You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Vincent Goubert <vg...@nomios.fr.INVALID> on 2020/08/10 10:40:41 UTC
LDAP user list is not shown in admin dashboard
Hi All,
I am requesting here some help :
I have a guacamole instance set-up on Debian 10, and connected using LDAP plugin with AD.
The authentication phase works like a charm, users list (AD) are showing in the Admin UI, but then (and for an unknown reason), all (AD) users disappear … only assigned users stays, and there is no more “LDAP” tab when editing targeted user.
I already tried to check configuration and logs, there is no error, maybe someone already saw such issue …
To confirm, I am using an admin account, and this account is also an AD admin (full rights).
Here is my conf example of guacamole.properties :
guacd-hostname: 127.0.0.1
guacd-pot: 4822
auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
#ldap-hostname: 192.168.1.1
ldap-hostname: myserver.local
ldap-port: 389
ldap-user-base-dn: CN=Users,DC=myserver,DC=local
ldap-username-attribute: sAMaccountName
ldap-config-base-dn: DC=myserver,DC=local
ldap-group-base-dn: CN=Users,DC=myserver,DC=local
ldap-encryption-method: none
ldap-search-bind-dn: CN=svc-guacusr,CN=Users,DC=myserver,DC=local
ldap-search-bind-password: mypassword-ad
ldap-follow-referrals: false
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: mypassword-mysql
Thanks in advance for your great help,
Cheers,
Vincent.
Re: LDAP user list is not shown in admin dashboard
Posted by Vincent Goubert <vg...@nomios.fr.INVALID>.
Hi Nick,
Unfortunately, changing extension order (renamed LDAP was 01-ldap.....jar and 02-mysql.....jar) did not changed the behavior, but .... changing MySQL Admin Password to a different than the LDAP one worked !
Once connected using the LDAP admin password works like a charm !
I’ll keep monitoring this, but looks great so far !
Thanks for your help,
Vincent
Re: LDAP user list is not shown in admin dashboard
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Aug 10, 2020 at 9:20 AM Vincent Goubert <vg...@nomios.fr.invalid>
wrote:
> Hi Nick,
>
>
>
> Both LDAP & Guacamole (Mysql) password are the same, do I have to make
> them different ?
>
>
>
> How do you change the extension order ? just by renaming the .jar files in
> the extension folder ?
>
>
>
Extensions are evaluated in alphabetical order, so, yes, just rename the
JAR files such that the LDAP one comes before the JDBC one.
If the passwords are the same, and the JDBC extension gets evaluated before
LDAP, authentication will succeed and the LDAP login won't be tried.
-Nick
>
Re: LDAP user list is not shown in admin dashboard
Posted by Vincent Goubert <vg...@nomios.fr.INVALID>.
Hi Nick,
Both LDAP & Guacamole (Mysql) password are the same, do I have to make them different ?
How do you change the extension order ? just by renaming the .jar files in the extension folder ?
Thanks,
Vincent
From: Nick Couchman <vn...@apache.org>
Reply to: "user@guacamole.apache.org" <us...@guacamole.apache.org>
Date: Monday 10 August 2020 at 14:38
To: "user@guacamole.apache.org" <us...@guacamole.apache.org>
Subject: Re: LDAP user list is not shown in admin dashboard
On Mon, Aug 10, 2020 at 6:40 AM Vincent Goubert <vg...@nomios.fr.invalid> wrote:
Hi All,
I am requesting here some help :
I have a guacamole instance set-up on Debian 10, and connected using LDAP plugin with AD.
The authentication phase works like a charm, users list (AD) are showing in the Admin UI, but then (and for an unknown reason), all (AD) users disappear … only assigned users stays, and there is no more “LDAP” tab when editing targeted user.
I already tried to check configuration and logs, there is no error, maybe someone already saw such issue …
To confirm, I am using an admin account, and this account is also an AD admin (full rights).
Are you logging in with this account with the LDAP password? Generally when this happens it is because you are logging in with a password that succeeds in authenticating to Guacamole, but either does not try to authenticate to LDAP or fails LDAP authentication.
