7144 - Reconnection with smart card auth fails with "incorrect pin" after redirection

Summary: Reconnection with smart card auth fails with "incorrect pin" after redirection

Status:	CLOSED FIXED

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	\| rdesktop (deprecated) (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	4.9.0
Assignee:	Samuel Mannehed

URL:
Keywords:	relnotes, upstream

Depends on:
Blocks:

Reported:	2018-04-12 15:26 CEST by Samuel Mannehed
Modified:	2018-04-20 13:25 CEST (History)
CC List:	1 user (show)

See Also:
Acceptance Criteria:

Attachments
Screenshot of the error on Windows Server 2008 R2 (29.31 KB, image/png) 2018-04-12 15:26 CEST, Samuel Mannehed	Details
Screenshot of the error on Windows Server 2016 (246.18 KB, image/png) 2018-04-12 15:27 CEST, Samuel Mannehed	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Samuel Mannehed cendio

2018-04-12 15:26:41 CEST

Created attachment 853 [details]
Screenshot of the error on Windows Server 2008 R2

Steps to reproduce:

1. Find a RDS farm with at least 2 servers
2. Login using smart card authentication
3. Note which RDS host you ended up on
4. Disconnect (don't log out)
5. Try to login to one of the other servers in the farm (not the one with your
disconnected session)

You will now be redirected to the server where your disconnected session is,
and get the "incorrect pin" error. Happens all the time on both Windows Server 2008 R2 and Windows Server 2016. We have not tested Windows Server 2012.

Comment 1 Samuel Mannehed cendio

2018-04-12 15:27:13 CEST

Created attachment 854 [details]
Screenshot of the error on Windows Server 2016

Comment 2 Samuel Mannehed cendio

2018-04-12 15:29:16 CEST

This has been observed with thinlinc 4.9.0 but also with older versions.

Comment 4 Henrik Andersson cendio

2018-04-17 17:01:18 CEST

Fix comitted upstream in 567b1f74

Comment 5 Pierre Ossman cendio

2018-04-19 10:27:07 CEST

Let's do this now since we found an easy fix.

Comment 7 Samuel Mannehed cendio

2018-04-19 13:53:28 CEST

Fixed now.

I verified that I could reproduce the problem against tl-4.9.0rc1 on Ubuntu 16.04 and Windows Server 2016. I then upgraded the rdesktop package to a newly built deb that includes the fix and verified that the problem doesn't exist anymore. I also briefly redirection for regular password authentication with and without CredSSP.

Comment 9 Pierre Ossman cendio

2018-04-20 13:25:00 CEST

Verified with 2008 and 2016. Redirect failed with an older rdesktop, but works fine with an upgraded one.

Note You need to log in before you can comment on or make changes to this bug.