You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2020/12/28 23:43:00 UTC

[jira] [Issue Comment Deleted] (GUACAMOLE-1133) VNC fails to connect to macOS

     [ https://issues.apache.org/jira/browse/GUACAMOLE-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Couchman updated GUACAMOLE-1133:
-------------------------------------
    Comment: was deleted

(was: Digging into the source code of both Guacamole and LibVNCClient a bit more, I've found a couple of things...
* This is definitely a regression due to GUACAMOLE-514 - adding support for retrieving credentials beyond just password (username + password) allows libvncclient to expand the types of VNC security it will allow, including Apple's Remote Desktop (ARD) security.
* It looks like ARD does some encryption of the credentials as they cross the wire - it basically does a key exchange with the remote server, encrypts the credentials using the key, and passes them. My guess is that something in this key exchange process is failing, resulting in the authentication failure.
* There is a short-term solution that involves setting specific authentication schemes that the Guacamole VNC client can support - something like No Auth, VNC Auth, TLS, VeNCRypt, and MSLogin, which I think all work fine with Guacamole today. However, this is just a band-aide that will disable ARD support and force a lower security level.
* The real solution is to figure out how to make ARD security work correctly, but I'm thin on details on what's actually missing from Guacamole's use of libvncclient to make this work. As far as I can tell everything *should* be there, but, clearly something is not working.)

> VNC fails to connect to macOS
> -----------------------------
>
>                 Key: GUACAMOLE-1133
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1133
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 1.2.0
>         Environment: Remote host macOS 10.15.5
> Guacamole server Raspbian GNU/Linux 10
>            Reporter: Matt Fusfield
>            Priority: Minor
>
> Since upgrading to version 1.2.0, I am unable to connect via VNC to a Mac host. The same exact configuration works with 1.1.0.
>  
> In syslog, there are entries regarding "Selecting security type 30" and then it receives back types 33, 36,2,35. Then "VNC connection failed: authentication or authorization failure"
>  
> I attempted to change config to use mac username and password, and that did not work either (on 1.1.0 the password is set to the Mac VNC password)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)