About AD authentication in guacamole
Hi, guacamole support. I am Takuya, Engineer in Japan. I have a trouble with AD authentication in Guacamole on Docker. Problem: ・I can't login Guacamole with AD users. Current state: ・Network sparse communication achieved. ・Ticket exchange with AD is not a problem. ・I can get only error(warn) log about auth failed. ex. 00:50:51:610 [http-nio-8080-exec-5] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [172.19.0.1, 172.19.0.1] for user "ito" failed. ・Docker image is guacamole/guacamole Please let me know how I should troubleshoot.
Re: Prompting for rdp credentials not working: guacamole 1.3.0 from docker image
Indeed, Nick! You were right! During the update the guacd image was left behind at 1.2.0. Checking the logs as you suggested pointed out that guacd was running version 1.2.0. although I was positive I had upgraded it. Pulling the new version provided the coveted credentials prompt. Thank you very much, Nick! Best regards, *Bogdan TOMASCIUC * On Wed, Aug 4, 2021 at 10:52 PM Nick Couchman wrote: > On Wed, Aug 4, 2021 at 3:13 PM Bogdan Tomasciuc < > bogdan.tomasc...@gmail.com> wrote: > >> Hi, >> After updating to 1.3.0 I was expecting to get the prompt to enter >> credentials if I deleted them in the connection configuration. Instead it >> fails to connect. >> Using guagamole and guacd docker images with mysql backend. >> >> > A couple of things to check: > 1) When you updated, did you update both guacamole-client and guacd? The > prompting functionality requires that both of those components be at 1.3.0 > in order to function. > 2) What do guacd logs say? Since you're using Docker, you should be able > to do "docker logs ", replacing guacd with the name of the > container. I would follow/tail the logs and watch what error you get when > connecting without credentials. > > >> Is it a docker image ptoblem or do I have to take extra steps to get the >> new feature? >> >> Extra info. I tried with a Guacamole instance compiled from sources and it >> worked fine prompting for credentials bu I would really like to see it >> working on my docker installations too. >> >> > There's no reason it shouldn't work using Docker. > > -Nick > >>
Re: guacamole broken on Safari
Ah, OK. On Wed, Aug 4, 2021, 13:48 Leo Nikolaev wrote: > I do need cherry-pick to fix regression from 641, you’ve told me that; > I’ve found it fixed on 037ed212 and put it on. Without it Guacamole fails > to even show me a login form, complaining about MySQL syntax errors. > > Cheers, > Leo > > > On 4 Aug 2021, at 23:45, Mike Jumper wrote: > > > > On Wed, Aug 4, 2021, 13:33 Leo Nikolaev wrote: > > Okay, I found it. > > > > Safari bug is in the GUACAMOLE-724 series of commits. > > Broken commit: c2b2522 - GUACAMOLE-724: Correct rendering of tiled > clients on IE10+ by migrating to grid layout. > > > > Unfortunately, I believe the code from that commit has already been > replaced with a different approach. > > > > Last working commit: 09288b7 > > > > This may be helpful. > > > > > > Steps to reproduce: > > > > 1. Checkout commit: > > > > git checkout c2b2522 > > > > 2. Cherry-pick fix from GUACAMOLE-641: > > > > git cherry-pick -m 1 037ed212 > > > > What does cherry-picking this commit have to do with the issue at hand? > Are you unable to reproduce the issue unless you cherry pick this? > > > > ... > > Should I make a video? > > > > No, I don't think that would help. We need to be able reproduce what > you're seeing ourselves. > > > > The steps to reproduce (connect to something) are straightforward; it > just so far is working absolutely fine when I test against Safari myself. > > > > - Mike > > > - > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org > >
Re: guacamole broken on Safari
I do need cherry-pick to fix regression from 641, you’ve told me that; I’ve found it fixed on 037ed212 and put it on. Without it Guacamole fails to even show me a login form, complaining about MySQL syntax errors. Cheers, Leo > On 4 Aug 2021, at 23:45, Mike Jumper wrote: > > On Wed, Aug 4, 2021, 13:33 Leo Nikolaev wrote: > Okay, I found it. > > Safari bug is in the GUACAMOLE-724 series of commits. > Broken commit: c2b2522 - GUACAMOLE-724: Correct rendering of tiled clients on > IE10+ by migrating to grid layout. > > Unfortunately, I believe the code from that commit has already been replaced > with a different approach. > > Last working commit: 09288b7 > > This may be helpful. > > > Steps to reproduce: > > 1. Checkout commit: > > git checkout c2b2522 > > 2. Cherry-pick fix from GUACAMOLE-641: > > git cherry-pick -m 1 037ed212 > > What does cherry-picking this commit have to do with the issue at hand? Are > you unable to reproduce the issue unless you cherry pick this? > > ... > Should I make a video? > > No, I don't think that would help. We need to be able reproduce what you're > seeing ourselves. > > The steps to reproduce (connect to something) are straightforward; it just so > far is working absolutely fine when I test against Safari myself. > > - Mike - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: guacamole broken on Safari
