You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Vieri <re...@yahoo.com.INVALID> on 2020/01/26 22:22:15 UTC
VNC with AD auth
Hi,
Just wanted to confirm that it is not possible to connect to an AD authed VNC through Guacamole. For instance, UltraVNC can be configured to authenticate via AD/LDAP instead of a single/static password. I know this is non-standard, but I'd just like to confirm that Guacamole will not support this type of VNC authentication.
The only bug report I've seen on the subject is this old one:
https://jira.glyptodon.com/browse/GUAC-173
Thanks,
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Feb 3, 2020 at 7:27 AM tako <co...@temple.edu> wrote:
> Yeah, looks like Ultra doesn't use the standard identifier for MSLogon (-6
> or
> #fffffa) but implemented its own per the list here.
> https://forum.ultravnc.net/viewtopic.php?f=4&t=34796#p105447
>
> Wonder what'd be easier, UtraVNC updating their server code to make this
> more compatible or figuring out how to make libvnc client understand this.
>
My guess is that a contribution to libvnc would be easier - I don't think
UltraVNC has released a version in several years, so I suspect that
development is pretty dormant.
libvnc isn't terribly active, but it is active, and I suspect they'd be
happy to have contributions if someone is able to take a stab at
implementing the support.
-Nick
Re: VNC with AD auth
Posted by tako <co...@temple.edu>.
Yeah, looks like Ultra doesn't use the standard identifier for MSLogon (-6 or
#fffffa) but implemented its own per the list here.
https://forum.ultravnc.net/viewtopic.php?f=4&t=34796#p105447
Wonder what'd be easier, UtraVNC updating their server code to make this
more compatible or figuring out how to make libvnc client understand this.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Feb 3, 2020 at 3:06 AM Vieri <re...@yahoo.com.invalid> wrote:
> On Monday, February 3, 2020, 8:31:34 AM GMT+1, tako <co...@temple.edu>
> wrote:
> >
> > I'm also testing this with UltraVNC 1.2.24 on the Guacamole 1.1.0 Docker
> > image; doesn't seem to work. Is there any information I can provide?
>
> Unfortunately, it seems that newer versions of UltraVNC do not work.
>
> I tried a connection with a newer UltraVNC install, and this time it fails
> with:
>
> Feb 3 08:59:09 guacd[14661]: Client is using protocol version
> "VERSION_1_1_0"
> Feb 3 08:59:09 guacd[14661]: VNC server supports protocol version 3.8
> (viewer 3.8)
> Feb 3 08:59:09 guacd[14661]: We have 2 security types to read
> Feb 3 08:59:09 guacd[14661]: 0) Received security type 17
> Feb 3 08:59:09 guacd[14661]: 1) Received security type 113
> Feb 3 08:59:09 guacd[14661]: Unknown authentication scheme from VNC
> server: 17, 113
> Feb 3 08:59:09 guacd[14661]: Connect failed. Waiting 1000ms before
> retrying...
>
> Ultr@VNC 1.2.0.5 Release - Dec 2014 on Windows 10.
>
Interesting - so looks like UltraVNC changed the security types they are
sending through, and libvnc doesn't know what to do with those. Too bad.
-Nick
Re: VNC with AD auth
Posted by Vieri <re...@yahoo.com.INVALID>.
On Monday, February 3, 2020, 8:31:34 AM GMT+1, tako <co...@temple.edu> wrote:
>
> I'm also testing this with UltraVNC 1.2.24 on the Guacamole 1.1.0 Docker
> image; doesn't seem to work. Is there any information I can provide?
Unfortunately, it seems that newer versions of UltraVNC do not work.
I tried a connection with a newer UltraVNC install, and this time it fails with:
Feb 3 08:59:09 guacd[14661]: Client is using protocol version "VERSION_1_1_0"
Feb 3 08:59:09 guacd[14661]: VNC server supports protocol version 3.8 (viewer 3.8)
Feb 3 08:59:09 guacd[14661]: We have 2 security types to read
Feb 3 08:59:09 guacd[14661]: 0) Received security type 17
Feb 3 08:59:09 guacd[14661]: 1) Received security type 113
Feb 3 08:59:09 guacd[14661]: Unknown authentication scheme from VNC server: 17, 113
Feb 3 08:59:09 guacd[14661]: Connect failed. Waiting 1000ms before retrying...
