RE: Guacamole audio redirection issue
Okay will try to implement that and let you know the output, thanks for the help Best Regards, A. Asbern From: Marko Nikolić [mailto:marko.nikolic...@gmail.com] Sent: Thursday, April 05, 2018 9:46 PM To: user@guacamole.apache.org Subject: Re: Guacamole audio redirection issue чет, 5. апр 2018. 14.54 Nick Couchmanје написао/ла: On Thu, Apr 5, 2018 at 8:45 AM, Asbern wrote: Hi Marko, Actually its not prompting for any permission in chrome Correct - I believe Marko's point is that, if you're not using SSL/TLS (HTTPS), then it won't prompt you, because it refuses to send microphone/webcam over unsecure connections. -Nick Yes, this is the case, it does not prompt at all on unsecure connections. The exception is localhost, so if you have Guacamole server installed locally, you can get microphone redirected via unsecured connection. Regards, Marko
Re: Guacamole audio redirection issue
чет, 5. апр 2018. 14.54 Nick Couchmanје написао/ла: > On Thu, Apr 5, 2018 at 8:45 AM, Asbern wrote: > >> Hi Marko, >> >> >> >> Actually its not prompting for any permission in chrome >> >> >> >> >> > Correct - I believe Marko's point is that, if you're not using SSL/TLS > (HTTPS), then it won't prompt you, because it refuses to send > microphone/webcam over unsecure connections. > > -Nick > Yes, this is the case, it does not prompt at all on unsecure connections. The exception is localhost, so if you have Guacamole server installed locally, you can get microphone redirected via unsecured connection. Regards, Marko
Re: Custom page to show shared connection Guacamole
Just to round this out in case others try to do the same thing: 1. Create the initial connection as in the example in the manual 2. Call getConnectionID() on the ConfiguredGuacamoleSocket (as Mike said) 3. Store connectionID string somewhere 4. On connect next time, create new GuacamoleConfiguration() (empty) 5. Call setConnectionID() on the new config, passing the previously stored connectionID 6. Use the resulting config with the original guacd host/port to create a new ConfiguredGuacamoleSocket 7. Use that as before to create the tunnel Voila - a shared RDP connection Thanks again Mike -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: Guacamole audio redirection issue
unsubscribe
Re: Guacamole audio redirection issue
On Thu, Apr 5, 2018 at 8:45 AM, Asbernwrote: > Hi Marko, > > > > Actually its not prompting for any permission in chrome > > > > > Correct - I believe Marko's point is that, if you're not using SSL/TLS (HTTPS), then it won't prompt you, because it refuses to send microphone/webcam over unsecure connections. -Nick
RE: Guacamole audio redirection issue
Hi Marko, Actually its not prompting for any permission in chrome Best Regards, A. Asbern From: Marko Nikolić [mailto:marko.nikolic...@gmail.com] Sent: Thursday, April 05, 2018 3:23 PM To: user@guacamole.apache.org Subject: Re: Guacamole audio redirection issue Hello Asbern, Chrome requires having SSL (https) connection to allow usage of the microphone and some other features (geolocation). I think there should be a message in the Chrome console when web page tries to access microphone over an insecure connection. Please check this page as well: https://addpipe.com/blog/microphone-camera-access-no-longer-works-insecure-origins/ Regards, Marko чет, 5. апр 2018. у 11:41 Asbernје написао/ла: Yes am aware of that, in chrome I couldn’t able to enable that permission but in firefox I could Best Regards, A. Asbern From: Nick Couchman [mailto:vn...@apache.org] Sent: Thursday, April 05, 2018 3:10 PM To: user@guacamole.apache.org Subject: Re: Guacamole audio redirection issue On Thu, Apr 5, 2018 at 5:25 AM, Asbern wrote: Client OS is Windows Server 2008 R2, and I have tried in chrome, IE, Firefox I know that, at least in Chrome, you have to grant a web page access to the microphone before it will allow it to be used. Have you done this? There's usually a little icon that appears in the box with the URL that indicates something attempting to access the microphone. I could use the microphone via normal RDP but when I try to use via guacamole am facing this issue even though I set enable-audio-input as true and also my Ubuntu version is 16.04 So, to reiterate a previous question: Does the microphone work on other web pages that use the microphone? You can test it out, here: https://test.webrtc.org/ -Nick
Re: Guacamole audio redirection issue