On Wed, Aug 4, 2021, 13:33 Leo Nikolaev wrote: > Okay, I found it. > > Safari bug is in the GUACAMOLE-724 series of commits. > Broken commit: c2b2522 - GUACAMOLE-724: Correct rendering of tiled clients > on IE10+ by migrating to grid layout. > Unfortunately, I believe the code from that commit has already been replaced with a different approach. Last working commit: 09288b7 > This may be helpful. > Steps to reproduce: > > 1. Checkout commit: > > git checkout c2b2522 > > 2. Cherry-pick fix from GUACAMOLE-641: > > git cherry-pick -m 1 037ed212 > What does cherry-picking this commit have to do with the issue at hand? Are you unable to reproduce the issue unless you cherry pick this? ... > Should I make a video? > No, I don't think that would help. We need to be able reproduce what you're seeing ourselves. The steps to reproduce (connect to something) are straightforward; it just so far is working absolutely fine when I test against Safari myself. - Mike
Re: guacamole broken on Safari
Okay, I found it. Safari bug is in the GUACAMOLE-724 series of commits. Broken commit: c2b2522 - GUACAMOLE-724: Correct rendering of tiled clients on IE10+ by migrating to grid layout. Last working commit: 09288b7 Steps to reproduce: 1. Checkout commit: git checkout c2b2522 2. Cherry-pick fix from GUACAMOLE-641: git cherry-pick -m 1 037ed212 3. Build docker image: docker build -t guacamole/guacamole:c2b2522 . 4. Run it any way you like. 5. IMPORTANT: Clear Safari cache. Should I make a video? Cheers, Leo > On 4 Aug 2021, at 13:25, Mike Jumper wrote: > > On Wed, Aug 4, 2021 at 1:36 AM Leo Nikolaev wrote: > Ha, I found an interesting issue about the bug. > > If you run a working guacamole, it puts something in your Safari’s browser > cache to keep it working, even if future builds have a bug. Cleaning up the > cache fires up a bug. I’m still bisecting it, but I’m close. > > It's not so much that Guacamole puts something in the browser cache, but that > the browser caches Guacamole's JavaScript, CSS, etc. If the issue you're > seeing is due to the contents of a resource cached by the browser, then that > behavior will end up being conditional on whether the issue happens to still > be in the cache. > > Depending on how frequently the contents of the cache affected the results of > the test, the final result of the bisect may end up being inconsistent, with > git believing that some good commits are bad, some bad commits are good, etc. > > - Mike > - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Prompting for rdp credentials not working: guacamole 1.3.0 from docker image
On Wed, Aug 4, 2021 at 3:13 PM Bogdan Tomasciuc wrote: > Hi, > After updating to 1.3.0 I was expecting to get the prompt to enter > credentials if I deleted them in the connection configuration. Instead it > fails to connect. > Using guagamole and guacd docker images with mysql backend. > > A couple of things to check: 1) When you updated, did you update both guacamole-client and guacd? The prompting functionality requires that both of those components be at 1.3.0 in order to function. 2) What do guacd logs say? Since you're using Docker, you should be able to do "docker logs ", replacing guacd with the name of the container. I would follow/tail the logs and watch what error you get when connecting without credentials. > Is it a docker image ptoblem or do I have to take extra steps to get the > new feature? > > Extra info. I tried with a Guacamole instance compiled from sources and it > worked fine prompting for credentials bu I would really like to see it > working on my docker installations too. > > There's no reason it shouldn't work using Docker. -Nick >
Re: Two questions hopefully someone can help me out with
Yes thank you, I was watching some guacamole video to find that out. Sadly all fomat is lost when I paste into the shell. (After I paste into the alt-shift-ctrl with line breaks and format.) On Tue, Aug 3, 2021 at 10:52 PM Ivanmarcus wrote: > > 2. How do I paste into an ssh session? > > (1) Copy the text on the local machine > (2) CTRL-ALT-SHIFT at the Guacamole screen > (3) Paste into the text window > (4) CTRL-ALT-SHIFT again to hide the window > (5) Right-click into the SSH session > > Should do it? > > - > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org > >
Re: Just checking to see if others can see this email
Not sure why it was spam, this is just an email account of mine. Thank you all for the confirmation! So let me put it in simpler terms. I have an ubuntu 20.04 linode that I am hosting guacamole on. I can ssh into localhost after enabling local host password authentication with its sshd_config. Usually when I ssh into that linode from my home PC, I use its public IP with the specified port that I changed and a private key set. Which works without a problem. But if I enter the hostname and port then paste the non passphrase protected private key to these places: https://i.imgur.com/nqcQwV0.png I am met with a shell that prompts me to enter a passphrase and then show failed status. I even encrypted the ed_25519 private with a passphrase, pasted the plain text `cat` of that key file into the box and then entered the correct passphrase. which also ended with login failed for some reason. Let me know if you need more information. And any input is appreciated. PS. VNC to localhsot also works, could it be that guacamole cannot connect to the machine that is hosting it with its public ip? On Tue, Aug 3, 2021 at 11:29 PM Mike Jumper wrote: > On Tue, Aug 3, 2021 at 7:47 PM Ivanmarcus > wrote: > >> >> Your email has made it to the list ok. > > > For me, I received your response to this thread without issue, but I found > the emails from Asmodean in my spam folder. It was after receiving your > response that I checked spam and found those past messages. > > Other emails to the user@ list appear to be hitting my inbox fine. > > - Mike > >