Ultr@VNC 1.2.0.5 Release - Dec 2014 on Windows 10.
:-(
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by tako <co...@temple.edu>.
I'm also testing this with UltraVNC 1.2.24 on the Guacamole 1.1.0 Docker
image; doesn't seem to work. Is there any information I can provide?
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Nick Couchman <vn...@apache.org>.
On Sun, Feb 2, 2020 at 9:02 AM Vieri <re...@yahoo.com.invalid> wrote:
>
> On Saturday, February 1, 2020, 7:19:46 AM GMT+1, Nick Couchman <
> vnick@apache.org> wrote: >
> >
> > Wow, okay, well, that's interesting :-). Can you post (remind us) what
> Linux distribution you're running and what version of libvnc you have
> installed? Also, if you're
> > able, can you put guacd in debug mode and post messages from a
> successful connection, particularly around the point where the security
> protocol is negotiated?
>
> Sure, I'm running Gentoo Linux with libvnc version 0.9.12.
>
> Feb 2 14:51:25 guacd[25227]: User "@048497da-714e-45e6-868c-7ac641d8ebd1"
> joined connection "$13fc6b2c-57a3-4b4e-b35a-a8f66a6fb798" (1 users now pres
> ent)
> Feb 2 14:51:25 guacd[25227]: Client is using protocol version
> "VERSION_1_1_0"
> Feb 2 14:51:26 guacd[25227]: UltraVNC server detected, enabling UltraVNC
> specific messages
> Feb 2 14:51:26 guacd[25227]: VNC server supports protocol version 3.4
> (viewer 3.8)
> Feb 2 14:51:26 guacd[25227]: Selected Security Scheme -6
> Feb 2 14:51:26 guacd[25227]: WARNING! MSLogon security type has very low
> password encryption! Use it only with SSH tunnel or trusted network.
> Feb 2 14:51:26 guacd[25227]: VNC authentication succeeded
Well, I take back my inaccurate statement that libvnc does not support
MSLogon - clearly it does! I'm wondering if libvnc added it in a certain
version. CentOS appears to use 0.9.9, so it just could be that, since
that's my default version, I didn't see support in there for it. I'm
wondering if that's similar to what Jerry is seeing - maybe it's an older
version like CentOS uses.
-Nick
Re: VNC with AD auth
Posted by Vieri <re...@yahoo.com.INVALID>.
On Saturday, February 1, 2020, 7:19:46 AM GMT+1, Nick Couchman <vn...@apache.org> wrote: >
>
> Wow, okay, well, that's interesting :-). Can you post (remind us) what Linux distribution you're running and what version of libvnc you have installed? Also, if you're
> able, can you put guacd in debug mode and post messages from a successful connection, particularly around the point where the security protocol is negotiated?
Sure, I'm running Gentoo Linux with libvnc version 0.9.12.
Feb 2 14:51:25 guacd[25227]: User "@048497da-714e-45e6-868c-7ac641d8ebd1" joined connection "$13fc6b2c-57a3-4b4e-b35a-a8f66a6fb798" (1 users now pres
ent)
Feb 2 14:51:25 guacd[25227]: Client is using protocol version "VERSION_1_1_0"
Feb 2 14:51:26 guacd[25227]: UltraVNC server detected, enabling UltraVNC specific messages
Feb 2 14:51:26 guacd[25227]: VNC server supports protocol version 3.4 (viewer 3.8)
Feb 2 14:51:26 guacd[25227]: Selected Security Scheme -6
Feb 2 14:51:26 guacd[25227]: WARNING! MSLogon security type has very low password encryption! Use it only with SSH tunnel or trusted network.
