[jira] [Commented] (GUACAMOLE-919) An I/O error occurred while sending to the backend
[ https://issues.apache.org/jira/browse/GUACAMOLE-919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17024126#comment-17024126 ] Mike Jumper commented on GUACAMOLE-919: --- It's also possible there may be a way to configure the connection pool to attempt to keep the connections alive with more frequent pings. It may be that the database is timing out large numbers of connections within the pool, causing delays and errors when attempts to query the database end up needing to iterate through the entire pool of dead connections before it's finally emptied and new connections are created. I don't see this in my own deployment, which uses PostgreSQL, but there may be (uncommon?) configuration or environmental differences that cause this to occur. > An I/O error occurred while sending to the backend > -- > > Key: GUACAMOLE-919 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-919 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-jdbc-postgresql >Affects Versions: 1.0.0 >Reporter: Mechanix >Assignee: Nick Couchman >Priority: Minor > Attachments: image-2020-01-27-15-19-26-634.png > > > Hi, > we use guacamole with postgresql and openid extension. Guacamole and guacd is > deployed inside a k8s cluster. > For some reason, the authentication doesn't succeed sporadically; there is > only a blank page and this error message in the guacamole log: > *[pool-1-thread-1] WARN o.a.i.d.pooled.PooledDataSource - Execution of ping > query 'SELECT 1' failed: An I/O error occurred while sending to the backend.* > I suspect there is a weird timeout happening between guacamole and postgresql > but could figure out why. > Any hints are much appreciated. Thanks > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (GUACAMOLE-919) An I/O error occurred while sending to the backend
[ https://issues.apache.org/jira/browse/GUACAMOLE-919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Couchman updated GUACAMOLE-919: Priority: Minor (was: Major) > An I/O error occurred while sending to the backend > -- > > Key: GUACAMOLE-919 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-919 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-jdbc-postgresql >Affects Versions: 1.0.0 >Reporter: Mechanix >Assignee: Nick Couchman >Priority: Minor > Attachments: image-2020-01-27-15-19-26-634.png > > > Hi, > we use guacamole with postgresql and openid extension. Guacamole and guacd is > deployed inside a k8s cluster. > For some reason, the authentication doesn't succeed sporadically; there is > only a blank page and this error message in the guacamole log: > *[pool-1-thread-1] WARN o.a.i.d.pooled.PooledDataSource - Execution of ping > query 'SELECT 1' failed: An I/O error occurred while sending to the backend.* > I suspect there is a weird timeout happening between guacamole and postgresql > but could figure out why. > Any hints are much appreciated. Thanks > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (GUACAMOLE-919) An I/O error occurred while sending to the backend
[ https://issues.apache.org/jira/browse/GUACAMOLE-919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Couchman reassigned GUACAMOLE-919: --- Assignee: Nick Couchman > An I/O error occurred while sending to the backend > -- > > Key: GUACAMOLE-919 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-919 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-jdbc-postgresql >Affects Versions: 1.0.0 >Reporter: Mechanix >Assignee: Nick Couchman >Priority: Major > Attachments: image-2020-01-27-15-19-26-634.png > > > Hi, > we use guacamole with postgresql and openid extension. Guacamole and guacd is > deployed inside a k8s cluster. > For some reason, the authentication doesn't succeed sporadically; there is > only a blank page and this error message in the guacamole log: > *[pool-1-thread-1] WARN o.a.i.d.pooled.PooledDataSource - Execution of ping > query 'SELECT 1' failed: An I/O error occurred while sending to the backend.* > I suspect there is a weird timeout happening between guacamole and postgresql > but could figure out why. > Any hints are much appreciated. Thanks > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-919) An I/O error occurred while sending to the backend
