RE: Problems with SSH
After I did a sudo make uninstall, manually deleted /usr/local/include/guacamole and /usr/local/lib/* and did a new sudo make install SSH started working again (with 1.5.3). So problem solved. - Pål -Original Message- From: Pål Hjelmeseth Myklebust Sent: Thursday, January 11, 2024 11:05 AM To: user@guacamole.apache.org Subject: RE: Problems with SSH I think the initial problem is related to the "major bug", but the downgrade should have fixed SSH (like it did RDP). I even did a server reboot to no avail. Could it be a tomcat cache issue? - Pål -Original Message- From: Vieri Sent: Thursday, January 11, 2024 11:01 AM To: user@guacamole.apache.org Subject: Re: Problems with SSH On Thursday, January 11, 2024 at 10:55:53 AM GMT+1, Anders Fogh Eriksen wrote: > This could be related to the ”major bug” issue: >https://lists.apache.org/thread/z8m7y5n0nco0smn1mscdn0fhyxjctrtt > We have the same problem on our setup that after a certain amount of sessions > everything just stops working Also make sure you stop/kill all guacd processes when restarting guacd 1.5.3. - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org B�CB��[��X��ܚX�KK[XZ[ �\�\�][��X��ܚX�P�XX�[[�K�\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[ �\�\�Z[�XX�[[�K�\X�K�ܙ�B - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
RE: Problems with SSH
I think the initial problem is related to the "major bug", but the downgrade should have fixed SSH (like it did RDP). I even did a server reboot to no avail. Could it be a tomcat cache issue? - Pål -Original Message- From: Vieri Sent: Thursday, January 11, 2024 11:01 AM To: user@guacamole.apache.org Subject: Re: Problems with SSH On Thursday, January 11, 2024 at 10:55:53 AM GMT+1, Anders Fogh Eriksen wrote: > This could be related to the ”major bug” issue: >https://lists.apache.org/thread/z8m7y5n0nco0smn1mscdn0fhyxjctrtt > We have the same problem on our setup that after a certain amount of sessions > everything just stops working Also make sure you stop/kill all guacd processes when restarting guacd 1.5.3. - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Problems with SSH
Hello, after we upgraded to 1.5.4 RDP and SSH stopped working the next day. I downgraded to 1.5.3, and RDP started working again, but not SSH. There are no errors in the logs: Jan 11 10:42:40 guacamole.uio.no guacd[1395]: Creating new client for protocol "ssh" Jan 11 10:42:40 guacamole.uio.no guacd[1395]: Connection ID is "$bd0b91f9-b39e-461b-ad12-6177fb8f063e" Jan 11 10:42:40 guacamole.uio.no guacd[122497]: User "@0281f99a-ca22-410e-9a26-6d4ca105b3fd" joined connection "$bd0b91f9-b39e-461b-ad12-6177fb8f063e" (1 users now present) Jan 11 10:42:40 guacamole.uio.no guacd[122497]: Recording of session will be saved to "/var/lib/guacamole/recordings/85745cff-3836-349e-8a1c-0da0f329c685/recording". but the GUI is stuck on 'Connected to Guacamole. Waiting for response', and the recording is empty. SSH works fine from the guacamole server command line, so it's not a network problem and the build log shows no errors (installed natively on RHEL9). Any idea what's wrong or where to start looking? - Pål - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
RE: Major bug message log in guacd 1.5.4
We also experienced this. Upgraded from 1.5.3 to 1.5.4 and everything worked fine. The next day nobody was able to establish a connection. I did not have time to debug, so I downgraded the guacd server to 1.5.3, the web client and the extensions are still running 1.5.4, and everything works ok. - Pål -Original Message- From: Joonas Tuomisto Sent: Monday, January 8, 2024 12:06 PM To: user@guacamole.apache.org Subject: Re: Major bug message log in guacd 1.5.4 Hi, I also ran into this exact issue it seems, but we're not using the Guacamole Docker images, instead we're using custom built RPM packages on OpenSUSE Leap 15.5 as a native systemd service. To me this does indeed look like some kind of resource leak in guacd. Initially everything works, but eventually guacd stops being able to initiate new connections, and it's not limited to just one protocol, at least both RDP and SSH are impacted. I'm not entirely sure how forking processes interact with system limits and how to debug this to