Feb 2 14:51:26 guacd[25227]: VNC authentication succeeded
Feb 2 14:51:26 guacd[25227]: Desktop name "srv1 ( 10.1.104.11 )"
Feb 2 14:51:26 guacd[25227]: Connected to VNC server, using protocol version 3.4
Feb 2 14:51:26 guacd[25227]: VNC server default format:
Feb 2 14:51:26 guacd[25227]: 32 bits per pixel.
Feb 2 14:51:26 guacd[25227]: Least significant byte first in each pixel.
Feb 2 14:51:26 guacd[25227]: TRUE colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Jan 31, 2020 at 5:41 PM Vieri <re...@yahoo.com.invalid> wrote:
>
> On Friday, January 31, 2020, 5:42:21 PM GMT+1, jerryjungbluth <
> jerryjungbluth@gmail.com> wrote:
>
> >> Anyway, I would like to confirm that UltraVNC with MS AD authentication
> >> works great.
> >
> > Is this not saying that Guacamole worked to connect to UltraVNC using
> Active
> > Directory auth? I can't find anything that talks about UltraVNC and
> Active
> > Directory auth without it talking about MSLogon.
>
> Indeed, I can connect to an UltraVNC server, albeit quite old, but with
> the following settings (I don't know if I can send screenshots here):
>
> Security - Require MS Logon (User/Password/Domain) [Checked]
> New MS Logon (Support multiple domains) [Checked]
>
> In "Configure MS Logon Groups", I have 2 AD domain gorups listed.
>
> UltraVNC's mslogon.log shows that my domain user is authenticating (I'd
> need to check my ADs to confirm that my domain user is being validated
> there, but there's really no other way).
>
Wow, okay, well, that's interesting :-). Can you post (remind us) what
Linux distribution you're running and what version of libvnc you have
installed? Also, if you're able, can you put guacd in debug mode and post
messages from a successful connection, particularly around the point where
the security protocol is negotiated?
-Nick
Re: VNC with AD auth
Posted by Vieri <re...@yahoo.com.INVALID>.
On Friday, January 31, 2020, 5:42:21 PM GMT+1, jerryjungbluth <je...@gmail.com> wrote:
>> Anyway, I would like to confirm that UltraVNC with MS AD authentication
>> works great.
>
> Is this not saying that Guacamole worked to connect to UltraVNC using Active
> Directory auth? I can't find anything that talks about UltraVNC and Active
> Directory auth without it talking about MSLogon.
Indeed, I can connect to an UltraVNC server, albeit quite old, but with the following settings (I don't know if I can send screenshots here):
Security - Require MS Logon (User/Password/Domain) [Checked]
New MS Logon (Support multiple domains) [Checked]
In "Configure MS Logon Groups", I have 2 AD domain gorups listed.
UltraVNC's mslogon.log shows that my domain user is authenticating (I'd need to check my ADs to confirm that my domain user is being validated there, but there's really no other way).
The version is Ultr@VNC 1.0.8.2 Release - December 2009, so yes, quite old.
I can't confirm yet if Guacamole works with newer UltraVNC versions.
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by jerryjungbluth <je...@gmail.com>.
I'm afraid I don't follow.
> VNC server sends back a request for both a username and a password. This
> is *NOT* the same as MSLogon support
Agreed that username and password is not the same as MSLogon, but Viery-2
said:
> Anyway, I would like to confirm that UltraVNC with MS AD authentication
> works great.
Is this not saying that Guacamole worked to connect to UltraVNC using Active
Directory auth? I can't find anything that talks about UltraVNC and Active
Directory auth without it talking about MSLogon.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Jan 31, 2020 at 10:53 AM jerryjungbluth <je...@gmail.com>
wrote:
> Jan 30 21:47:15 mars-ubuntu guacd[9233]: VNC server supports protocol
>
version 3.8 (viewer 3.8)
> Jan 30 21:47:15 mars-ubuntu guacd[9233]: We have 2 security types to read
> Jan 30 21:47:15 mars-ubuntu guacd[9233]: 0) Received security type 17
> Jan 30 21:47:15 mars-ubuntu guacd[9233]: 1) Received security type 113
> Jan 30 21:47:15 mars-ubuntu guacd[9233]: Unknown authentication scheme from
> VNC server: 17, 113
>
This is almost certainly what is causing the failure, here. in
GUACAMOLE-514 we added support for handling situations where the VNC server
sends back a request for both a username and a password. This is *NOT* the
same as MSLogon support - this is noted in the contents of that JIRA
issue. The underlying libvnc library that we use for handling VNC support
does not support MSLogon authentication to VNC servers, so this will likely
not work in Guacamole.