[ https://issues.apache.org/jira/browse/GUACAMOLE-919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17024123#comment-17024123 ] Nick Couchman commented on GUACAMOLE-919: - [~mechanix] [~DouglasHeriot]: Hey, guys, While I do not doubt that you're running into problems, I do not believe the issues you are seeing are a bug in the Guacamole code. I think it's much more likely that they occur somewhere in the JDBC code, and are due to timeout and/or latency issues within the JDBC connections. This seems particularly likely based on [~DouglasHeriot]'s information about the DB being hosted over a DX link between an on-premise install of Guacamole Client (Tomcat) and a cloud-hosted database. That said, it seems like the best course of action would be to re-classify this as a feature request for the ability to configure the JDBC timeout. It looks like the MyBastis code (what handles much of Guacamole Client's JDBC support) allows you to configure timeouts in various ways, and this might help situations where the database is slower to respond than is normally expected. I'll try to see if I can reproduce the issues you are seeing, and put together a PR that you can try out that allows for configuring one or more timeout values. > An I/O error occurred while sending to the backend > -- > > Key: GUACAMOLE-919 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-919 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-jdbc-postgresql >Affects Versions: 1.0.0 >Reporter: Mechanix >Priority: Major > Attachments: image-2020-01-27-15-19-26-634.png > > > Hi, > we use guacamole with postgresql and openid extension. Guacamole and guacd is > deployed inside a k8s cluster. > For some reason, the authentication doesn't succeed sporadically; there is > only a blank page and this error message in the guacamole log: > *[pool-1-thread-1] WARN o.a.i.d.pooled.PooledDataSource - Execution of ping > query 'SELECT 1' failed: An I/O error occurred while sending to the backend.* > I suspect there is a weird timeout happening between guacamole and postgresql > but could figure out why. > Any hints are much appreciated. Thanks > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-941) Automate Adding Admin to Bastion stepping stone
[ https://issues.apache.org/jira/browse/GUACAMOLE-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17024084#comment-17024084 ] Nick Couchman commented on GUACAMOLE-941: - [~hardik03]: It looks like, rather than reporting an issue with the project, which is what JIRA is intended for, you are trying to get help with using a component of the system. JIRA is not intended to be a general help forum, but a place to report issues and request features. Please post your question to the mailing list so that the community can help you out. It's a little unclear what you're trying to do, so when you do post to the mailing list, try to be a little more detailed and specific about what your end-goal is, what you've tried, what errors you've received, etc. > Automate Adding Admin to Bastion stepping stone > --- > > Key: GUACAMOLE-941 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-941 > Project: Guacamole > Issue Type: Wish > Components: guacamole >Affects Versions: 1.0.0 >Reporter: Hardik Shah >Priority: Trivial > > Hello All, > I am trying to automate ID creation on Bastion stepping stone / Guacamole > using Native API. Unfortunately not succeeded. > Can you guide me to which API to use and how to automate ID creation on > Bastion stepping stone, Create profile and adding server to use profile. > > Thanks, > Hardik Shah -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (GUACAMOLE-941) Automate Adding Admin to Bastion stepping stone
[ https://issues.apache.org/jira/browse/GUACAMOLE-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Couchman updated GUACAMOLE-941: Priority: Trivial (was: Major) > Automate Adding Admin to Bastion stepping stone > --- > > Key: GUACAMOLE-941 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-941 > Project: Guacamole > Issue Type: Wish > Components: guacamole >Affects Versions: 1.0.0 >Reporter: Hardik Shah >Priority: Trivial > > Hello All, > I am trying to automate ID creation on Bastion stepping stone / Guacamole > using Native API. Unfortunately not succeeded. > Can you guide me to which API to use and how to automate ID creation on > Bastion stepping stone, Create profile and adding server to use profile. > > Thanks, > Hardik Shah -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (GUACAMOLE-941) Automate Adding Admin to Bastion stepping stone
Hardik Shah created GUACAMOLE-941: - Summary: Automate Adding Admin to Bastion stepping stone Key: GUACAMOLE-941 URL: https://issues.apache.org/jira/browse/GUACAMOLE-941 Project: Guacamole Issue Type: Wish Components: guacamole Affects Versions: 1.0.0 Reporter: Hardik Shah Hello All, I am trying to automate ID creation on Bastion stepping stone / Guacamole using Native API. Unfortunately not succeeded. Can you guide me to which API to use and how to automate ID creation on Bastion stepping stone, Create profile and adding server to use profile. Thanks, Hardik Shah -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-919) An I/O error occurred while sending to the backend
[
https://issues.apache.org/jira/browse/GUACAMOLE-919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17024076#comment-17024076
]
Douglas Heriot commented on GUACAMOLE-919:
--
[~mechanix] I have exactly this issue too! In our case we're running guacamole
inside Docker on an on-prem ESXI cluster. Postgres is hosted in AWS RDS
connected over AWS Direct Connect. We use the openid plugin for auth against
Microsoft365.
