You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Nick Couchman <vn...@apache.org> on 2020/02/01 06:19:27 UTC
Re: VNC with AD auth
On Fri, Jan 31, 2020 at 5:41 PM Vieri <re...@yahoo.com.invalid> wrote:
>
> On Friday, January 31, 2020, 5:42:21 PM GMT+1, jerryjungbluth <
> jerryjungbluth@gmail.com> wrote:
>
> >> Anyway, I would like to confirm that UltraVNC with MS AD authentication
> >> works great.
> >
> > Is this not saying that Guacamole worked to connect to UltraVNC using
> Active
> > Directory auth? I can't find anything that talks about UltraVNC and
> Active
> > Directory auth without it talking about MSLogon.
>
> Indeed, I can connect to an UltraVNC server, albeit quite old, but with
> the following settings (I don't know if I can send screenshots here):
>
> Security - Require MS Logon (User/Password/Domain) [Checked]
> New MS Logon (Support multiple domains) [Checked]
>
> In "Configure MS Logon Groups", I have 2 AD domain gorups listed.
>
> UltraVNC's mslogon.log shows that my domain user is authenticating (I'd
> need to check my ADs to confirm that my domain user is being validated
> there, but there's really no other way).
>
Wow, okay, well, that's interesting :-). Can you post (remind us) what
Linux distribution you're running and what version of libvnc you have
installed? Also, if you're able, can you put guacd in debug mode and post
messages from a successful connection, particularly around the point where
the security protocol is negotiated?
-Nick
Re: VNC with AD auth
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Feb 3, 2020 at 7:27 AM tako <co...@temple.edu> wrote:
> Yeah, looks like Ultra doesn't use the standard identifier for MSLogon (-6
> or
> #fffffa) but implemented its own per the list here.
> https://forum.ultravnc.net/viewtopic.php?f=4&t=34796#p105447
>
> Wonder what'd be easier, UtraVNC updating their server code to make this
> more compatible or figuring out how to make libvnc client understand this.
>
My guess is that a contribution to libvnc would be easier - I don't think
UltraVNC has released a version in several years, so I suspect that
development is pretty dormant.
libvnc isn't terribly active, but it is active, and I suspect they'd be
happy to have contributions if someone is able to take a stab at
implementing the support.
-Nick
Re: VNC with AD auth
Posted by tako <co...@temple.edu>.
Yeah, looks like Ultra doesn't use the standard identifier for MSLogon (-6 or
#fffffa) but implemented its own per the list here.
https://forum.ultravnc.net/viewtopic.php?f=4&t=34796#p105447
Wonder what'd be easier, UtraVNC updating their server code to make this
more compatible or figuring out how to make libvnc client understand this.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Feb 3, 2020 at 3:06 AM Vieri <re...@yahoo.com.invalid> wrote:
> On Monday, February 3, 2020, 8:31:34 AM GMT+1, tako <co...@temple.edu>
> wrote:
> >
> > I'm also testing this with UltraVNC 1.2.24 on the Guacamole 1.1.0 Docker
> > image; doesn't seem to work. Is there any information I can provide?
>
> Unfortunately, it seems that newer versions of UltraVNC do not work.
>
> I tried a connection with a newer UltraVNC install, and this time it fails
> with:
>
> Feb 3 08:59:09 guacd[14661]: Client is using protocol version
> "VERSION_1_1_0"
> Feb 3 08:59:09 guacd[14661]: VNC server supports protocol version 3.8
> (viewer 3.8)
> Feb 3 08:59:09 guacd[14661]: We have 2 security types to read
> Feb 3 08:59:09 guacd[14661]: 0) Received security type 17
> Feb 3 08:59:09 guacd[14661]: 1) Received security type 113
> Feb 3 08:59:09 guacd[14661]: Unknown authentication scheme from VNC
> server: 17, 113
> Feb 3 08:59:09 guacd[14661]: Connect failed. Waiting 1000ms before
> retrying...
>
> Ultr@VNC 1.2.0.5 Release - Dec 2014 on Windows 10.
>
Interesting - so looks like UltraVNC changed the security types they are
sending through, and libvnc doesn't know what to do with those. Too bad.
-Nick
Re: VNC with AD auth
Posted by Vieri <re...@yahoo.com.INVALID>.
On Monday, February 3, 2020, 8:31:34 AM GMT+1, tako <co...@temple.edu> wrote:
>
> I'm also testing this with UltraVNC 1.2.24 on the Guacamole 1.1.0 Docker
> image; doesn't seem to work. Is there any information I can provide?
Unfortunately, it seems that newer versions of UltraVNC do not work.
