Re: Topt Google Authenticator gives "Verification failed. Please try again."
Ignore my las mail. Now it all works. No idea why though. Maybe the clock of the VM was off or something, > On 15 Apr 2018, at 11.37, Kalle Jääskeläinen <kalle.jaaskelai...@gmail.com> > wrote: > > Hi all, > > I compiled the latest and greatest server and client yesterday from master to > try out google auth topt extension. > > I got everything working great (first time I built it from source) to a point > where I login using password, get a QR code for new account get “Apache > Guacamole (topttest (or guacadmin)) entry to the Google Authenticator > (android) application with changing code, but when I enter it, it just keeps > on saying "Verification failed. Please try again.” > Both topttest (normal account with only change password permission) and > guacadmin has the same behavior. > > If I take topt extension out, the users (topttest, guacadmin) can access ok > using just the password. > > I’m using mySQL, schema etc built using the scripts I got from master. > > After failed login attempts (tried both topttest and guacadmin) mySQL shows > > mysql> SELECT * FROM guacamole_user_attribute; > +-+-+--+ > | user_id | attribute_name | attribute_value | > +-+-+--+ > | 1 | guac-totp-key-confirmed | false| > | 1 | guac-totp-key-secret| XXVBQ3HTHLJMXRNPMD57ZIZG2ZIN2U43 | > | 5 | guac-totp-key-confirmed | false| > | 5 | guac-totp-key-secret| YAKJNQMMZKY2MVIVCGSV6TMXLOUD2VIR | > +-+-+--+ > 4 rows in set (0.00 sec) > > mysql> SELECT * FROM guacamole_user; > +-+---+--+--+-+--+-+-+---++-+--+---+---+--+-+ > | user_id | username | password_hash| password_salt > | password_date | disabled | expired | > access_window_start | access_window_end | valid_from | valid_until | timezone > | full_name | email_address | organization | organizational_role | > +-+---+--+--+-+--+-+-+---++-+--+---+---+--+-+ > | 1 | guacadmin | ?E?}IN;?$???u?Ul??,-}?c;?J)?A` | > ?$???+%(???zy?B??`d?iųw??"d | 2018-04-15 07:21:55 |0 | 0 | NULL >| NULL | NULL | NULL| NULL | > NULL | NULL | NULL | NULL| > ??W~v??YD??'?GG;F??n-? | 2018-04-15 10:36:21 |0 | 0 | NULL >| NULL | NULL | NULL| NULL | NULL >| NULL | NULL | NULL| > | 5 | topttest | ??e > ??wG?x?v? ?F??mT=A??w?" | ?BۘF;?f??xk???i???P?m\f? | 2018-04-15 10:54:14 | > 0 | 0 | NULL| NULL | NULL | NULL >| NULL | NULL | NULL | NULL | NULL > | > +-+---+--+--+-+--+-+-+---++-+--+---+---+--+-+ > 3 rows in set (0.00 sec) > > mysql> SELECT * FROM guacamole_user_permission; > +-+--++ > | user_id | affected_user_id | permission | > +-+--++ > | 1 |1 | READ | > | 1 |1 | UPDATE | > | 1 |1 | ADMINISTER | > | 1 |4 | READ | > | 1 |4 | UPDATE | > | 1 |4 | DELETE | > | 1 |4 | ADMINISTER | > | 4 |4 | READ | > | 4 |4 | UPDATE | > | 1 |5 | READ | > | 1 |5 | UPDATE | > | 1 |5 | DELETE | > | 1 |5 | ADMINISTER | > | 5 |5 | READ | > | 5 |5 | UPDATE | > +-+--++ > 15 rows in set (0.01 sec) > > > > T
Topt Google Authenticator gives "Verification failed. Please try again."
Hi all, I compiled the latest and greatest server and client yesterday from master to try out google auth topt extension. I got everything working great (first time I built it from source) to a point where I login using password, get a QR code for new account get “Apache Guacamole (topttest (or guacadmin)) entry to the Google Authenticator (android) application with changing code, but when I enter it, it just keeps on saying "Verification failed. Please try again.” Both topttest (normal account with only change password permission) and guacadmin has the same behavior. If I take topt extension out, the users (topttest, guacadmin) can access ok using just the password. I’m using mySQL, schema etc built using the scripts I got from master. After failed login attempts (tried both topttest and guacadmin) mySQL shows mysql> SELECT * FROM guacamole_user_attribute; +-+-+--+ | user_id | attribute_name | attribute_value | +-+-+--+ | 1 | guac-totp-key-confirmed | false| | 1 | guac-totp-key-secret| XXVBQ3HTHLJMXRNPMD57ZIZG2ZIN2U43 | | 5 | guac-totp-key-confirmed | false| | 5 | guac-totp-key-secret| YAKJNQMMZKY2MVIVCGSV6TMXLOUD2VIR | +-+-+--+ 4 rows in set (0.00 sec) mysql> SELECT * FROM guacamole_user; +-+---+--+--+-+--+-+-+---++-+--+---+---+--+-+ | user_id | username | password_hash| password_salt | password_date | disabled | expired | access_window_start | access_window_end | valid_from | valid_until | timezone | full_name | email_address | organization | organizational_role | +-+---+--+--+-+--+-+-+---++-+--+---+---+--+-+ | 1 | guacadmin | ?E?}IN;?$???u?Ul??,-}?c;?J)?A` | ?$???+%(???zy?B??`d?iųw??"d | 2018-04-15 07:21:55 |0 | 0 | NULL | NULL | NULL | NULL| NULL | NULL | NULL | NULL | NULL| ??W~v??YD??'?GG;F??n-? | 2018-04-15 10:36:21 |0 | 0 | NULL | NULL | NULL | NULL| NULL | NULL | NULL | NULL | NULL| | 5 | topttest | ??e ??wG?x?v? ?F??mT=A??w?" | ?BۘF;?f??xk???i???P?m\f? | 2018-04-15 10:54:14 | 0 | 0 | NULL| NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL| +-+---+--+--+-+--+-+-+---++-+--+---+---+--+-+ 3 rows in set (0.00 sec) mysql> SELECT * FROM guacamole_user_permission; +-+--++ | user_id | affected_user_id | permission | +-+--++ | 1 |1 | READ | | 1 |1 | UPDATE | | 1 |1 | ADMINISTER | | 1 |4 | READ | | 1 |4 | UPDATE | | 1 |4 | DELETE | | 1 |4 | ADMINISTER | | 4 |4 | READ | | 4 |4 | UPDATE | | 1 |5 | READ | | 1 |5 | UPDATE | | 1 |5 | DELETE | | 1 |5 | ADMINISTER | | 5 |5 | READ | | 5 |5 | UPDATE | +-+--++ 15 rows in set (0.01 sec) Tomcat logs show only: Sun Apr 15 11:02:17 EEST 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. ==> localhost_access_log.2018-04-15.txt <== 192.168.100.11 - - [15/Apr/2018:11:02:17
4-eyes session view without user sharing the connection
Hi, I tried to search for old posts as well as Jira but could’t find a easy answer to the following. Is it somehow possible for an admin (e.g. guacadmin who can see and kill active connections) to jump into the session and watch it real time without user first sharing the connection and sending the sharing URL? In case of 3rd party vendor access, we would like to be able to watch the sessions without requiring user to share the connection first. Ideally this would be a feature in the UI in Active Connections where you could select the session and have a “Watch Session” button next to “Kill Session”. thanks
