RE: Guacamole audio redirection issue

[Asbern]

Okay will try to implement that and let you know the output, thanks for the help

 

Best Regards,
A. Asbern

 

From: Marko Nikolić [mailto:marko.nikolic...@gmail.com] 
Sent: Thursday, April 05, 2018 9:46 PM
To: user@guacamole.apache.org
Subject: Re: Guacamole audio redirection issue

 

 

чет, 5. апр 2018. 14.54 Nick Couchman  је написао/ла:

On Thu, Apr 5, 2018 at 8:45 AM, Asbern  wrote:

Hi Marko,

 

Actually its not prompting for any permission in chrome

 

 

 

Correct - I believe Marko's point is that, if you're not using SSL/TLS (HTTPS), 
then it won't prompt you, because it refuses to send microphone/webcam over 
unsecure connections.

 

-Nick 

 

Yes, this is the case, it does not prompt at all on unsecure connections. The 
exception is localhost, so if you have Guacamole server installed locally, you 
can get microphone redirected via unsecured connection. 

 

Regards, 

Marko 

Re: Guacamole audio redirection issue

[Marko Nikolić]

чет, 5. апр 2018. 14.54 Nick Couchman  је написао/ла:

> On Thu, Apr 5, 2018 at 8:45 AM, Asbern  wrote:
>
>> Hi Marko,
>>
>>
>>
>> Actually its not prompting for any permission in chrome
>>
>>
>>
>>
>>
> Correct - I believe Marko's point is that, if you're not using SSL/TLS
> (HTTPS), then it won't prompt you, because it refuses to send
> microphone/webcam over unsecure connections.
>
> -Nick
>

Yes, this is the case, it does not prompt at all on unsecure connections.
The exception is localhost, so if you have Guacamole server installed
locally, you can get microphone redirected via unsecured connection.

Regards,
Marko

Re: Custom page to show shared connection Guacamole

[NeilC]

Just to round this out in case others try to do the same thing:

1. Create the initial connection as in the example in the manual
2. Call getConnectionID() on the ConfiguredGuacamoleSocket (as Mike said)
3. Store connectionID string somewhere
4. On connect next time, create new GuacamoleConfiguration() (empty)
5. Call setConnectionID() on the new config, passing the previously stored
connectionID
6. Use the resulting config with the original guacd host/port to create a
new ConfiguredGuacamoleSocket
7. Use that as before to create the tunnel

Voila - a shared RDP connection

Thanks again Mike



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: Guacamole audio redirection issue

[jml]

unsubscribe

Re: Guacamole audio redirection issue

[Nick Couchman]

On Thu, Apr 5, 2018 at 8:45 AM, Asbern  wrote:

> Hi Marko,
>
>
>
> Actually its not prompting for any permission in chrome
>
>
>
>
>
Correct - I believe Marko's point is that, if you're not using SSL/TLS
(HTTPS), then it won't prompt you, because it refuses to send
microphone/webcam over unsecure connections.

-Nick

RE: Guacamole audio redirection issue

[Asbern]

Hi Marko,

 

Actually its not prompting for any permission in chrome

 

Best Regards,
A. Asbern

 

From: Marko Nikolić [mailto:marko.nikolic...@gmail.com] 
Sent: Thursday, April 05, 2018 3:23 PM
To: user@guacamole.apache.org
Subject: Re: Guacamole audio redirection issue

 

Hello Asbern,

 

Chrome requires having SSL (https) connection to allow usage of the microphone 
and some other features (geolocation). I think there should be a message in 
the Chrome console when web page tries to access microphone over an insecure 
connection.

 

Please check this page as well: 
https://addpipe.com/blog/microphone-camera-access-no-longer-works-insecure-origins/

 

Regards,

Marko

 

чет, 5. апр 2018. у 11:41 Asbern  је написао/ла:

Yes am aware of that, in chrome I couldn’t able to enable that permission but 
in firefox I could 

 

Best Regards,
A. Asbern

 

From: Nick Couchman [mailto:vn...@apache.org] 
Sent: Thursday, April 05, 2018 3:10 PM


To: user@guacamole.apache.org
Subject: Re: Guacamole audio redirection issue

 

On Thu, Apr 5, 2018 at 5:25 AM, Asbern  wrote:

 

 

Client OS is Windows Server 2008 R2, and I have tried in chrome, IE, Firefox 

 

I know that, at least in Chrome, you have to grant a web page access to the 
microphone before it will allow it to be used.  Have you done this?  There's 
usually a little icon that appears in the box with the URL that indicates 
something attempting to access the microphone.

 

 

I could use the microphone via normal RDP but when I try to use via guacamole 
am facing this issue even though I set enable-audio-input as true and also my 
Ubuntu version is 16.04

 

 

So, to reiterate a previous question: Does the microphone work on other web 
pages that use the microphone?  You can test it out, here: 
https://test.webrtc.org/

 

-Nick

Re: Guacamole audio redirection issue

[Marko Nikolić]

Hello Asbern,

Chrome requires having SSL (https) connection to allow usage of the
microphone and some other features (geolocation). I think there should
be a message in the Chrome console when web page tries to access microphone
over an insecure connection.