I tried a connection with a newer UltraVNC install, and this time it fails with:
Feb 3 08:59:09 guacd[14661]: Client is using protocol version "VERSION_1_1_0"
Feb 3 08:59:09 guacd[14661]: VNC server supports protocol version 3.8 (viewer 3.8)
Feb 3 08:59:09 guacd[14661]: We have 2 security types to read
Feb 3 08:59:09 guacd[14661]: 0) Received security type 17
Feb 3 08:59:09 guacd[14661]: 1) Received security type 113
Feb 3 08:59:09 guacd[14661]: Unknown authentication scheme from VNC server: 17, 113
Feb 3 08:59:09 guacd[14661]: Connect failed. Waiting 1000ms before retrying...
Ultr@VNC 1.2.0.5 Release - Dec 2014 on Windows 10.
:-(
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by tako <co...@temple.edu>.
I'm also testing this with UltraVNC 1.2.24 on the Guacamole 1.1.0 Docker
image; doesn't seem to work. Is there any information I can provide?
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Nick Couchman <vn...@apache.org>.
On Sun, Feb 2, 2020 at 9:02 AM Vieri <re...@yahoo.com.invalid> wrote:
>
> On Saturday, February 1, 2020, 7:19:46 AM GMT+1, Nick Couchman <
> vnick@apache.org> wrote: >
> >
> > Wow, okay, well, that's interesting :-). Can you post (remind us) what
> Linux distribution you're running and what version of libvnc you have
> installed? Also, if you're
> > able, can you put guacd in debug mode and post messages from a
> successful connection, particularly around the point where the security
> protocol is negotiated?
>
> Sure, I'm running Gentoo Linux with libvnc version 0.9.12.
>
> Feb 2 14:51:25 guacd[25227]: User "@048497da-714e-45e6-868c-7ac641d8ebd1"
> joined connection "$13fc6b2c-57a3-4b4e-b35a-a8f66a6fb798" (1 users now pres
> ent)
> Feb 2 14:51:25 guacd[25227]: Client is using protocol version
> "VERSION_1_1_0"
> Feb 2 14:51:26 guacd[25227]: UltraVNC server detected, enabling UltraVNC
> specific messages
> Feb 2 14:51:26 guacd[25227]: VNC server supports protocol version 3.4
> (viewer 3.8)
> Feb 2 14:51:26 guacd[25227]: Selected Security Scheme -6
> Feb 2 14:51:26 guacd[25227]: WARNING! MSLogon security type has very low
> password encryption! Use it only with SSH tunnel or trusted network.
> Feb 2 14:51:26 guacd[25227]: VNC authentication succeeded
Well, I take back my inaccurate statement that libvnc does not support
MSLogon - clearly it does! I'm wondering if libvnc added it in a certain
version. CentOS appears to use 0.9.9, so it just could be that, since
that's my default version, I didn't see support in there for it. I'm
wondering if that's similar to what Jerry is seeing - maybe it's an older
version like CentOS uses.
-Nick
Re: VNC with AD auth
Posted by Vieri <re...@yahoo.com.INVALID>.
On Saturday, February 1, 2020, 7:19:46 AM GMT+1, Nick Couchman <vn...@apache.org> wrote: >
>
> Wow, okay, well, that's interesting :-). Can you post (remind us) what Linux distribution you're running and what version of libvnc you have installed? Also, if you're
> able, can you put guacd in debug mode and post messages from a successful connection, particularly around the point where the security protocol is negotiated?
Sure, I'm running Gentoo Linux with libvnc version 0.9.12.
Feb 2 14:51:25 guacd[25227]: User "@048497da-714e-45e6-868c-7ac641d8ebd1" joined connection "$13fc6b2c-57a3-4b4e-b35a-a8f66a6fb798" (1 users now pres
ent)
Feb 2 14:51:25 guacd[25227]: Client is using protocol version "VERSION_1_1_0"
Feb 2 14:51:26 guacd[25227]: UltraVNC server detected, enabling UltraVNC specific messages
Feb 2 14:51:26 guacd[25227]: VNC server supports protocol version 3.4 (viewer 3.8)
Feb 2 14:51:26 guacd[25227]: Selected Security Scheme -6
Feb 2 14:51:26 guacd[25227]: WARNING! MSLogon security type has very low password encryption! Use it only with SSH tunnel or trusted network.
Feb 2 14:51:26 guacd[25227]: VNC authentication succeeded
Feb 2 14:51:26 guacd[25227]: Desktop name "srv1 ( 10.1.104.11 )"
Feb 2 14:51:26 guacd[25227]: Connected to VNC server, using protocol version 3.4
Feb 2 14:51:26 guacd[25227]: VNC server default format:
Feb 2 14:51:26 guacd[25227]: 32 bits per pixel.
Feb 2 14:51:26 guacd[25227]: Least significant byte first in each pixel.
Feb 2 14:51:26 guacd[25227]: TRUE colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org