Same symptoms - get the WARN about SELECT 1 failing, and then {{ DEBUG
o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection {color:#ff}*(blank
page - browser refresh page)*{color}}}
The fix has been to manually reboot guacamole-client when this happens (not
fun).
We're running a recent build of 1.1.0, and will update to the 1.1.0 RC1 now.
There's a pretty error message that comes up:
!image-2020-01-27-15-19-26-634.png|width=446,height=174!
I've noticed in the web inspector that it's specifically the API call to
/api/tokens that's timing out.
> An I/O error occurred while sending to the backend
> --
>
> Key: GUACAMOLE-919
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-919
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-jdbc-postgresql
>Affects Versions: 1.0.0
>Reporter: Mechanix
>Priority: Major
> Attachments: image-2020-01-27-15-19-26-634.png
>
>
> Hi,
> we use guacamole with postgresql and openid extension. Guacamole and guacd is
> deployed inside a k8s cluster.
> For some reason, the authentication doesn't succeed sporadically; there is
> only a blank page and this error message in the guacamole log:
> *[pool-1-thread-1] WARN o.a.i.d.pooled.PooledDataSource - Execution of ping
> query 'SELECT 1' failed: An I/O error occurred while sending to the backend.*
> I suspect there is a weird timeout happening between guacamole and postgresql
> but could figure out why.
> Any hints are much appreciated. Thanks
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (GUACAMOLE-919) An I/O error occurred while sending to the backend
[ https://issues.apache.org/jira/browse/GUACAMOLE-919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Douglas Heriot updated GUACAMOLE-919: - Attachment: image-2020-01-27-15-19-26-634.png > An I/O error occurred while sending to the backend > -- > > Key: GUACAMOLE-919 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-919 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-jdbc-postgresql >Affects Versions: 1.0.0 >Reporter: Mechanix >Priority: Major > Attachments: image-2020-01-27-15-19-26-634.png > > > Hi, > we use guacamole with postgresql and openid extension. Guacamole and guacd is > deployed inside a k8s cluster. > For some reason, the authentication doesn't succeed sporadically; there is > only a blank page and this error message in the guacamole log: > *[pool-1-thread-1] WARN o.a.i.d.pooled.PooledDataSource - Execution of ping > query 'SELECT 1' failed: An I/O error occurred while sending to the backend.* > I suspect there is a weird timeout happening between guacamole and postgresql > but could figure out why. > Any hints are much appreciated. Thanks > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (GUACAMOLE-940) guacd docker | screen recorder - inserting path that mount by volume in docker break the connection
[ https://issues.apache.org/jira/browse/GUACAMOLE-940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Jumper closed GUACAMOLE-940. - Resolution: Invalid > guacd docker | screen recorder - inserting path that mount by volume in > docker break the connection > --- > > Key: GUACAMOLE-940 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-940 > Project: Guacamole > Issue Type: Bug > Components: guacd-docker >Affects Versions: 1.1.0 >Reporter: Yossi Kishik >Priority: Minor > Labels: docker > Attachments: image-2020-01-26-22-52-05-170.png > > > Hi, > guacd version: 1.1.0-RC1 > > i mounted /tmp directory in guacd to folder in the host. > once i choose in guacamole in screen recorder config that the path is "/tmp" > it's break the connection and guacamole report that "the connection to guacd > is timed out" > if i choose another folder that not mount- it works perfectly. > can you please take a look? > BTW- it reproduced also on 1.0.0 > > docker run: > docker run -ti -v /mnt/lol/guacamole_session_logs/:/tmp/ --name guacd -d > guacamole/guacd:1.1.0-RC1 > > guacamole config: > !image-2020-01-26-22-52-05-170.png! -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-940) guacd docker | screen recorder - inserting path that mount by volume in docker break the connection
[
https://issues.apache.org/jira/browse/GUACAMOLE-940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17023945#comment-17023945
]
Mike Jumper commented on GUACAMOLE-940:
---
{quote}
BTW- it reproduced also on 1.0.0
{quote}
Definitely not a regression if the same behavior is seen in 1.0.0.
