[
https://issues.apache.org/jira/browse/GUACAMOLE-774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16831986#comment-16831986
]
David Young commented on GUACAMOLE-774:
---------------------------------------
@Nick,
On 2 May I cloned/downloaded the current 1.1.0 guacamole client including
prividers, and manually added/overwrote the radius provider java code with the
files from pulled 774. I've attached them in a zip file. I then successfully
compiled with maven and copied the war files to my production CentOS server and
ran the new guacamole.war, and radius authentication and mysql jdbc providers
against my Windows 2019 Network Policy Server (i.e. radius server). Attached is
my guacamole.properties file and screen shot of Windows Server settings.
Essentially I enabled all possible connection types on Windows Server.
I also copied into the GUACAMOLE HOME directory default files/formats with no
passwords of the PKCS12 key file and CA certificates file, that were consistent
with what was required by my Windows Server for a connection. (Similar files
are used on our linux-based fortigate firewall to connect to the Windows Server
to authenticate and create VPN connections for external users.)
I then tested pap, chap, mschapv1, mschapv2, eap-ttls + pap, eal-ttls +
mschapv2 from guacamole.
The only successful connections were with pap and mschapv2.
I've attached the catalina.out log extracts for the failed connections for the
two eap-ttls configs (from restarting tomcat through to the attempted
connection).
What can I do to provide more detailed and helpful logs from my guacamole
server ?
Thanks.
[^radius 1.1.0 774 source.zip]
[^guacamole.properties]
^!Windows Network Policy Server Settings.jpg!^
[^eap-ttls pap errors log.txt]
[^eap-ttls mschapv2 errors log.txt]
-David
> RADIUS support for MS-CHAPv1 and MS-CHAPv2 fails
> ------------------------------------------------
>
> Key: GUACAMOLE-774
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-774
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-radius
> Affects Versions: 1.0.0
> Reporter: kamal_ezzaki
> Assignee: Nick Couchman
> Priority: Minor
> Attachments: Windows Network Policy Server Settings.jpg, eap-ttls
> mschapv2 errors log.txt, eap-ttls pap errors log.txt, guacamole.properties,
> radius 1.1.0 774 source.zip
>
>
> after i installed guacamole in my machine i get this error when i try to
> connect using radius
> {color:#FF0000}16:39:55 localhost server: 16:39:55.514 [http-bio-8080-exec-8]
> ERROR o.a.g.a.r.RadiusConnectionService - No such RADIUS algorithm: MD4
> MessageDigest not available{color}
> {color:#FF0000}Apr 8 16:39:55 localhost server: 16:39:55.532
> [http-bio-8080-exec-8] WARN o.a.g.r.auth.AuthenticationService -
> Authentication attempt from 192.168.234.139 for user "TestUser" failed.{color}
>
> {color:#333333}when i use pap, chap authentification it's passed , but using
> mschapv1,mschapv2 the connection doesn't passe {color}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