Prompting for rdp credentials not working: guacamole 1.3.0 from docker image
Hi, After updating to 1.3.0 I was expecting to get the prompt to enter credentials if I deleted them in the connection configuration. Instead it fails to connect. Using guagamole and guacd docker images with mysql backend. Is it a docker image ptoblem or do I have to take extra steps to get the new feature? Extra info. I tried with a Guacamole instance compiled from sources and it worked fine prompting for credentials bu I would really like to see it working on my docker installations too. Thank you for the help an congratulations for a great product! Best regards, Bogdan
Re: guacamole broken on Safari
On Wed, Aug 4, 2021 at 1:36 AM Leo Nikolaev wrote: > Ha, I found an interesting issue about the bug. > > If you run a working guacamole, it puts something in your Safari’s browser > cache to keep it working, even if future builds have a bug. Cleaning up the > cache fires up a bug. I’m still bisecting it, but I’m close. It's not so much that Guacamole *puts* something in the browser cache, but that the browser caches Guacamole's JavaScript, CSS, etc. If the issue you're seeing is due to the contents of a resource cached by the browser, then that behavior will end up being conditional on whether the issue happens to still be in the cache. Depending on how frequently the contents of the cache affected the results of the test, the final result of the bisect may end up being inconsistent, with git believing that some good commits are bad, some bad commits are good, etc. - Mike
Re: guacamole broken on Safari
Ha, I found an interesting issue about the bug. If you run a working guacamole, it puts something in your Safari’s browser cache to keep it working, even if future builds have a bug. Cleaning up the cache fires up a bug. I’m still bisecting it, but I’m close. Cheers, Leo > On 3 Aug 2021, at 23:52, Mike Jumper wrote: > > Yes, it was a regression introduced during development of GUACAMOLE-641 and > was subsequently fixed. > > If you run into an issue that prevents testing entirely (can't build, can't > login, etc.), the best way to move beyond that would be to skip that commit > with "git bisect skip" so that git knows that the status of that commit can't > be determined. It'll continue its binary search and avoid the vicinity of > that commit unless necessary. > > Michael Jumper > CEO, Lead Developer > Glyptodon Inc. > > > On Tue, Aug 3, 2021 at 1:27 PM Leo Nikolaev wrote: > So, now I have a very nasty bug: some commits do fail to even show the login > page of Guacamole with some weird MySQL error: > > ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml > ### The error may involve defaultParameterMap > ### The error occurred while setting parameters > ### SQL: SELECT guacamole_user.user_id, > guacamole_entity.entity_id, guacamole_entity.name, > password_hash, password_salt, password_date, >disabled, expired, access_window_start, > access_window_end, valid_from, valid_until, >timezone, full_name, email_address, > organization, organizational_role, MAX(start_date) AS > last_active FROM guacamole_user JOIN guacamole_entity ON > guacamole_user.entity_id = guacamole_entity.entity_id LEFT JOIN > guacamole_user_history ON guacamole_user_history.user_id = > guacamole_user.user_id WHERE guacamole_entity.name = ? > AND guacamole_entity.type = 'USER' GROUP BY > guacamole_user.user_id, guacamole_entity.entity_id; SELECT > guacamole_user_attribute.user_id, > guacamole_user_attribute.attribute_name, > guacamole_user_attribute.attribute_value FROM > guacamole_user_attribute JOIN guacamole_user ON > guacamole_user.user_id = guacamole_user_attribute.user_id JOIN > guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id > WHERE guacamole_entity.name = ? AND > guacamole_entity.type = 'USER' > ### Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You > have an error in your SQL syntax; check the manual that corresponds to your > MySQL server version for the right syntax to use near 'SELECT > guacamole_user_attribute.user_id, > guacamole_user_' at line 28 > > Have you seen anything like this? I don’t see any changes in MySQL schemas, > but commits 448ebb5 and 2b8eb44 have this bug. Commit 037ed21 and c239b6e do > not have this bug at all. > > Cheers, > Leo > > > On 3 Aug 2021, at 00:11, Mike Jumper wrote: > > > > On Mon, Aug 2, 2021, 14:07 Leo Nikolaev wrote: > > Erm, I can’t do bisect, I just build it and check manually :) > > > > Bisect will save you a *ton* of time while reducing the number of checks. > > You'll be able to cover the full relevant span of commits in O(log n). > > > > Btw, I am using OIDC auth via Keycloak, but I’m sure it's not the reason. > > > > Probably true, but the fewer variables and assumptions, the better. > > > > - Mike > > > > > - > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org > - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
