VNC/RDP connection fail (Invalid Credentials?)

[Jarek Millburg <Ja...@eurofinsEAG.com>]

Hello there,

I am working on a new custom web application and am implementing guacamole for a VNC and RDP connections to many target machines. My system takes input from a user to let the system know what IP address to connect to and what credentials they have.

I do not use a user-mapping.xml file as we have hundreds of target machines throughout our network so we prompt the user for all information needed to make the connection. When we test without the use of a password it makes the connection and then prompts the user within the VNC/RDP connection to sign into the target machine. If we include the password with the credentials entered by a user then it fails to establish the connection and disconnects. Checking the logs the only info I find is that it was refused based on Authentication Failure (Invalid Credentials?).

We know the account information is correct for the machine we are accessing so wondering if anyone has any thoughts or input on what we could possibly be doing wrong.

P.S. Most code is based off the Skeleton code provided here : Writing your own Guacamole application - Apache Guacamole Manual v1.4.0<https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html>

Jarek Millburg, M.S.
Application Analyst

Eurofins | EAG Laboratories
2672 Metro Blvd.
Maryland Heights, MO 63043
USA

Email: JarekMillburg@eurofinsEAG.com<ma...@eurofinsEAG.com>
Website: eurofinsEAG.com

RE: VNC/RDP connection fail (Invalid Credentials?)

[Jarek Millburg <Ja...@eurofinsEAG.com>]

We are creating our own custom application as it is site used internally that has other uses but needs to have the VNC/RDP capabilities within the web application. The application makes the connection no problem when we do not send full credentials with the tunnel connection but when we include a password parameter it refuses the connection even when the username and password are correct.

Jarek Millburg, M.S.
Application Analyst

Eurofins | EAG Laboratories
2672 Metro Blvd.
Maryland Heights, MO 63043
USA

Email: JarekMillburg@eurofinsEAG.com<ma...@eurofinsEAG.com>
Website: eurofinsEAG.com

From: Nick Couchman <vn...@apache.org>
Sent: Monday, June 27, 2022 11:13 AM
To: user@guacamole.apache.org
Subject: Re: VNC/RDP connection fail (Invalid Credentials?)

CAUTION: This email originated from outside of EAG. Do not click links or open attachments unless you recognize the sender and know the content is safe.

On Mon, Jun 27, 2022 at 11:16 AM Jarek Millburg <Ja...@eurofinseag.com>> wrote:
Hello there,

I am working on a new custom web application and am implementing guacamole for a VNC and RDP connections to many target machines. My system takes input from a user to let the system know what IP address to connect to and what credentials they have.

I do not use a user-mapping.xml file as we have hundreds of target machines throughout our network so we prompt the user for all information needed to make the connection. When we test without the use of a password it makes the connection and then prompts the user within the VNC/RDP connection to sign into the target machine. If we include the password with the credentials entered by a user then it fails to establish the connection and disconnects. Checking the logs the only info I find is that it was refused based on Authentication Failure (Invalid Credentials?).

We know the account information is correct for the machine we are accessing so wondering if anyone has any thoughts or input on what we could possibly be doing wrong.

P.S. Most code is based off the Skeleton code provided here : Writing your own Guacamole application — Apache Guacamole Manual v1.4.0<https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html>


A couple of questions for you:
1) Is there a specific reason you're writing your own web application aside from wanting the users to be able to enter the connection information? If the only reason you're writing a custom app is because you don't want to pre-create all of the connections, in user-mapping.xml, JDBC, or LDAP, then maybe instead of writing an entire separate web application it would be better to just use a difference authentication extension - either use the Quick Connect module, which allows for entering URIs (e.g. vnc://192.168.1.100:5900<http://192.168.1.100:5900>), or write your own module that would allow users to enter that information.
2) Even if you decide to write a custom application, you can test to make sure that the stock Guacamole Client is able to connect and authenticate correctly, which would help you establish where the issue actually is (custom app vs. Guacamole core components).

-Nick

Re: VNC/RDP connection fail (Invalid Credentials?)

[Nick Couchman <vn...@apache.org>]

On Mon, Jun 27, 2022 at 11:16 AM Jarek Millburg <
JarekMillburg@eurofinseag.com> wrote:

> Hello there,
>
>
>
> I am working on a new custom web application and am implementing guacamole
> for a VNC and RDP connections to many target machines. My system takes
> input from a user to let the system know what IP address to connect to and
> what credentials they have.
>
>
>
> I do not use a user-mapping.xml file as we have hundreds of target
> machines throughout our network so we prompt the user for all information
> needed to make the connection. When we test without the use of a password
> it makes the connection and then prompts the user within the VNC/RDP
> connection to sign into the target machine. If we include the password with
> the credentials entered by a user then it fails to establish the connection
> and disconnects. Checking the logs the only info I find is that it was
> refused based on Authentication Failure (Invalid Credentials?).
>
>
>
> We know the account information is correct for the machine we are
> accessing so wondering if anyone has any thoughts or input on what we could
> possibly be doing wrong.
>
>
>
> P.S. Most code is based off the Skeleton code provided here : Writing
> your own Guacamole application — Apache Guacamole Manual v1.4.0
> <https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html>
>
>
>

A couple of questions for you:
1) Is there a specific reason you're writing your own web application aside
from wanting the users to be able to enter the connection information? If
the only reason you're writing a custom app is because you don't want to
pre-create all of the connections, in user-mapping.xml, JDBC, or LDAP, then
maybe instead of writing an entire separate web application it would be
better to just use a difference authentication extension - either use the
Quick Connect module, which allows for entering URIs (e.g. vnc://
192.168.1.100:5900), or write your own module that would allow users to
enter that information.
2) Even if you decide to write a custom application, you can test to make
sure that the stock Guacamole Client is able to connect and authenticate
correctly, which would help you establish where the issue actually is
(custom app vs. Guacamole core components).

-Nick

>