Please check this page as well:
https://addpipe.com/blog/microphone-camera-access-no-longer-works-insecure-origins/

Regards,
Marko

чет, 5. апр 2018. у 11:41 Asbern  је написао/ла:

> Yes am aware of that, in chrome I couldn’t able to enable that permission
> but in firefox I could
>
>
>
> Best Regards,
> A. Asbern
>
>
>
> *From:* Nick Couchman [mailto:vn...@apache.org]
> *Sent:* Thursday, April 05, 2018 3:10 PM
>
>
> *To:* user@guacamole.apache.org
> *Subject:* Re: Guacamole audio redirection issue
>
>
>
> On Thu, Apr 5, 2018 at 5:25 AM, Asbern  wrote:
>
>
>
>
>
> Client OS is Windows Server 2008 R2, and I have tried in chrome, IE,
> Firefox
>
>
>
> I know that, at least in Chrome, you have to grant a web page access to
> the microphone before it will allow it to be used.  Have you done this?
> There's usually a little icon that appears in the box with the URL that
> indicates something attempting to access the microphone.
>
>
>
>
>
> I could use the microphone via normal RDP but when I try to use via
> guacamole am facing this issue even though I set *enable-audio-input* as
> *true* and also my Ubuntu version is 16.04
>
>
>
>
>
> So, to reiterate a previous question: Does the microphone work on other
> web pages that use the microphone?  You can test it out, here:
> https://test.webrtc.org/
>
>
>
> -Nick
>

RE: Guacamole audio redirection issue

[Asbern]

Yes am aware of that, in chrome I couldn’t able to enable that permission but 
in firefox I could 

 

Best Regards,
A. Asbern

 

From: Nick Couchman [mailto:vn...@apache.org] 
Sent: Thursday, April 05, 2018 3:10 PM
To: user@guacamole.apache.org
Subject: Re: Guacamole audio redirection issue

 

On Thu, Apr 5, 2018 at 5:25 AM, Asbern  wrote:

 

 

Client OS is Windows Server 2008 R2, and I have tried in chrome, IE, Firefox 

 

I know that, at least in Chrome, you have to grant a web page access to the 
microphone before it will allow it to be used.  Have you done this?  There's 
usually a little icon that appears in the box with the URL that indicates 
something attempting to access the microphone.

 

 

I could use the microphone via normal RDP but when I try to use via guacamole 
am facing this issue even though I set enable-audio-input as true and also my 
Ubuntu version is 16.04

 

 

So, to reiterate a previous question: Does the microphone work on other web 
pages that use the microphone?  You can test it out, here: 
https://test.webrtc.org/

 

-Nick

Re: Guacamole audio redirection issue

[Nick Couchman]

On Thu, Apr 5, 2018 at 5:25 AM, Asbern  wrote:

>
>
>
> Client OS is Windows Server 2008 R2, and I have tried in chrome, IE,
> Firefox
>
>
I know that, at least in Chrome, you have to grant a web page access to the
microphone before it will allow it to be used.  Have you done this?
There's usually a little icon that appears in the box with the URL that
indicates something attempting to access the microphone.


>
>
> I could use the microphone via normal RDP but when I try to use via
> guacamole am facing this issue even though I set *enable-audio-input* as
> *true* and also my Ubuntu version is 16.04
>
>
>

So, to reiterate a previous question: Does the microphone work on other web
pages that use the microphone?  You can test it out, here:
https://test.webrtc.org/

-Nick

RE: Guacamole audio redirection issue

[Asbern]

Hi Nick,

 

Sorry for the confusion caused.

 

Client OS is Windows Server 2008 R2, and I have tried in chrome, IE, Firefox 

 

I could use the microphone via normal RDP but when I try to use via guacamole 
am facing this issue even though I set enable-audio-input as true and also my 
Ubuntu version is 16.04

 

Best Regards,
A. Asbern

 

From: Nick Couchman [mailto:vn...@apache.org] 
Sent: Thursday, April 05, 2018 2:47 PM
To: user@guacamole.apache.org
Subject: Re: Guacamole audio redirection issue

 

On Thu, Apr 5, 2018 at 5:13 AM, Asbern  wrote:

Hi all,

 

Greetings from Trainocate!

 

In our office, we deployed guacamole 0.9.14 in apache tomcat8, we are facing 
issues in audio redirection (microphone). 

Our issue is the client machine audio is working fine, but the microphone is 
not working, can you help us to resolve this issue? Thank you

 

 

First, please do not post to both user and dev mailing lists - choose one (the 
user list, unless you're developing something and asking a question about that) 
and stick with it.  Otherwise it just causes confusion.