Testing this myself, I don't see the same behavior. My expectation is that the
docker process is being denied permission to write into the directory you've
mounted. I don't believe this is a bug in Guacamole nor in the image, but
rather an issue in the way that you've set up your deployment which you will
need to correct.
If you come to the mailing list as Nick suggests, the community should be able
to help troubleshoot. Be sure to check your guacd logs and include anything
logged when you reproduce the failure.
> guacd docker | screen recorder - inserting path that mount by volume in
> docker break the connection
> ---
>
> Key: GUACAMOLE-940
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-940
> Project: Guacamole
> Issue Type: Bug
> Components: guacd-docker
>Affects Versions: 1.1.0
>Reporter: Yossi Kishik
>Priority: Minor
> Labels: docker
> Attachments: image-2020-01-26-22-52-05-170.png
>
>
> Hi,
> guacd version: 1.1.0-RC1
>
> i mounted /tmp directory in guacd to folder in the host.
> once i choose in guacamole in screen recorder config that the path is "/tmp"
> it's break the connection and guacamole report that "the connection to guacd
> is timed out"
> if i choose another folder that not mount- it works perfectly.
> can you please take a look?
> BTW- it reproduced also on 1.0.0
>
> docker run:
> docker run -ti -v /mnt/lol/guacamole_session_logs/:/tmp/ --name guacd -d
> guacamole/guacd:1.1.0-RC1
>
> guacamole config:
> !image-2020-01-26-22-52-05-170.png!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (GUACAMOLE-912) Fix Guacamole Docker Documentation to indiciate image does not support LDAP Docker Links
[
https://issues.apache.org/jira/browse/GUACAMOLE-912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman updated GUACAMOLE-912:
Fix Version/s: (was: 1.0.0)
> Fix Guacamole Docker Documentation to indiciate image does not support LDAP
> Docker Links
>
>
> Key: GUACAMOLE-912
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-912
> Project: Guacamole
> Issue Type: Bug
> Components: Documentation
>Affects Versions: 1.0.0
>Reporter: Joe Adams
>Priority: Trivial
>
> Fix Guacamole Docker Documentation to indiciate image does not support Docker
> Links.
>
> The documentation which is published at
> [https://guacamole.apache.org/doc/gug/guacamole-docker.html#guacamole-docker-ldap]
> states
> {quote}To use Guacamole with the LDAP authentication backend, you will need
> network access to an LDAP directory. Unlike MySQL and PostgreSQL, the
> Guacamole Docker image does support Docker links for LDAP; the connection
> information must be specified using environment variables:{quote}
> This should be (without the added emphasis)
> {quote}To use Guacamole with the LDAP authentication backend, you will need
> network access to an LDAP directory. Unlike MySQL and PostgreSQL, the
> Guacamole Docker image does *not* support Docker links for LDAP; the
> connection information must be specified using environment variables:{quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-940) guacd docker | screen recorder - inserting path that mount by volume in docker break the connection
[ https://issues.apache.org/jira/browse/GUACAMOLE-940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17023937#comment-17023937 ] Nick Couchman commented on GUACAMOLE-940: - [~yossikishik]: I understand that you're reporting what might appear to be a regression in the Guacamole behavior for screen recording in the upcoming 1.1.0 release. Thanks for testing this release and reporting an issue. In the future it might be better to start this conversation on the mailing list so that we can confirm the presence of an issue before opening a JIRA issue for it. That said, in order to track this down any further, we'll need to get you to enable verbose logging for guacd (which should be doable via the proper Docker variable, and paste the log output so that we can see why guacd is failing. > guacd docker | screen recorder - inserting path that mount by volume in > docker break the connection > --- > > Key: GUACAMOLE-940 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-940 > Project: Guacamole > Issue Type: Bug > Components: guacd-docker >Affects Versions: 1.1.0 >Reporter: Yossi Kishik >Priority: Minor > Labels: docker > Attachments: image-2020-01-26-22-52-05-170.png > > > Hi, > guacd version: 1.1.0-RC1 > > i mounted /tmp directory in guacd to folder in the host. > once i choose in guacamole in screen recorder config that the path is "/tmp" > it's break the connection and guacamole report that "the connection to guacd > is timed out" > if i choose another folder that not mount- it works perfectly. > can you please take a look? > BTW- it reproduced also on 1.0.0 > > docker run: > docker run -ti -v /mnt/lol/guacamole_session_logs/:/tmp/ --name guacd -d > guacamole/guacd:1.1.0-RC1 > > guacamole config: > !image-2020-01-26-22-52-05-170.png! -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (GUACAMOLE-940) guacd docker | screen recorder - inserting path that mount by volume in docker break the connection