-Nick
Re: VNC with AD auth
Posted by jerryjungbluth <je...@gmail.com>.
I'm also struggling with getting this going. We're using UltraVNC as well,
and have enabled MS Logon.
I built guacamole-client and guacamole-server from source (pulled this
morning from GitHub) on Ubuntu 18.04, and when I try to connect, the web
client gives the message:
The remote desktop server is currently unreachable. If the problem persists,
please notify your system administrator, or check your system logs.
Looking at journalctl, the logs from guacd are:
Jan 30 21:47:13 mars-ubuntu guacd[1720]: Creating new client for protocol
"vnc"
Jan 30 21:47:13 mars-ubuntu guacd[1720]: Connection ID is
"$6d308e74-dc49-48d3-b331-a0869b31d31f"
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Processing instruction: size
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Processing instruction: audio
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Processing instruction: video
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Processing instruction: image
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Processing instruction: timezone
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Cursor rendering: local
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "swap-red-blue" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "read-only" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "color-depth" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "dest-port" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "encodings" omitted.
Using default value of "zrle ultra copyrect hextile zlib corre rre raw".
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "autoretry" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "reverse-connect"
omitted. Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "listen-timeout" omitted.
Using default value of 5000.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "enable-audio" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "enable-sftp" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "sftp-hostname" omitted.
Using default value of "10.6.130.102".
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "sftp-port" omitted.
Using default value of "22".
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "sftp-username" omitted.
Using default value of "".
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "sftp-password" omitted.
Using default value of "".
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "sftp-passphrase"
omitted. Using default value of "".
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "sftp-root-directory"
omitted. Using default value of "/".
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter
"sftp-server-alive-interval" omitted. Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "recording-name" omitted.
Using default value of "recording".
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter
"recording-exclude-output" omitted. Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "recording-exclude-mouse"
omitted. Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "recording-include-keys"
omitted. Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "create-recording-path"
omitted. Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "disable-copy" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Parameter "disable-paste" omitted.
Using default value of 0.
Jan 30 21:47:13 mars-ubuntu guacd[9233]: User
"@23c401c7-3b40-4084-856b-74d17931984d" joined connection
"$6d308e74-dc49-48d3-b331-a0869b31d31f" (1 users now present)
Jan 30 21:47:13 mars-ubuntu guacd[9233]: Client is using protocol version
"VERSION_1_1_0"
Jan 30 21:47:15 mars-ubuntu guacd[9233]: VNC server supports protocol
version 3.8 (viewer 3.8)
Jan 30 21:47:15 mars-ubuntu guacd[9233]: We have 2 security types to read
Jan 30 21:47:15 mars-ubuntu guacd[9233]: 0) Received security type 17
Jan 30 21:47:15 mars-ubuntu guacd[9233]: 1) Received security type 113
Jan 30 21:47:15 mars-ubuntu guacd[9233]: Unknown authentication scheme from
VNC server: 17, 113
Jan 30 21:47:15 mars-ubuntu guacd[9233]: Unable to connect to VNC server.
Jan 30 21:47:15 mars-ubuntu guacd[9233]: User
"@23c401c7-3b40-4084-856b-74d17931984d" disconnected (0 users remain)
Jan 30 21:47:15 mars-ubuntu guacd[9233]: Last user of connection
"$6d308e74-dc49-48d3-b331-a0869b31d31f" disconnected
Jan 30 21:47:15 mars-ubuntu guacd[9233]: Requesting termination of client...
I'm able to connect to other computers that are running x11vnc, but am
struggling to get it working with UltraVNC (which some of our computers need
to use).