Hello Asbern, Chrome requires having SSL (https) connection to allow usage of the microphone and some other features (geolocation). I think there should be a message in the Chrome console when web page tries to access microphone over an insecure connection. Please check this page as well: https://addpipe.com/blog/microphone-camera-access-no-longer-works-insecure-origins/ Regards, Marko чет, 5. апр 2018. у 11:41 Asbernје написао/ла: > Yes am aware of that, in chrome I couldn’t able to enable that permission > but in firefox I could > > > > Best Regards, > A. Asbern > > > > *From:* Nick Couchman [mailto:vn...@apache.org] > *Sent:* Thursday, April 05, 2018 3:10 PM > > > *To:* user@guacamole.apache.org > *Subject:* Re: Guacamole audio redirection issue > > > > On Thu, Apr 5, 2018 at 5:25 AM, Asbern wrote: > > > > > > Client OS is Windows Server 2008 R2, and I have tried in chrome, IE, > Firefox > > > > I know that, at least in Chrome, you have to grant a web page access to > the microphone before it will allow it to be used. Have you done this? > There's usually a little icon that appears in the box with the URL that > indicates something attempting to access the microphone. > > > > > > I could use the microphone via normal RDP but when I try to use via > guacamole am facing this issue even though I set *enable-audio-input* as > *true* and also my Ubuntu version is 16.04 > > > > > > So, to reiterate a previous question: Does the microphone work on other > web pages that use the microphone? You can test it out, here: > https://test.webrtc.org/ > > > > -Nick >
RE: Guacamole audio redirection issue
Yes am aware of that, in chrome I couldn’t able to enable that permission but in firefox I could Best Regards, A. Asbern From: Nick Couchman [mailto:vn...@apache.org] Sent: Thursday, April 05, 2018 3:10 PM To: user@guacamole.apache.org Subject: Re: Guacamole audio redirection issue On Thu, Apr 5, 2018 at 5:25 AM, Asbernwrote: Client OS is Windows Server 2008 R2, and I have tried in chrome, IE, Firefox I know that, at least in Chrome, you have to grant a web page access to the microphone before it will allow it to be used. Have you done this? There's usually a little icon that appears in the box with the URL that indicates something attempting to access the microphone. I could use the microphone via normal RDP but when I try to use via guacamole am facing this issue even though I set enable-audio-input as true and also my Ubuntu version is 16.04 So, to reiterate a previous question: Does the microphone work on other web pages that use the microphone? You can test it out, here: https://test.webrtc.org/ -Nick
Re: Guacamole audio redirection issue
On Thu, Apr 5, 2018 at 5:25 AM, Asbernwrote: > > > > Client OS is Windows Server 2008 R2, and I have tried in chrome, IE, > Firefox > > I know that, at least in Chrome, you have to grant a web page access to the microphone before it will allow it to be used. Have you done this? There's usually a little icon that appears in the box with the URL that indicates something attempting to access the microphone. > > > I could use the microphone via normal RDP but when I try to use via > guacamole am facing this issue even though I set *enable-audio-input* as > *true* and also my Ubuntu version is 16.04 > > > So, to reiterate a previous question: Does the microphone work on other web pages that use the microphone? You can test it out, here: https://test.webrtc.org/ -Nick
RE: Guacamole audio redirection issue
Hi Nick, Sorry for the confusion caused. Client OS is Windows Server 2008 R2, and I have tried in chrome, IE, Firefox I could use the microphone via normal RDP but when I try to use via guacamole am facing this issue even though I set enable-audio-input as true and also my Ubuntu version is 16.04 Best Regards, A. Asbern From: Nick Couchman [mailto:vn...@apache.org] Sent: Thursday, April 05, 2018 2:47 PM To: user@guacamole.apache.org Subject: Re: Guacamole audio redirection issue On Thu, Apr 5, 2018 at 5:13 AM, Asbernwrote: Hi all, Greetings from Trainocate! In our office, we deployed guacamole 0.9.14 in apache tomcat8, we are facing issues in audio redirection (microphone). Our issue is the client machine audio is working fine, but the microphone is not working, can you help us to resolve this issue? Thank you First, please do not post to both user and dev mailing lists - choose one (the user list, unless you're developing something and asking a question about that) and stick with it. Otherwise it just causes confusion. What is the client O/S and browser? Can you successfully use the microphone in other applications on the client - both standard applications and on other web pages? What have you tried to get it to work? -Nick
Re: Guacamole audio redirection issue
On Thu, Apr 5, 2018 at 5:13 AM, Asbernwrote: > Hi all, > > > > Greetings from Trainocate! > > > > In our office, we deployed guacamole 0.9.14 in apache tomcat8, we are > facing issues in audio redirection (microphone). > > Our issue is the client machine audio is working fine, but the microphone > is not working, can you help us to resolve this issue? Thank you > > > First, please do not post to both user and dev mailing lists - choose one (the user list, unless you're developing something and asking a question about that) and stick with it. Otherwise it just causes confusion. What is the client O/S and browser? Can you successfully use the microphone in other applications on the client - both standard applications and on other web pages? What have you tried to get it to work? -Nick
