You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Peer-Joachim Koch <Pe...@leibniz-hki.de> on 2022/03/23 14:55:57 UTC

Problem with ldap and local user

Hi,

we setup a guacamole system. Normaly we are using LDAP for our user.
No we want to give some external people access. This fails.

So we created a user in the gui, set the password. This local user can
connect
with the username and password and TOTP.
If we put the user into a group still everything is working.
When we add a connection to this account we only see an error message
"An error occurred ..."

2022-03-23T15:49:21.512042+01:00 guacamole server[21496]: 15:49:21.511
[http-nio-8080-exec-2] INFO  o.a.g.r.auth.AuthenticationService - User
"USER" successfully authenticated from 10.96.2.1.
2022-03-23T15:49:21.516133+01:00 guacamole server[21496]: 15:49:21.515
[http-nio-8080-exec-2] DEBUG o.a.g.r.auth.AuthenticationService - Login
was successful for user "USER".
2022-03-23T15:49:24.928761+01:00 guacamole server[21496]: 15:49:24.928
[pool-3-thread-1] DEBUG o.a.g.a.t.u.CodeUsageTrackingService - TOTP
tracking cleanup check completed in 0 ms.
2022-03-23T15:49:31.203457+01:00 guacamole server[21496]: 15:49:31.203
[http-nio-8080-exec-8] DEBUG o.a.g.rest.RESTExceptionMapper - Client
request rejected: Not found: "USER"
2022-03-23T15:49:31.205175+01:00 guacamole server[21496]: 15:49:31.204
[http-nio-8080-exec-3] DEBUG o.a.g.rest.RESTExceptionMapper - Client
request rejected: Not found: "USER"
2022-03-23T15:49:46.329894+01:00 guacamole server[21496]: 15:49:46.329
[pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking
for expired sessions...
2022-03-23T15:49:46.330421+01:00 guacamole server[21496]: 15:49:46.329
[pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session
check completed in 0 ms.
2022-03-23T15:49:49.674907+01:00 guacamole server[21496]: 15:49:49.674
[http-nio-8080-exec-2] DEBUG o.a.g.r.auth.AuthenticationService -
Anonymous authentication attempt from 10.96.2.1 failed.
2022-03-23T15:49:49.675413+01:00 guacamole server[21496]: 15:49:49.674
[http-nio-8080-exec-2] DEBUG o.a.g.rest.RESTExceptionMapper - Client
request rejected: Invalid login
2022-03-23T15:49:53.769284+01:00 guacamole server[21496]: 15:49:53.769
[http-nio-8080-exec-9] INFO  o.a.g.r.auth.AuthenticationService - User
"USER" successfully authenticated from 10.96.2.1.
2022-03-23T15:49:53.772716+01:00 guacamole server[21496]: 15:49:53.771
[http-nio-8080-exec-9] DEBUG o.a.g.rest.RESTExceptionMapper - Client
request rejected: A TOTP authentication code is required before login
can continue
2022-03-23T15:50:09.899455+01:00 guacamole server[21496]: 15:50:09.899
[http-nio-8080-exec-7] INFO  o.a.g.r.auth.AuthenticationService - User
"USER" successfully authenticated from 10.96.2.1.
2022-03-23T15:50:09.901936+01:00 guacamole server[21496]: 15:50:09.901
[http-nio-8080-exec-7] DEBUG o.a.g.r.auth.AuthenticationService - Login
was successful for user "USER".
2022-03-23T15:50:24.928753+01:00 guacamole server[21496]: 15:50:24.928
[pool-3-thread-1] DEBUG o.a.g.a.t.u.CodeUsageTrackingService - TOTP
tracking cleanup check completed in 0 ms.
2022-03-23T15:50:46.329834+01:00 guacamole server[21496]: 15:50:46.329
[pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking
for expired sessions...
2022-03-23T15:50:46.330193+01:00 guacamole server[21496]: 15:50:46.329
[pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session
check completed in 0 ms.
2022-03-23T15:51:24.928843+01:00 guacamole server[21496]: 15:51:24.928
[pool-3-thread-1] DEBUG o.a.g.a.t.u.CodeUsageTrackingService - TOTP
tracking cleanup check completed in 0 ms.
2022-03-23T15:51:46.329885+01:00 guacamole server[21496]: 15:51:46.329
[pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking
for expired sessions...
2022-03-23T15:51:46.330197+01:00 guacamole server[21496]: 15:51:46.329
[pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session
check completed in 0 ms.

When we remove the connection, everything is fine again. With LDAP
users everything is working.
We also created a local home without any success. 

Any help is welcome!

System: VM, SLES 12SP5, guacamole 1.3

Bye,
	  Peer
____________________________________
Leibniz-Institut für Naturstoff-Forschung und Infektionsbiologie e. V.
Hans-Knöll-Institut (HKI)
Dr. Peer-Joachim Koch
 
Beutenbergstraße 11a
07745 Jena   
Tel.: +49 3641 5321029
Fax.: +49 3641 5322029
e-Mail: Peer-Joachim.Koch@Leibniz-HKI.de