Not sure if/how FreeRDP handles this but here is some context about changes
from Windows Server 2003 to 2008 (RDC 6.1):
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/changes-to-remote-administration-in-windows-server-2008/ba-p/246577
On a Desktop OS (Windows 11), this is
heck" directive, too) to accomplish
this.
On Fri, Mar 22, 2024 at 2:36 PM Barnhart, Steven
wrote:
> Could you provide some info on that setup? Would love to hear more.
>
> –Steve
> --
> *From:* Hankins, Jonathan
> *Sent:* Friday, March 22, 2024 3:33:42 PM
I don't think that Guacamole load balancing does any housekeeping with
regard to the status of the systems behind the connections it's balancing
across. I think it just keeps track of number of active connections / which
users (session affinity) are connected to each connection and then uses
that
I understand that you don't want to use anything external to Guacamole, but
for anyone else stumbling on this discussion, I wanted to add that I use
haproxy for RDP load balancing behind Guacamole. It has the extra
functionalities of 1) connectivity test to avoid balancing a user onto a
FWIW, a few years ago I had a strange crash that was happening with RDP
audio enabled. It turned out that I had some leftover files from a
different version of FreeRDP that were getting loaded when audio was
enabled. Check your ldconfig output and make sure everything looks sane.
On Tue, Oct 25,
Doubt this is helpful, but I looked at your Cisco-Device-Log file where it
complains about various term types. What happens if you set the term type
to vt100 in the guacamole connection settings?
Jim,
What LDAP server are you using? Are you wanting multiple LDAP servers for
fault-tolerance / load balancing? If you are using AD LDAP, you can use the
DNS name of the domain instead of individual DCs and you will get DNS round
robin. I am not sure how the LDAP library that Guacamole uses
Tushar,
I had a bug filed for a similar issue with RDP session termination code:
https://issues.apache.org/jira/browse/GUACAMOLE-484. Not sure if that gives
you any insight.
As far as your question 5, if you change part of guacd you'd need to
recompile and restart guacd. If the change is in the
FWIW I have had to run ldconfig to update the linker cache after upgrades
before. That would be related to "guacd[777]: Starting guacd:
/usr/local/sbin/guacd: error while loading
shared libraries: libguac.so.20: cannot open shared object file: No such
file or directory", but the updatedb would fix
I can't coax those error messages out of 1.4.0 by removing the LDAP module
or making it unreadable with chmod. The latter *does* give a couple of
messages at tomcat startup time in catalina.out, but not what you are
seeing. I'd check and make sure nothing has changed on the system. Look
back in
camole fails.
On Fri, Feb 18, 2022 at 11:23 AM Hankins, Jonathan <
jhank...@homewood.k12.al.us> wrote:
> FWIW, I get the same error "RDP server closed/refused connection: Server
> refused connection (wrong security type?)" if I try to connect with a
> username
FWIW, I get the same error "RDP server closed/refused connection: Server
refused connection (wrong security type?)" if I try to connect with a
username passed through that does not exist on the Windows side.
For reference, in my connection, I have the domain set, the login set to
Vieri,
If you are on 1.4.0 and still have access to another admin account, you can
clear it in the Settings / Users page for guacadmin.
Otherwise it's in the database, in the guacamole_user_attribute table.
On Wed, Feb 9, 2022 at 8:28 AM Vieri wrote:
> How does one clear the TOTP data for the
On Tue, Feb 8, 2022 at 11:16 AM Alejandro Hernandez
wrote:
> I understand that the 1) was addressed on version 1.4, now you are able to
> turn on TOTP just for some users, not all of them
>
I don't think this is correct -- the TOTP changes listed for 1.4.0 are:
- Allow for clearing TOTP
Re: #1 -- There are some tickets in JIRA about it, and it looks like
it's being considered for a future version. See the workaround that one
user is using here.
https://issues.apache.org/jira/plugins/servlet/mobile#issue/GUACAMOLE-1164
Re: #2 -- I don't think this is possible in the current
See here:
https://guacamole.apache.org/doc/gug/administration.html#connection-sharing
Specifically:
Unlike connections and groups, there is no “New Sharing Profile” button.
> Sharing profiles are created through clicking the “New Sharing Profile”
> placeholders which appear when connections are
Not sure if / how this works for LDAP auth, but I know you can run your
LDAP searches against the Gobal Catalog and search multiple domains.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730749(v=ws.11)?redirectedfrom=MSDN
FWIW, I tested today in my environment (AD LDAP) and this works:
*ldap-group-search-filter: (&(objectClass=group)(cn=guac*))*
I also tested *(|(cn=foo)(cn=bar))* where foo and bar DO exist, and it
works, and I tested it where foo and bar do NOT exist, and they are absent
from the list, as
t; So I can salt the hashes to protect the common starting password, and all
> is well.
>
> Thanks again,
>
> Jim
> *Sent:* Thursday, January 13, 2022 at 1:14 PM
> *From:* "Hankins, Jonathan"
> *To:* user@guacamole.apache.org
> *Subject:* Re: *LONG* Direct
I believe it introduces the .setpdfwrite command, so you would need to
remove it too:
https://www.ghostscript.com/doc/current/Use.htm
-c token ...
> -c string ...Interprets arguments as PostScript code *up to the next
> argument that begins with "-" followed by a non-digit*, or with "@". For
>
FWIW, .setpdfwrite was deprecated in gs 9.5.0 (2019-08-13) and removed in
gs 9.5.4 (2021-02-12). Quick googling shows that the removal has broken
various projects that involve PDF and use gs over the last year.
