You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mirek Malinowski (Jira)" <ji...@apache.org> on 2021/02/25 15:00:00 UTC

[jira] [Commented] (GUACAMOLE-1212) Support 2FA Directly in LDAP Extension

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17290969#comment-17290969 ] 

Mirek Malinowski commented on GUACAMOLE-1212:
---------------------------------------------

I can confirm the latest official builds still have this issue. Do you have nightly docker builds. I'm happy to do some testing.

> Support 2FA Directly in LDAP Extension
> --------------------------------------
>
>                 Key: GUACAMOLE-1212
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1212
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-ldap
>            Reporter: Brett Smith
>            Priority: Minor
>
> I'm using FreeIPA in my environment. I have guacamole-auth-ldap enabled and configured and it works fine for users who do not have 2FA enabled. For our users with 2FA enabled, we are using TOTP tokens provided by FreeIPA.
> When investigating a tcpdump between guacamole and the LDAP server, I can see that guacamole passes the username and password to the LDAP server twice. This works fine for a traditional username and password, but for a 2FA-enabled user, the second authentication attempt returns failure since the TOTP is one-time use. 2FA login attempts result in the guacamole logs outputting "successfully authenticated" while the web UI shows "Invalid Login" in a red banner.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)