You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "David Young (JIRA)" <ji...@apache.org> on 2019/05/02 21:20:00 UTC
[jira] [Commented] (GUACAMOLE-774) RADIUS support for MS-CHAPv1 and
MS-CHAPv2 fails
[ https://issues.apache.org/jira/browse/GUACAMOLE-774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16831986#comment-16831986 ]
David Young commented on GUACAMOLE-774:
---------------------------------------
@Nick,
On 2 May I cloned/downloaded the current 1.1.0 guacamole client including prividers, and manually added/overwrote the radius provider java code with the files from pulled 774. I've attached them in a zip file. I then successfully compiled with maven and copied the war files to my production CentOS server and ran the new guacamole.war, and radius authentication and mysql jdbc providers against my Windows 2019 Network Policy Server (i.e. radius server). Attached is my guacamole.properties file and screen shot of Windows Server settings. Essentially I enabled all possible connection types on Windows Server.
I also copied into the GUACAMOLE HOME directory default files/formats with no passwords of the PKCS12 key file and CA certificates file, that were consistent with what was required by my Windows Server for a connection. (Similar files are used on our linux-based fortigate firewall to connect to the Windows Server to authenticate and create VPN connections for external users.)
I then tested pap, chap, mschapv1, mschapv2, eap-ttls + pap, eal-ttls + mschapv2 from guacamole.
The only successful connections were with pap and mschapv2.
I've attached the catalina.out log extracts for the failed connections for the two eap-ttls configs (from restarting tomcat through to the attempted connection).
What can I do to provide more detailed and helpful logs from my guacamole server ?
Thanks.
[^radius 1.1.0 774 source.zip]
[^guacamole.properties]
^!Windows Network Policy Server Settings.jpg!^
[^eap-ttls pap errors log.txt]
[^eap-ttls mschapv2 errors log.txt]
-David
> RADIUS support for MS-CHAPv1 and MS-CHAPv2 fails
> ------------------------------------------------
>
> Key: GUACAMOLE-774
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-774
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-radius
> Affects Versions: 1.0.0
> Reporter: kamal_ezzaki
> Assignee: Nick Couchman
> Priority: Minor
> Attachments: Windows Network Policy Server Settings.jpg, eap-ttls mschapv2 errors log.txt, eap-ttls pap errors log.txt, guacamole.properties, radius 1.1.0 774 source.zip
>
>
> after i installed guacamole in my machine i get this error when i try to connect using radius
> {color:#FF0000}16:39:55 localhost server: 16:39:55.514 [http-bio-8080-exec-8] ERROR o.a.g.a.r.RadiusConnectionService - No such RADIUS algorithm: MD4 MessageDigest not available{color}
> {color:#FF0000}Apr 8 16:39:55 localhost server: 16:39:55.532 [http-bio-8080-exec-8] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 192.168.234.139 for user "TestUser" failed.{color}
>
> {color:#333333}when i use pap, chap authentification it's passed , but using mschapv1,mschapv2 the connection doesn't passe {color}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)