Forced to supply username/password with -m MS operating mode

Discussion in 'Parallels Client for Linux' started by ShaunD, Nov 21, 2017.

  1. ShaunD

    ShaunD Bit Poster

    Messages:
    4
    I'm attempting to utilize the Parallels Client to connect to an 2016 RDP server. I'm using the -m MS option, which works fine when I supply the domain, username and password using the -d, -u and -p options. For most of the time, this would work fine, but when a user's password is expired and needs to be changed, they are unable to connect to the server, and therefore, can't reset their password.

    I tried disabling NLA by using the --rdp-security 0 option, but the users still can't change their password when they connect to the server. I'm a little surprised that the Parallels Client insists that the username and domain field are required when using the -m MS option, even when NLA is disabled. I would expect the Parallels Client to simply allow anonymous connections to the RDP server when NLA is disabled and when the username field is not specified. This is how other RDP clients, such as freerdp behave when NLA is disabled. In other words, I would expect the -u, -d and -p options to be ignored when NLA is disabled (security set to RDP).

    Perhaps there's a command line option that would allow this. Does anyone know how if what I'm looking for is available in the Parallels Client?

    Thanks,

    Shaun
     
  2. jpc

    jpc Kilo Poster

    Messages:
    303
    @ShaunD AFAIK, when using "-m MS", only the username and the server name should be required. If you pass no password, it will still prompt for one but you can ignore that (just press "ok") and continue with the connection. At that point, the user should be able to change the password from the RDP session.

    In your case, are you getting some error that there are missing arguments or is there some other error message e.g. about expired passwords?

    If you have a RAS installation it will also automatically prompt the users for a password change if it is expired or your users could utilise its password reset self-service functionality, all without needing to lower the security level on your clients and servers.
     
  3. ShaunD

    ShaunD Bit Poster

    Messages:
    4
    Hi @jpc,

    thanks for the detailed response. I tried supplying only the username through the dialog box, but I ran into trouble. If I set the security level to 2 (NLA), the login dialog complains about invalid credentials if I leave the password blank. If I lower the security to level 0 (RDP), after I click OK on the authentication dialog, a fullscreen black screen comes up and I can't escape out of it until I kill the process from within a SSH session. I believe the black screen issue has been fixed in the latest build (18912) of the client though --- I'm currently running build 18456. I'll upgrade the client and see if it resolves my issue.

    I'll report back my findings soon. Thanks!

    Shaun
     

Share This Page