At first, I thought it was related to
https://issues.apache.org/jira/browse/GUACAMOLE-414 because, when building
on CentOS 7, I was getting a warning while compiling guacamole-server:
This version of libvncclient lacks support for TLS locking. VNC connections
that use TLS may experience instability as documented in GUACAMOLE-414
Since I had issues with upgrading libvncclient on CentOS, I tried Ubuntu
18.04, and I don't get that message anymore, but I still cannot get UltraVNC
connections to work when using MS Logon.
Vieri-2, any insight you can provide on your build environment or
configurations you've set in UltraVNC to make this work? For what it's
worth, I've manually specified the username and password in the Guacamole
web interface for VNC, not in LDAP using guacConfigParameter (I can't modify
the LDAP schema).
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Vieri <re...@yahoo.com.INVALID>.
On Sun, Jan 26, 2020, 14:22 Vieri <re...@yahoo.com.invalid> wrote:
>> Just wanted to confirm that it is not possible to connect to an AD authed VNC through Guacamole. For instance, UltraVNC can be configured to authenticate via
>> AD/LDAP instead of a single/static password. I know this is non-standard, but I'd just like to confirm that Guacamole will not support this type of VNC
>> authentication.
>
> Perhaps https://issues.apache.org/jira/browse/GUACAMOLE-514 (which has been implemented and merged to git master)?
I don't know what to say... I'm flabbergasted. You guys are simply awesome.
I guess I need both guacd and guac-client from git.
I'll test asap.
Thanks,
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Nick Couchman <ni...@gmail.com>.
On Mon, Jan 27, 2020 at 14:40 Vieri <re...@yahoo.com.invalid> wrote:
> On Monday, January 27, 2020, 2:29:10 PM GMT+1, Mike Jumper <
> mjumper@apache.org> wrote:
> >> I'm authenticating via LDAP, and I defined username=${GUAC_USERNAME}
> and password=${GUAC_PASSWORD} in my
> >> guacConfigParameter attribute.>
> >
> > Can you retrieve and send the LDIF for the user in question?
> >for the connection* in question, I mean.
>
> I'm really sorry for wasting your time. I messed up my config parameters
> in AD. I was editing the wrong object.
> Anyway, I would like to confirm that UltraVNC with MS AD authentication
> works great.
> Thank you soooo much.
>
Glad you figured it out. It’s not a waste of time - that’s what the
community is for!
-Nick
Re: VNC with AD auth
Posted by Vieri <re...@yahoo.com.INVALID>.
On Monday, January 27, 2020, 2:29:10 PM GMT+1, Mike Jumper <mj...@apache.org> wrote:
>> I'm authenticating via LDAP, and I defined username=${GUAC_USERNAME} and password=${GUAC_PASSWORD} in my
>> guacConfigParameter attribute.>
>
> Can you retrieve and send the LDIF for the user in question?
>for the connection* in question, I mean.
I'm really sorry for wasting your time. I messed up my config parameters in AD. I was editing the wrong object.
Anyway, I would like to confirm that UltraVNC with MS AD authentication works great.
Thank you soooo much.
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Mike Jumper <mj...@apache.org>.
On Mon, Jan 27, 2020, 05:17 Mike Jumper <mj...@apache.org> wrote:
> On Mon, Jan 27, 2020, 04:58 Vieri <re...@yahoo.com.invalid> wrote:
>
>> On Sun, Jan 26, 2020, 14:22 Vieri <re...@yahoo.com.invalid> wrote:
>> >> Just wanted to confirm that it is not possible to connect to an AD
>> authed VNC through Guacamole. For instance, UltraVNC can be
>> >> configured to authenticate via AD/LDAP instead of a single/static
>> password. I know this is non-standard, but I'd just like to confirm that
>> >> Guacamole will not support this type of VNC authentication.
>> >
>> > Perhaps https://issues.apache.org/jira/browse/GUACAMOLE-514 (which has
>> been implemented and merged to git master)?
>>
>> Trying it out...
>>
>> I'm authenticating via LDAP, and I defined username=${GUAC_USERNAME} and
>> password=${GUAC_PASSWORD} in my guacConfigParameter attribute.
