Connectivity Issue after upgrading Guacamole from 1.3 to 1.4

[Pradip Sawatkar <sa...@gmail.com>]

Hi All,

I having issue of Apache Guacamole 1.4 not getting connected to xRDP of
given connection. As i have upgraded Guacamole from 1.3 to 1.4, everything
working fine on staging but not on production. I getting error of "RDP
server closed/refused connection: Security negotiation failed (wrong
security type?)" in syslog and "Log in failed. Please reconnect and try
again." in Guacamole client consoleconsole.

Please help, if anyone of you know the solution.

--
Pradip

Re: Connectivity Issue after upgrading Guacamole from 1.3 to 1.4

[Nick Couchman <vn...@apache.org>]

On Wed, Mar 30, 2022 at 1:21 AM Pradip Sawatkar <sa...@gmail.com>
wrote:

> Thanks for suggestion Nick, issue has been resolved by creating new
> directory freerdp in /usr/sbin/.config and changed ownership with
> daemon:daemon. And everything works fine.
>
> Now i have another issue. There is SSO between Moodle as SP and Okta as
> IdP. We are trying use only one entity ID of okta to redirect SAML users
> from Moodle to Apache Guacamole for Virtual Labs. But currently things are
> not working properly.
>
> Is there any way i can use one entity ID for two SP ie one is Moodle LMS
> and second is Apache Guacamole.
>
>
I don't think you want to do this - I think you want separate entity IDs
for each service provider. While those two may live on the same server,
they should have different URLs, so you should be able to identify them by
their full URLs, including the path to each of them.

-Nick

>

Re: Connectivity Issue after upgrading Guacamole from 1.3 to 1.4

[Pradip Sawatkar <sa...@gmail.com>]

Thanks for suggestion Nick, issue has been resolved by creating new
directory freerdp in /usr/sbin/.config and changed ownership with
daemon:daemon. And everything works fine.

Now i have another issue. There is SSO between Moodle as SP and Okta as
IdP. We are trying use only one entity ID of okta to redirect SAML users
from Moodle to Apache Guacamole for Virtual Labs. But currently things are
not working properly.

Is there any way i can use one entity ID for two SP ie one is Moodle LMS
and second is Apache Guacamole.

-Pradip

On Fri, 25 Mar 2022, 9:38 pm Nick Couchman, <vn...@apache.org> wrote:

> On Fri, Mar 25, 2022 at 2:37 AM Pradip Sawatkar <
> sawatkarpradip111@gmail.com> wrote:
>
>> Hi All,
>>
>> I having issue of Apache Guacamole 1.4 not getting connected to xRDP of
>> given connection. As i have upgraded Guacamole from 1.3 to 1.4, everything
>> working fine on staging but not on production. I getting error of "RDP
>> server closed/refused connection: Security negotiation failed (wrong
>> security type?)" in syslog and "Log in failed. Please reconnect and try
>> again." in Guacamole client consoleconsole.
>>
>> Please help, if anyone of you know the solution.
>>
>>
> A couple of things to check:
> * Try adjusting the security type - I think xrdp only supports TLS (not
> NLA), so make sure it is set to that.
> * Make sure that the user running guacd has a valid home directory and has
> write access to that home directory. In 1.4, due to some FreeRDP changes,
> even if you are ignoring server certificates, the FreeRDP library checks
> for a location to write fingerprints to, and, if it doesn't exist, it fails.
> * Try checking Ignore Server Certificate and see if that fixes it - if it
> does, you'll need to make sure your certificates are trusted or that you
> add the fingerprints to the FreeRDP location.
>
> -Nick
>
>>

Re: Connectivity Issue after upgrading Guacamole from 1.3 to 1.4

[Nick Couchman <vn...@apache.org>]

On Fri, Mar 25, 2022 at 2:37 AM Pradip Sawatkar <sa...@gmail.com>
wrote:

> Hi All,
>
> I having issue of Apache Guacamole 1.4 not getting connected to xRDP of
> given connection. As i have upgraded Guacamole from 1.3 to 1.4, everything
> working fine on staging but not on production. I getting error of "RDP
> server closed/refused connection: Security negotiation failed (wrong
> security type?)" in syslog and "Log in failed. Please reconnect and try
> again." in Guacamole client consoleconsole.
>
> Please help, if anyone of you know the solution.
>
>
A couple of things to check:
* Try adjusting the security type - I think xrdp only supports TLS (not
NLA), so make sure it is set to that.
* Make sure that the user running guacd has a valid home directory and has
write access to that home directory. In 1.4, due to some FreeRDP changes,
even if you are ignoring server certificates, the FreeRDP library checks
for a location to write fingerprints to, and, if it doesn't exist, it fails.
* Try checking Ignore Server Certificate and see if that fixes it - if it
does, you'll need to make sure your certificates are trusted or that you
add the fingerprints to the FreeRDP location.

-Nick

>