Ldap auth not working anymore: MSG_04137_NOD_RECEIVED

[Glauco Rampogna <gl...@gmail.com>]

After 4 weeks of fully integration between Guacamole 1.1.0 and our windows
2012 R2 AD server, the auth service is unavailable. This happened after a
scheduled reboot.

We've tried a simple ldapsearch and it works.
The log entry shows that the binding seem's ok:

Mar 26 12:02:20 guacamole server: 12:02:20.798 [http-bio-8080-exec-153]
DEBUG o.a.g.a.ldap.LDAPConnectionService - Connection to LDAP server
without encryption.
Mar 26 12:02:20 guacamole server: 12:02:20.799 [http-bio-8080-exec-153]
DEBUG

---CUT---

Mar 26 12:02:20 guacamole server: Message ID : 1
Mar 26 12:02:20 guacamole server: BindResponse
Mar 26 12:02:20 guacamole server: Ldap Result
Mar 26 12:02:20 guacamole server: Result code : (SUCCESS) success
Mar 26 12:02:20 guacamole server: Matched Dn : ''
Mar 26 12:02:20 guacamole server: Diagnostic message : ''
Mar 26 12:02:20 guacamole server: )
Mar 26 12:02:20 guacamole server: 12:02:20.816 [NioProcessor-40] DEBUG
o.a.d.l.c.api.LdapNetworkConnection - MSG_04142_MESSAGE_RECEIVED
(MessageType : BIND_RESPONSE
Mar 26 12:02:20 guacamole server: Message ID : 1
Mar 26 12:02:20 guacamole server: BindResponse
Mar 26 12:02:20 guacamole server: Ldap Result
Mar 26 12:02:20 guacamole server: Result code : (SUCCESS) success
Mar 26 12:02:20 guacamole server: Matched Dn : ''
Mar 26 12:02:20 guacamole server: Diagnostic message : ''
Mar 26 12:02:20 guacamole server: )
Mar 26 12:02:20 guacamole server: 12:02:20.816 [NioProcessor-40] DEBUG
o.a.d.l.c.api.LdapNetworkConnection - MSG_04119_GETTING
(1,org.apache.directory.ldap.client.api.future.BindFuture)
Mar 26 12:02:20 guacamole server: 12:02:20.816 [NioProcessor-40] DEBUG
o.a.d.l.c.api.LdapNetworkConnection - MSG_04101_BIND_SUCCESSFUL
(MessageType : BIND_RESPONSE
Mar 26 12:02:20 guacamole server: Message ID : 1
Mar 26 12:02:20 guacamole server: BindResponse
Mar 26 12:02:20 guacamole server: Ldap Result
Mar 26 12:02:20 guacamole server: Result code : (SUCCESS) success
Mar 26 12:02:20 guacamole server: Matched Dn : ''
Mar 26 12:02:20 guacamole server: Diagnostic message : ''
Mar 26 12:02:20 guacamole server: )
Mar 26 12:02:20 guacamole server: 12:02:20.816 [NioProcessor-40] DEBUG
o.a.d.l.c.api.LdapNetworkConnection - MSG_04126_REMOVING
(1,org.apache.directory.ldap.client.api.future.BindFuture)
Mar 26 12:02:20 guacamole server: 12:02:20.816 [http-bio-8080-exec-153]
DEBUG o.a.d.l.c.api.LdapNetworkConnection - MSG_04101_BIND_SUCCESSFUL
(MessageType : BIND_RESPONSE
Mar 26 12:02:20 guacamole server: Message ID : 1
Mar 26 12:02:20 guacamole server: BindResponse
Mar 26 12:02:20 guacamole server: Ldap Result
Mar 26 12:02:20 guacamole server: Result code : (SUCCESS) success
Mar 26 12:02:20 guacamole server: Matched Dn : ''
Mar 26 12:02:20 guacamole server: Diagnostic message : ''
Mar 26 12:02:20 guacamole server: )

Mar 26 12:02:20 guacamole server: 12:02:20.817 [http-bio-8080-exec-153]
DEBUG o.a.g.auth.ldap.ObjectQueryService - Searching "DC=domain,DC=name"
for objects matching "(&(objectClass=*)(|(sAMAccountName=testuser)))".

Mar 26 12:02:20 guacamole server: 12:02:20.817 [NioProcessor-40] DEBUG
o.a.d.l.c.api.LdapNetworkConnection - *MSG_04137_NOD_RECEIVED *()

Mar 26 12:02:20 guacamole server: 12:02:20.819 [http-bio-8080-exec-153]
WARN  o.a.g.e.AuthenticationProviderFacade - The "ldap" authentication
provider has encountered an internal error which will halt the
authentication process. If this is unexpected or you are the developer of
this authentication provider, you may wish to enable debug-level logging.
If this is expected and you wish to ignore such failures in the future,
please set "skip-if-unavailable: ldap" within your guacamole.properties.

Mar 26 12:02:20 guacamole server: 12:02:20.819 [http-bio-8080-exec-153]
WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from
XX.XX.XX.XX for user "testuser" failed.

Kind regards

--