>>
>
> Can you retrieve and send the LDIF for the user in question?
>
for the connection* in question, I mean.
- Mike
Re: VNC with AD auth
Posted by Mike Jumper <mj...@apache.org>.
On Mon, Jan 27, 2020, 04:58 Vieri <re...@yahoo.com.invalid> wrote:
> On Sun, Jan 26, 2020, 14:22 Vieri <re...@yahoo.com.invalid> wrote:
> >> Just wanted to confirm that it is not possible to connect to an AD
> authed VNC through Guacamole. For instance, UltraVNC can be
> >> configured to authenticate via AD/LDAP instead of a single/static
> password. I know this is non-standard, but I'd just like to confirm that
> >> Guacamole will not support this type of VNC authentication.
> >
> > Perhaps https://issues.apache.org/jira/browse/GUACAMOLE-514 (which has
> been implemented and merged to git master)?
>
> Trying it out...
>
> I'm authenticating via LDAP, and I defined username=${GUAC_USERNAME} and
> password=${GUAC_PASSWORD} in my guacConfigParameter attribute.
>
Can you retrieve and send the LDIF for the user in question?
- Mike
Re: VNC with AD auth
Posted by Vieri <re...@yahoo.com.INVALID>.
On Sun, Jan 26, 2020, 14:22 Vieri <re...@yahoo.com.invalid> wrote:
>> Just wanted to confirm that it is not possible to connect to an AD authed VNC through Guacamole. For instance, UltraVNC can be
>> configured to authenticate via AD/LDAP instead of a single/static password. I know this is non-standard, but I'd just like to confirm that
>> Guacamole will not support this type of VNC authentication.
>
> Perhaps https://issues.apache.org/jira/browse/GUACAMOLE-514 (which has been implemented and merged to git master)?
Trying it out...
I'm authenticating via LDAP, and I defined username=${GUAC_USERNAME} and password=${GUAC_PASSWORD} in my guacConfigParameter attribute.
However, in the guacd log I see the following:
guacd[31018]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[31018]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822
guacd[31018]: INFO: Listening on host 127.0.0.1, port 4822
guacd[31018]: INFO: Creating new client for protocol "vnc"
guacd[31018]: INFO: Connection ID is "$c1a45538-302a-4b3a-9625-c0bed633d909"
guacd[31560]: DEBUG: Processing instruction: size
guacd[31560]: DEBUG: Processing instruction: audio
guacd[31560]: DEBUG: Processing instruction: video
guacd[31560]: DEBUG: Processing instruction: image
guacd[31560]: DEBUG: Processing instruction: timezone
guacd[31560]: DEBUG: Parameter "username" omitted. Using default value of "".
guacd[31560]: DEBUG: Parameter "password" omitted. Using default value of "".
Why are these two parameters empty?
The connection fails with:
guacd[31560]: INFO: User "@2227f8e5-4c29-4915-be43-e7733c0811ba" joined connection "$c1a45538-302a-4b3a-9625-c0bed633d909" (1 users now present)
guacd[31560]: DEBUG: Client is using protocol version "VERSION_1_1_0"
guacd[31560]: INFO: Connect failed. Waiting 1000ms before retrying...
free(): double free detected in tcache 2
guacd[31018]: INFO: Connection "$c1a45538-302a-4b3a-9625-c0bed633d909" removed.
What can I try?
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: VNC with AD auth
Posted by Mike Jumper <mj...@apache.org>.
On Sun, Jan 26, 2020, 14:22 Vieri <re...@yahoo.com.invalid> wrote:
> Hi,
>
> Just wanted to confirm that it is not possible to connect to an AD authed
> VNC through Guacamole. For instance, UltraVNC can be configured to
> authenticate via AD/LDAP instead of a single/static password. I know this
> is non-standard, but I'd just like to confirm that Guacamole will not
> support this type of VNC authentication.
>
> The only bug report I've seen on the subject is this old one:
>
> https://jira.glyptodon.com/browse/GUAC-173
Perhaps https://issues.apache.org/jira/browse/GUACAMOLE-514 (which has been
implemented and merged to git master)?
- Mike