find what resource exactly is being leaked. I attached to guacd with strace after encountering this state and initiated a new RDP/SSH connection and it does appear to be failing after a connect() but I didn't notice anything weird. connect() goes -1 EINPROGRESS and poll, recvfrom() goes -1 EAGAIN. There's indeed a whole bunch of eventfd2() when trying an RDP connection. guacd logs (for RDP): > RDP server closed/refused connection: Security negotiation failed > (wrong security type?) guacd logs (for SSH): > GLib (gthread-posix.c): Unexpected error from C library during > 'pthread_key_create': Resource temporarily unavailable. Aborting. - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
RE: LDAP problem
The problem was that one AD had the uid attribute, and the other didn't. Problem solved, sorry about the noise. - Pål -Original Message- From: Pål Hjelmeseth Myklebust Sent: Monday, December 11, 2023 1:29 PM To: user@guacamole.apache.org Subject: RE: LDAP problem Looks like the problem is that "List userDNs = userService.getUserDNs(config, searchConnection, username);" return nothing, but I don’t understand why since ldapsearch with the same search-bind-dn returns the correct DN. - Pål -Original Message----- From: Pål Hjelmeseth Myklebust Sent: Monday, December 11, 2023 12:40 PM To: user@guacamole.apache.org Subject: RE: LDAP problem Thank you, but in this case the user only exists in the second AD. - Pål -Original Message- From: Molina de la Iglesia, Manuel Sent: Monday, December 11, 2023 12:33 PM To: user@guacamole.apache.org Subject: Re: LDAP problem Hello, Note that you have to provide user@domain format instead of sAMAccountName to avoid collisions with identical usernames on both domains. Manel Molina manuel.molina-de-la-igle...@veolia.com <mailto:manuel.molina-de-la-igle...@veolia.com> Dirección de Ciberseguridad Ciutat de L’Aigua (D38) Paseo de la Zona Franca, 48 08038 Barcelona / España www.veolia.com <https://lh6.googleusercontent.com/NQV9u40gljVwEqEKuehJa7RKmmfRae8z2UYjOxr5GVL5ok2fdqBmZzcVbk0umI01LS-Mgfv2KWX2S5LJBd23DohY8J-I8ztlXhure-9MAOCXJC8pWplfaaMxikBt7GS2csFWIjlEXNc> El lun, 11 dic 2023 a las 12:30, Pål Hjelmeseth Myklebust (mailto:p.h.mykleb...@usit.uio.no> >) escribió: Hello, We have configured Guacamole against two AD's. Authentication against the first AD works great, but the second gives this error: INFO o.a.g.a.l.AuthenticationProviderService - Unable to determine DN of user "" using LDAP server "ad.kiosk.educloud.no <http://ad.kiosk.educloud.no> ". Proceeding with next server... Ldapsearch from the guacamole server returns the user with the correct DN, and the user-base-dn, search-bind-dn and search-bind-password in the ldap-servers.yml is correct. Any idea what could be wrong? - Paul - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org <mailto:user-unsubscr...@guacamole.apache.org> For additional commands, e-mail: user-h...@guacamole.apache.org <mailto:user-h...@guacamole.apache.org> - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
RE: LDAP problem
Looks like the problem is that "List userDNs = userService.getUserDNs(config, searchConnection, username);" return nothing, but I don’t understand why since ldapsearch with the same search-bind-dn returns the correct DN. - Pål -Original Message----- From: Pål Hjelmeseth Myklebust Sent: Monday, December 11, 2023 12:40 PM To: user@guacamole.apache.org Subject: RE: LDAP problem Thank you, but in this case the user only exists in the second AD. - Pål -Original Message- From: Molina de la Iglesia, Manuel Sent: Monday, December 11, 2023 12:33 PM To: user@guacamole.apache.org Subject: Re: LDAP problem Hello, Note that you have to provide user@domain format instead of sAMAccountName to avoid collisions with identical usernames on both domains. Manel Molina manuel.molina-de-la-igle...@veolia.com <mailto:manuel.molina-de-la-igle...@veolia.com> Dirección de Ciberseguridad Ciutat de L’Aigua (D38) Paseo de la Zona Franca, 48 08038 Barcelona / España www.veolia.com <https://lh6.googleusercontent.com/NQV9u40gljVwEqEKuehJa7RKmmfRae8z2UYjOxr5GVL5ok2fdqBmZzcVbk0umI01LS-Mgfv2KWX2S5LJBd23DohY8J-I8ztlXhure-9MAOCXJC8pWplfaaMxikBt7GS2csFWIjlEXNc> El lun, 11 dic 2023 a las 12:30, Pål Hjelmeseth Myklebust (mailto:p.h.mykleb...