Re: LDAP restrictions
Replied to myself before seeing this one, but will respond inline, here, too On Wed, Apr 4, 2018 at 6:15 PM, Joseph L. Casalewrote: > From: Nick Couchman > Sent: Wednesday, April 4, 2018 3:52 PM > To: user@guacamole.apache.org > Subject: Re: LDAP restrictions > > > Okay, I'm missing what "flat hierarchy" has to do with anything, here? > > Either way, you still need a user account capable of searching for the > > users (or a LDAP directory that allows anonymous bind/searches, which > > is obviously not ideal), no matter where the users in your tree are > located - flat > > or structured - so I'm failing to see how this is relevant. > > This is the behavior of the LDAP implementation according to the docs. > If a bind dn is provided, it can search anywhere beneath the base dn > otherwise > the users must exist directly beneath the base dn (it constructs the > users DN and searches for _that_ object). > > A better implementation might be to search for _all_ objects with the > following LDAP filter (=) > but there is still another alternative. > Yeah, if I had thought about it for 5 more minutes before clicking send, I would have seen this :-). > > > I think I understand that you do not want to store the password in the > > guacamole.properties file plain-text, > > While your supporting dialog is right, it's a policy without exception. > Since it's not necessary, there cannot be any provisions:( > Got it, that makes sense. > > > When you say "some directories" you really mean Active Directory, right? > > Yup;) > > > Hmmm...so you're calling an LDAP DN an "unnatural restriction" when, in > fact, > > it is conforming to the LDAP standard :-), > > Haha, well sort of. See my rational above (and an alternative below) as it > describes the less restrictive approach which facilitates a search. > > > But, all of that aside, what is the relevance of the username format > required > > by Guacamole to how the password is stored in the guacamole.properties > file? > > If we were to allow @domain.com or domain\, you'd > still > > have to store the password in the guacamole.properties file in > plaintext, no? > > How does allowing those and not requiring the DN syntax impact security > or > > storage of passwords? > > For all cases where a bind DN is not desired, then in the cases where the > DSA is > not lenient about the bind dn format (all but AD etc) your format pattern > *will* > have to be a full DN with the user logon id inserted, but for the other > cases where > flexibility exists (AD), we can facilitate a common bind format pattern > which > enumerates a user in any location in the directory tree. > I'll just reiterate what I already said in the previous e-mail - go ahead and file a JIRA issue for this and we can take a look at the code and see if there's a relatively easy way to allow the contextless logins with the client. I'm not certain how easy this will be - the current LDAP API that's used by the client is the old Novell JLDAP one (it's in the process of being switched over to the new Apache one), so I'm not sure what the API will actually allow to be used as a LDAP username, but it's worth a shot. > > > I must be missing some detail about your environment or what you're > trying > > to accomplish, here - can you fill in the gaps in my understanding? > > All this is a result of the lack of ability to supply credentials _at_ > connection > instantiation time. We could live with the users all being direct > descendants > of the base dn. However, as the users have to logon with their primary IDs > for those connections which need that credential _and_ logon as elevated > secondary IDs which do not exist in the same directory tree. > Personally I'm not a fan of "flat" LDAP trees - I think one of the reasons to do LDAP-based authentication, in whatever directory, is so that you can organize your tree using the various objects provided by the directory. So, I definitely understand not wanting to flatten everything. If you have enough control over your LDAP tree that you could create an OU and alias everyone, then this might give you a work-around in the interim until we sort out either secure password storage or contextless LDAP logins. Aside from the JIRA issue about contextless logins, if you have suggestions about how to more securely store the password for an LDAP search bind DN, you could file a JIRA issue for that, as well. https://issues.apache.org/jira/browse/GUACAMOLE -Nick