 

What is the client O/S and browser?  Can you successfully use the microphone in 
other applications on the client - both standard applications and on other web 
pages?  What have you tried to get it to work?

 

-Nick

Re: Guacamole audio redirection issue

[Nick Couchman]

On Thu, Apr 5, 2018 at 5:13 AM, Asbern  wrote:

> Hi all,
>
>
>
> Greetings from Trainocate!
>
>
>
> In our office, we deployed guacamole 0.9.14 in apache tomcat8, we are
> facing issues in audio redirection (microphone).
>
> Our issue is the client machine audio is working fine, but the microphone
> is not working, can you help us to resolve this issue? Thank you
>
>
>
First, please do not post to both user and dev mailing lists - choose one
(the user list, unless you're developing something and asking a question
about that) and stick with it.  Otherwise it just causes confusion.

What is the client O/S and browser?  Can you successfully use the
microphone in other applications on the client - both standard applications
and on other web pages?  What have you tried to get it to work?

-Nick

Re: LDAP restrictions

[Nick Couchman]

Replied to myself before seeing this one, but will respond inline, here,
too

On Wed, Apr 4, 2018 at 6:15 PM, Joseph L. Casale 
wrote:

> From: Nick Couchman 
> Sent: Wednesday, April 4, 2018 3:52 PM
> To: user@guacamole.apache.org
> Subject: Re: LDAP restrictions
>
> > Okay, I'm missing what "flat hierarchy" has to do with anything, here?
> > Either way, you still need a user account capable of searching for the
> > users (or a LDAP directory that allows anonymous bind/searches, which
> > is obviously not ideal), no matter where  the users in your tree are
> located - flat
> > or structured - so I'm failing to see how this is relevant.
>
> This is the behavior of the LDAP implementation according to the docs.
> If a bind dn is provided, it can search anywhere beneath the base dn
> otherwise
> the users must exist directly beneath the base dn (it constructs the
> users DN and searches for _that_ object).
>
> A better implementation might be to search for _all_ objects with the
> following LDAP filter (=)
> but there is still another alternative.
>

Yeah, if I had thought about it for 5 more minutes before clicking send, I
would have seen this :-).


>
> > I think I understand that you do not want to store the password in the
> > guacamole.properties file plain-text,
>
> While your supporting dialog is right, it's a policy without exception.
> Since it's not necessary, there cannot be any provisions:(
>

Got it, that makes sense.


>
> > When you say "some directories" you really mean Active Directory, right?
>
> Yup;)
>
> > Hmmm...so you're calling an LDAP DN an "unnatural restriction" when, in
> fact,
> > it is conforming to the LDAP standard :-),
>
> Haha, well sort of. See my rational above (and an alternative below) as it
> describes the less restrictive approach which facilitates a search.
>
> > But, all of that aside, what is the relevance of the username format
> required
> > by Guacamole to how the password is stored in the guacamole.properties
> file?
> > If we were to allow @domain.com or domain\,  you'd
> still
> > have to store the password in the guacamole.properties file in
> plaintext, no?
> > How does allowing those and not requiring the DN syntax impact security
> or
> > storage of passwords?
>
> For all cases where a bind DN is not desired, then in the cases where the
> DSA is
> not lenient about the bind dn format (all but AD etc) your format pattern
> *will*
> have to be a full DN with the user logon id inserted, but for the other
> cases where
> flexibility exists (AD), we can facilitate a common bind format pattern
> which
> enumerates a user in any location in the directory tree.
>

I'll just reiterate what I already said in the previous e-mail - go ahead
and file a JIRA issue for this and we can take a look at the code and see
if there's a relatively easy way to allow the contextless logins with the
client.  I'm not certain how easy this will be - the current LDAP API
that's used by the client is the old Novell JLDAP one (it's in the process
of being switched over to the new Apache one), so I'm not sure what the API
will actually allow to be used as a LDAP username, but it's worth a shot.



>
> > I must be missing some detail about your environment or what you're
> trying
> > to accomplish, here - can you fill in the gaps in my understanding?
>
> All this is a result of the lack of ability to supply credentials _at_
> connection
> instantiation time. We could live with the users all being direct
> descendants
> of the base dn. However, as the users have to logon with their primary IDs
> for those connections which need that credential _and_ logon as elevated
> secondary IDs which do not exist in the same directory tree.
>

Personally I'm not a fan of "flat" LDAP trees - I think one of the reasons
to do LDAP-based authentication, in whatever directory, is so that you can
organize your tree using the various objects provided by the directory.
So, I definitely understand not wanting to flatten everything.  If you have
enough control over your LDAP tree that you could create an OU and alias
everyone, then this might give you a work-around in the interim until we
sort out either secure password storage or contextless LDAP logins.

Aside from the JIRA issue about contextless logins, if you have suggestions
about how to more securely store the password for an LDAP search bind DN,
you could file a JIRA issue for that, as well.

https://issues.apache.org/jira/browse/GUACAMOLE

-Nick