[ https://issues.apache.org/jira/browse/GUACAMOLE-940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Couchman updated GUACAMOLE-940: Fix Version/s: (was: 1.1.0) > guacd docker | screen recorder - inserting path that mount by volume in > docker break the connection > --- > > Key: GUACAMOLE-940 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-940 > Project: Guacamole > Issue Type: Bug > Components: guacd-docker >Affects Versions: 1.1.0 >Reporter: Yossi Kishik >Priority: Minor > Labels: docker > Attachments: image-2020-01-26-22-52-05-170.png > > > Hi, > guacd version: 1.1.0-RC1 > > i mounted /tmp directory in guacd to folder in the host. > once i choose in guacamole in screen recorder config that the path is "/tmp" > it's break the connection and guacamole report that "the connection to guacd > is timed out" > if i choose another folder that not mount- it works perfectly. > can you please take a look? > BTW- it reproduced also on 1.0.0 > > docker run: > docker run -ti -v /mnt/lol/guacamole_session_logs/:/tmp/ --name guacd -d > guacamole/guacd:1.1.0-RC1 > > guacamole config: > !image-2020-01-26-22-52-05-170.png! -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (GUACAMOLE-940) guacd docker | screen recorder - inserting path that mount by volume in docker break the connection
[ https://issues.apache.org/jira/browse/GUACAMOLE-940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Couchman updated GUACAMOLE-940: Priority: Minor (was: Major) > guacd docker | screen recorder - inserting path that mount by volume in > docker break the connection > --- > > Key: GUACAMOLE-940 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-940 > Project: Guacamole > Issue Type: Bug > Components: guacd-docker >Affects Versions: 1.1.0 >Reporter: Yossi Kishik >Priority: Minor > Labels: docker > Fix For: 1.1.0 > > Attachments: image-2020-01-26-22-52-05-170.png > > > Hi, > guacd version: 1.1.0-RC1 > > i mounted /tmp directory in guacd to folder in the host. > once i choose in guacamole in screen recorder config that the path is "/tmp" > it's break the connection and guacamole report that "the connection to guacd > is timed out" > if i choose another folder that not mount- it works perfectly. > can you please take a look? > BTW- it reproduced also on 1.0.0 > > docker run: > docker run -ti -v /mnt/lol/guacamole_session_logs/:/tmp/ --name guacd -d > guacamole/guacd:1.1.0-RC1 > > guacamole config: > !image-2020-01-26-22-52-05-170.png! -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (GUACAMOLE-940) guacd docker | screen recorder - inserting path that mount by volume in docker break the connection
Yossi Kishik created GUACAMOLE-940: -- Summary: guacd docker | screen recorder - inserting path that mount by volume in docker break the connection Key: GUACAMOLE-940 URL: https://issues.apache.org/jira/browse/GUACAMOLE-940 Project: Guacamole Issue Type: Bug Components: guacd-docker Affects Versions: 1.1.0 Reporter: Yossi Kishik Fix For: 1.1.0 Attachments: image-2020-01-26-22-52-05-170.png Hi, guacd version: 1.1.0-RC1 i mounted /tmp directory in guacd to folder in the host. once i choose in guacamole in screen recorder config that the path is "/tmp" it's break the connection and guacamole report that "the connection to guacd is timed out" if i choose another folder that not mount- it works perfectly. can you please take a look? BTW- it reproduced also on 1.0.0 docker run: docker run -ti -v /mnt/lol/guacamole_session_logs/:/tmp/ --name guacd -d guacamole/guacd:1.1.0-RC1 guacamole config: !image-2020-01-26-22-52-05-170.png! -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (GUACAMOLE-792) Radius Provider returns Group - like LDAP Provider
