We have developed a thin client USB stick using Tinycore and rdesktop which, on the whole, is working brilliantly.
We are using rdesktop because it immediately gives our users Windows familiarity. But the second logon after redirection from the connection broker is an issue (not for IT department. We appreciate how brilliant this software really is).
I have downloaded and compiled the latest version but it does not handle the broker without two logons.
I've compiled libgssglue-0.4 and added Kerberos client but Kerberos cannot be used "in the field". While we have a network closed to the public, it is still shared by other businesses so we have to maintain security as though it were exposed to the public.
We cannot change the security of the Windows 2008 R2 Farm as this resides in a DMZ so we have to keep it at its maximum.
Below is the output from a generic logon:
root@LubuntuPMTest:/home/admin001# rdesktop -u "xxx.yyy@A.B.C" tsfarm.A.B.C
Autoselected keyboard map en-gb
ERROR: CredSSP: Negotiation failed.
Connection established using SSL.
WARNING: Remote desktop does not support colour depth 24; falling back to 16
Redirected to email@example.com session 2083890028.
Connection established using CredSSP.
On the terminal screen, logon fails for the brokered server saying "password incorrect". Re-typing the password gives a clean logon with CredSSP instead of SSL (as indicated above)
We are determined to provide this as a viable client - it has everything we need.
Install was as follows (Lubuntu):
apt-get install libgssglue
apt-get install krb5-usr
apt-get install krb5-config
tar -zxf rdesktop-1.8.2.tar.gz
We are so close to having this as a seamless client.
May I ask for (not too personal) suggestions, please?
Philippe aka sirdespard