Things to try:
- Reorder your authentication extensions (by renaming) such that the LDAP module is loaded and evaluated before the JDBC module.
- Verify the password you're using to log in is the current password for the LDAP account.
-Nick
Re: LDAP user list is not shown in admin dashboard
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Aug 10, 2020 at 6:40 AM Vincent Goubert <vg...@nomios.fr.invalid>
wrote:
> Hi All,
>
>
>
> I am requesting here some help :
>
>
>
> I have a guacamole instance set-up on Debian 10, and connected using LDAP
> plugin with AD.
>
>
>
> The authentication phase works like a charm, users list (AD) are showing
> in the Admin UI, but then (and for an unknown reason), all (AD) users
> disappear … only assigned users stays, and there is no more “LDAP” tab when
> editing targeted user.
>
>
>
> I already tried to check configuration and logs, there is no error, maybe
> someone already saw such issue …
>
>
>
> To confirm, I am using an admin account, and this account is also an AD
> admin (full rights).
>
>
>
Are you logging in with this account with the LDAP password? Generally
when this happens it is because you are logging in with a password that
succeeds in authenticating to Guacamole, but either does not try to
authenticate to LDAP or fails LDAP authentication.
Things to try:
- Reorder your authentication extensions (by renaming) such that the LDAP
module is loaded and evaluated before the JDBC module.
- Verify the password you're using to log in is the current password for
the LDAP account.
-Nick
>
Re: LDAP user list is not shown in admin dashboard
Posted by Henri Alves de Godoy <he...@fca.unicamp.br.INVALID>.
Hi Vincent,
This happened to me when I was connecting with the mysql guacadmin user and
not the LDAP guacadmin
I had to differentiate passwords to realize this preference for guacamole
in authenticating with mysql first.
Try this test.
Att,
Henri.
Em seg., 10 de ago. de 2020 às 07:40, Vincent Goubert <vg...@nomios.fr.invalid>
escreveu:
> Hi All,
>
>
>
> I am requesting here some help :
>
>
>
> I have a guacamole instance set-up on Debian 10, and connected using LDAP
> plugin with AD.
>
>
>
> The authentication phase works like a charm, users list (AD) are showing
> in the Admin UI, but then (and for an unknown reason), all (AD) users
> disappear … only assigned users stays, and there is no more “LDAP” tab when
> editing targeted user.
>
>
>
> I already tried to check configuration and logs, there is no error, maybe
> someone already saw such issue …
>
>
>
> To confirm, I am using an admin account, and this account is also an AD
> admin (full rights).
>
>
>
> Here is my conf example of guacamole.properties :
>
>
>
> guacd-hostname: 127.0.0.1
>
> guacd-pot: 4822
>
>
>
> auth-provider:
> net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
>
>
>
> #ldap-hostname: 192.168.1.1
>
> ldap-hostname: myserver.local
>
> ldap-port: 389
>
> ldap-user-base-dn: CN=Users,DC=myserver,DC=local
>
> ldap-username-attribute: sAMaccountName
>
> ldap-config-base-dn: DC=myserver,DC=local
>
> ldap-group-base-dn: CN=Users,DC=myserver,DC=local
>
> ldap-encryption-method: none
>
> ldap-search-bind-dn: CN=svc-guacusr,CN=Users,DC=myserver,DC=local
>
> ldap-search-bind-password: mypassword-ad
>
> ldap-follow-referrals: false
>
>
>
> mysql-hostname: localhost
>
> mysql-port: 3306
>
> mysql-database: guacamole_db
>
> mysql-username: guacamole_user
>
> mysql-password: mypassword-mysql
>
>
>
> Thanks in advance for your great help,
>
> Cheers,
>
> Vincent.
>
>
>
--
--
Henri Alves Godoy
Tecnologia da Informação e Comunicação
Faculdade de Ciências Aplicadas - FCA
Universidade Estadual de Campinas - UNICAMP
Fone: (19) 3701-6682