[ https://issues.apache.org/jira/browse/GUACAMOLE-792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Young updated GUACAMOLE-792: -- Affects Version/s: 1.1.0 Description: This Improvement would reduce admin for those of us who use Radius for authentication against a Directory (in our case Microsoft Active Directory) with a database provider that will be using Groups to mange connections, if Groups could be used somehow. One possibility... Radius Servers could be configured to return a Group name that matches a Group in the database, by using the RADIUS Vendor-Specific attribute, set to the desired Group name for that Server authentication rule. In this wishful scenario the Radius provider would treat the Group name in the same way the LDAP provider now appears to be doing with the resolution of issue 715. Another possibility... a property in guacamole.properties to tell guacamole that authentication by both the radius and ldap modules is required. This would ensure LDAP Group name retrieval after successful authentication by both the radius and ldap mdules. (In our case, we need to use Radius instead of LDAP because of the requirement to use MFA.) [https://tools.ietf.org/html/rfc2865#page-47] Implies addition of guacamole.properties entries for the vendor-id and type. was: This Improvement would reduce admin for those of us who use Radius for authentication against a Directory (in our case Microsoft Active Directory) with a database provider that will be using Groups to mange connections, if Groups could be used somehow. One possibility... Radius Servers could be configured to return a Group name that matches a Group in the database, by using the RADIUS Vendor-Specific attribute, set to the desired Group name for that Server authentication rule. In this wishful scenario the Radius provider would treat the Group name in the same way the LDAP provider now appears to be doing with the resolution of issue 715. (In our case, we need to use Radius instead of LDAP because of the requirement to use MFA.) [https://tools.ietf.org/html/rfc2865#page-47] Implies addition of guacamole.properties entries for the vendor-id and type. > Radius Provider returns Group - like LDAP Provider > -- > > Key: GUACAMOLE-792 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-792 > Project: Guacamole > Issue Type: Improvement > Components: guacamole-auth-radius >Affects Versions: 1.0.0, 1.1.0 >Reporter: David Young >Priority: Minor > Labels: features > > This Improvement would reduce admin for those of us who use Radius for > authentication > against a Directory (in our case Microsoft Active Directory) with a database > provider that will be using Groups to mange connections, if Groups could be > used somehow. > One possibility... > Radius Servers could be configured to return a Group name that matches a > Group in the database, by using the RADIUS Vendor-Specific attribute, set to > the desired Group name for that Server authentication rule. > In this wishful scenario the Radius provider would treat the Group name in > the same way the LDAP provider now appears to be doing with the resolution > of issue 715. > Another possibility... > a property in guacamole.properties to tell guacamole that authentication by > both the radius and ldap modules is required. This would ensure LDAP Group > name retrieval after successful authentication by both the radius and ldap > mdules. > (In our case, we need to use Radius instead of LDAP because of the > requirement to use MFA.) > [https://tools.ietf.org/html/rfc2865#page-47] > Implies addition of guacamole.properties entries for the vendor-id and type. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (GUACAMOLE-938) Referral following fails when enabled for LDAP
[
https://issues.apache.org/jira/browse/GUACAMOLE-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper resolved GUACAMOLE-938.
---
Resolution: Fixed
> Referral following fails when enabled for LDAP
> --
>
> Key: GUACAMOLE-938
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-938
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
>Affects Versions: 1.0.0, 1.1.0
>Reporter: Mike Jumper
>Assignee: Mike Jumper
>Priority: Critical
> Fix For: 1.1.0
>
>
> When the {{ldap-follow-referrals}} property is set to {{true}}, it is
> expected that LDAP searches performed by Guacamole will automatically follow
> any received referrals. This occurs, but only partially, with the LDAP
> support not actually initiating an LDAP bind for connections related to
> referrals. Lacking a bind, LDAP servers will tend to refuse the attempt to
> search, and the referral fails.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