Vieri, if you are building guacd yourself, it's trivial to remove it:
and see if it works.
>
> Jim
> *Sent:* Thursday, January 13, 2022 at 10:45 AM
> *From:* "Hankins, Jonathan"
> *To:* user@guacamole.apache.org
> *Subject:* Re: *LONG* Directly using SQL tables
> I am using Postgres, but one thing I noticed that's different with my
> se
I am using Postgres, but one thing I noticed that's different with my setup
is I am not specifying the entity_id -- it is an auto-increment field in
MySQL (serial in Postgres).
I think you don't have anything in the guacamole_user table for the
entities you are creating. Have a look at:
(FWIW, in testing the existing functionality out today, I find that when
you click the sharing profile a second time, it generates a new link, but
the first link is not invalidated when this happens, nor is anyone actively
using the link disconnected.)
I think this could be useful in a few ways.
wice to open and close the menu, pressing Ctrl+Shift again without Alt
> sometimes opens the hidden menu.
>
>
> On Friday, January 7, 2022, 05:22:37 AM GMT+4, Mike Jumper <
> mjum...@apache.org> wrote:
>
>
> On Thu, Jan 6, 2022, 16:53 Nick Couchman wrote:
>
>
Hey Nick, I am not seeing this. It sounds like Alt is "sticking" somehow
though, almost like it's toggling instead of momentary. I have seen this in
various situations with different remote desktop / web consoles / nested
sessions / whatever over the years -- alt+tab and alt stays "pressed"
inside
I ran into this. On my system (debian) there are 2 entries for localhost in
/etc/hosts, one with 127.0.0.1 and one with ::1. I had no guacd.conf file.
My guacamole.properties had guacd-hostname set to "localhost". The sysctl
for ipv6 bindv6only was at the default of 0 (false).
My connections had
I just worked on this today. There are some tickets in JIRA about it, and
it looks like it's being considered for a future version. See the
workaround that one user is using here - I tested the same thing today.
https://issues.apache.org/jira/plugins/servlet/mobile#issue/GUACAMOLE-1164
On Thu,
Check this out, there's a separate idle timeout policy to log off after
remoteapp application windows are closed. Maybe something's going on there?
Can you test by setting up the connection to just launch notepad and see if
it stays on the screen while you work in it for a while?
If your last
Try disabling glyph caching (I algo have disabled bitmap and off-screen
caching on my connections.)
See: https://github.com/FreeRDP/FreeRDP/issues/6258
It looks like in Guacamole 1.4.0 they are disabling the caching.
https://issues.apache.org/jira/browse/GUACAMOLE-1191
-Jonathan Hankins
On
Assuming that the users are connecting to a Windows device since it's via
RDP. Is it possible that 1) user A and user B are both connecting to the
same Windows device and 2) either they're connecting to the "console"
session and/or 3) the Windows device doesn't have terminal services and
just
If you can use VNC instead of RDP, you may be able to figure something out:
https://www.tightvnc.com/whatsnew.php. I haven't looked at any of this, and
don't know if it would even work with the VNC client in Guacamole.
TightVNC 2.8.1 (limited release)
- Server for Windows: Added an option to
Not sure of OP's Guacamole and freerdp versions, but I have Guacamole 1.2.0
built (on Debian) against FreeRDP 2.0.0 and working correctly. At some
point, Debian upgraded freerdp2 a git snapshot, and when I built Guacamole
1.3.0 against that, I have the frequent RDP disconnects. I also tried a
By default, is backslash "\". You can use:
:nnoremap w
This let's you use w wherever you would use C-w, which in the
default case would be \w (backslash-w)
I found this at:
https://vi.stackexchange.com/questions/3728/how-can-i-work-with-splits-in-vim-without-ctrl-w
and:
lly, but I believe it was in the definition in
my tomcat8 server.xml file.
Thanks,
-Jonathan Hankins
On Thu, Apr 4, 2019 at 6:51 PM Hankins, Jonathan <
jhank...@homewood.k12.al.us> wrote:
> See log below -- from Chrome 73 error console upon reloading a session
> that started
Yes, but my point was that when guacamole reads the username from the login
form and does the LDAP query against AD, the marching is done case
sensitively, and will fail if your AD sAMAccountName or cn is in mixed case.
For example: AD user JoeUser can login to their Windows workstation as
Since I see that the OP is authenticating against AD via LDAP, I just want
to throw this out there: AD stores the cn or sAMAccountName attribute
case-sensitively. Guacamole doesn't do a case-insensitive match (whereas
Windows login does), so I had to make sure that my sAMAccountName / cn
See log below -- from Chrome 73 error console upon reloading a session that
started to connect then threw the connection error being discussed. This is
on 1.0.0 with websockets.
On 1.0.0 with Slimjet (Chrome 72) I only see the "angular.js:12845 GET
This has started happening for me recently after a Chrome upgrade. I am
seeing this on 1.0.0, with websockets configured. *NOT* seeing it on 0.9.14
without websockets. Has been working fine on 1.0.0 w/ websockets previously.
Experiencing error with these browser versions:
(Linux)
Google Chrome
If you disable hardware acceleration in chrome, does it work correctly?
-Jonathan Hankins
On Tue, Oct 16, 2018, 9:25 AM surgo wrote:
> Sorry for the delayed response, I didn't get your mail immediately for
> whatever reason!
>
> > Are there any errors visible in the browser's console after the
40 matches
Mail list logo
