You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by takuya morita <mr...@gmail.com> on 2021/08/05 01:54:20 UTC

About AD authentication in guacamole

Hi, guacamole support.

I am Takuya, Engineer in Japan.
I have a trouble with AD authentication in Guacamole on Docker.

Problem:
・I can't login Guacamole with AD users.

Current state:
・Network sparse communication achieved.
・Ticket exchange with AD is not a problem.
・I can get only error(warn) log about auth failed.
 ex. 00:50:51:610 [http-nio-8080-exec-5] WARN
o.a.g.r.auth.AuthenticationService - Authentication attempt from
[172.19.0.1,
 172.19.0.1] for user "ito" failed.
・Docker image is guacamole/guacamole

Please let me know how I should troubleshoot.

Re: About AD authentication in guacamole

Posted by Bogdan Tomasciuc <bo...@gmail.com>.
Hey Takuya,

I can share with you my guacamole.properties with sensitive data
obfuscated. Maybe something sticks out.
Also make sure the ldap authentication plugin is installed.

# DC IP
ldap-hostname: XXX.XXX.XXX.XXX
# By default LDAP communication is not encrypted
ldap-encryption-method: none
# Change LDAP.USERNAME with a LDAP admin account or at least with general
read access across domain.
ldap-search-bind-dn: CN=LDAP.USERNAME,CN=Users,DC=mydomain,DC=local
# The password for the user above
ldap-search-bind-password: $Some_super_secret_password
# Where we search for logins. I search all domain and filter them by groups
below.
ldap-user-base-dn: dc=mydomain,dc=local
# What we use for login name in Guacamole
ldap-username-attribute: SamAccountName
# Where we look for groups inside LDAP
ldap-group-base-dn: OU=GuacamoleUsers,DC=mydomain,DC=local
# What we use as group name
ldap-group-name-attribute: cn
# User filter string
ldap-user-search-filter:
(&(objectClass=user)(|(memberOf=CN=GUAC_Group_Administrators,OU=GuacamoleUsers,DC=mydomain,DC=local)(memberOf=CN=GUAC_Group_RegularUsers,OU=GuacamoleUsers,DC=mydomain,DC=local))
ldap-member-attribute: member
ldap-attribute-member-type: dn

Hope this helps!


*Best regards,*

*Bogdan TOMASCIUC*



On Thu, Aug 5, 2021 at 4:54 AM takuya morita <mr...@gmail.com> wrote:

> Hi, guacamole support.
>
> I am Takuya, Engineer in Japan.
> I have a trouble with AD authentication in Guacamole on Docker.
>
> Problem:
> ・I can't login Guacamole with AD users.
>
> Current state:
> ・Network sparse communication achieved.
> ・Ticket exchange with AD is not a problem.
> ・I can get only error(warn) log about auth failed.
>  ex. 00:50:51:610 [http-nio-8080-exec-5] WARN
> o.a.g.r.auth.AuthenticationService - Authentication attempt from
> [172.19.0.1,
>  172.19.0.1] for user "ito" failed.
> ・Docker image is guacamole/guacamole
>
> Please let me know how I should troubleshoot.
>
>
>