@usit.uio.no> >) escribió: Hello, We have configured Guacamole against two AD's. Authentication against the first AD works great, but the second gives this error: INFO o.a.g.a.l.AuthenticationProviderService - Unable to determine DN of user "" using LDAP server "ad.kiosk.educloud.no <http://ad.kiosk.educloud.no> ". Proceeding with next server... Ldapsearch from the guacamole server returns the user with the correct DN, and the user-base-dn, search-bind-dn and search-bind-password in the ldap-servers.yml is correct. Any idea what could be wrong? - Paul - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org <mailto:user-unsubscr...@guacamole.apache.org> For additional commands, e-mail: user-h...@guacamole.apache.org <mailto:user-h...@guacamole.apache.org> - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
RE: LDAP problem
Thank you, but in this case the user only exists in the second AD. - Pål -Original Message- From: Molina de la Iglesia, Manuel Sent: Monday, December 11, 2023 12:33 PM To: user@guacamole.apache.org Subject: Re: LDAP problem Hello, Note that you have to provide user@domain format instead of sAMAccountName to avoid collisions with identical usernames on both domains. Manel Molina manuel.molina-de-la-igle...@veolia.com <mailto:manuel.molina-de-la-igle...@veolia.com> Dirección de Ciberseguridad Ciutat de L’Aigua (D38) Paseo de la Zona Franca, 48 08038 Barcelona / España www.veolia.com <https://lh6.googleusercontent.com/NQV9u40gljVwEqEKuehJa7RKmmfRae8z2UYjOxr5GVL5ok2fdqBmZzcVbk0umI01LS-Mgfv2KWX2S5LJBd23DohY8J-I8ztlXhure-9MAOCXJC8pWplfaaMxikBt7GS2csFWIjlEXNc> El lun, 11 dic 2023 a las 12:30, Pål Hjelmeseth Myklebust (mailto:p.h.mykleb...@usit.uio.no> >) escribió: Hello, We have configured Guacamole against two AD's. Authentication against the first AD works great, but the second gives this error: INFO o.a.g.a.l.AuthenticationProviderService - Unable to determine DN of user "" using LDAP server "ad.kiosk.educloud.no <http://ad.kiosk.educloud.no> ". Proceeding with next server... Ldapsearch from the guacamole server returns the user with the correct DN, and the user-base-dn, search-bind-dn and search-bind-password in the ldap-servers.yml is correct. Any idea what could be wrong? - Paul - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org <mailto:user-unsubscr...@guacamole.apache.org> For additional commands, e-mail: user-h...@guacamole.apache.org <mailto:user-h...@guacamole.apache.org> - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
LDAP problem
Hello, We have configured Guacamole against two AD's. Authentication against the first AD works great, but the second gives this error: INFO o.a.g.a.l.AuthenticationProviderService - Unable to determine DN of user "" using LDAP server "ad.kiosk.educloud.no". Proceeding with next server... Ldapsearch from the guacamole server returns the user with the correct DN, and the user-base-dn, search-bind-dn and search-bind-password in the ldap-servers.yml is correct. Any idea what could be wrong? - Paul - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
OpenID and grant type
Hello, is there any plans to implement support for authorization code flow for the OpenID support? None of my IDP's support implicit flow since its deprecated. - Pål - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
RE: SAML question
Ok. What attributes does the SAML extension expect in return from the IdP? It looks like it's using the temporary session uuid as username witch results in a new user for each try. Is there support for specifying the attribute names? - Pål -Original Message- From: Nick Couchman Sent: Thursday, August 24, 2023 3:44 PM To: user@guacamole.apache.org Subject: Re: SAML question On Thu, Aug 24, 2023 at 7:05 AM Pål Hjelmeseth Myklebust wrote: > > Hello, I am trying to configure the SAML extension. Is there a way to > download/view the SP metadata (preferably in a xml format)? No, we currently do not have a way to generate the SP metadata. -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
SAML question
Hello, I am trying to configure the SAML extension. Is there a way to download/view the SP metadata (preferably in a xml format)? Thank, Pål - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org