Re: Sharing profile in User's "ALL CONNECTIONS" without links?

2018-05-17 Thread Mike Jumper 
On Thu, May 17, 2018 at 10:11 AM, Genokrad  wrote:

> Hello.
> I need help with screen sharing.
> I create a New Sharing Profile for the connection in "connections", I give
> this any user access to the profile, I include it in ctrl-alt-shift, but if
> the user is logged in to his profile he does not see "Shared by admin", the
> shared profile appears only if it goes link.
>

Yes, that's how Guacamole's connection sharing works.

http://guacamole.apache.org/doc/gug/using-guacamole.html#client-share-menu

How can I fix this, what would the user immediately see sharing profiles
> without any links?
>

It's not something to be "fixed" per se, as it's not a bug, but there is an
open issue in JIRA to add such a feature:

https://issues.apache.org/jira/browse/GUACAMOLE-453

- Mike

Sharing profile in User's "ALL CONNECTIONS" without links?

2018-05-17 Thread Genokrad 
Hello.
I need help with screen sharing.
I create a New Sharing Profile for the connection in "connections", I give
this any user access to the profile, I include it in ctrl-alt-shift, but if
the user is logged in to his profile he does not see "Shared by admin", the
shared profile appears only if it goes link.

 
How can I fix this, what would the user immediately see sharing profiles
without any links?

 




--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: Copy paste clipboard only

2018-05-17 Thread robertkwild 
I have dual displays on desk, one is a local pc on one monitor and the other
monitor connects to a multitude of different machines via a kvm matrix so
the monitor thats hooked up to the kvm matrix i press ctrl+numlock to switch
between all the different machines

But theres no way for me to copy paste of the local machines to any of the
machines on the kvm matrix

Have i explained that well enough, sorry not very good





--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: Guamole with ldap getting error.

2018-05-17 Thread Nick Couchman 
On Thu, May 17, 2018 at 09:56 Jaya Chandra  wrote:

> Also, below is the error
>
> slapd[1179]: conn=1062 fd=13 ACCEPT from IP=[::1]:49136 (IP=[::]:389)
>  slapd[1179]: conn=1062 op=0 BIND
> dn="cn=ppadmin,ou=AETC,ou=Users,ou=Admins,dc=AETC,dc=INTERNAL" method=128
>  slapd[1179]: conn=1062 op=0 RESULT tag=97 err=49 text=
>  slapd[1179]: conn=1062 op=1 UNBIND
>  slapd[1179]: conn=1062 fd=13 closed
>   slapd[1179]: conn=1063 fd=13 ACCEPT from IP=[::1]:49604 (IP=[::]:389)
>   slapd[1179]: conn=1063 op=0 BIND
> dn="cn=ppadmin,ou=AETC,ou=Users,ou=Admins,dc=AETC,dc=INTERNAL" method=128
>   slapd[1179]: conn=1063 op=0 RESULT tag=97 err=49 text=
>   slapd[1179]: conn=1063 op=1 UNBIND
>   slapd[1179]: conn=1063 fd=13 closed
>

Yes, slapd is telling you exactly the same thing that ldapadd told you:
your credentials are incorrect.  Either you're using a user account that
doesn't exist (ppadmin), the wrong DN for that account, or an incorrect
password for that account.

This is not an issue with Guacamole, nor is anyt wrong with your LDAP
server or client - you just need to use the correct credentials to log in.

If you're looking for help in resolving this issue you will have much
better success on one of the Open LDAP mailing lists.

-Nick

Re: Copy paste clipboard only

2018-05-17 Thread Mike Jumper 
Can you explain why you would want to do this?

On Thu, May 17, 2018, 09:47 robertkwild  wrote:

> Hi all,
>
> Is it possible to use guacamole as a copy paste utility only ie only use it
> as a clipboard between different pcs
>
> I mean so you dont vnc or rdp to the pc just have it so it shows the
> clipboard
>
> Cheers,
> Rob
>
>
>
> --
> Sent from:
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
>

Copy paste clipboard only

2018-05-17 Thread robertkwild 
Hi all,

Is it possible to use guacamole as a copy paste utility only ie only use it
as a clipboard between different pcs

I mean so you dont vnc or rdp to the pc just have it so it shows the
clipboard

Cheers, 
Rob



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: anyone still using fail2ban

2018-05-17 Thread Mike Jumper 
On Wed, May 16, 2018 at 1:54 PM, Erik Berndt
 wrote:
> We use a Tomcat filter and it works just fine for Guacamole.
>
> Filter:
>
> # Fail2Ban tomcat filter
> #
> [INCLUDES]
> #
> [Definition]
> failregex = \bAuthentication attempt from \[(?:,.*)?\] for user
".*" failed\.

I use this exact filter regex in production, as well. Works great.

As Guacamole will log the IP addresses specified via the
"X-Forwarded-For" header, it's critical that this header be able to be
trusted if fail2ban is to be used in this way. If a proxy is in use,
then the proxy should be configured to always set this header such
that the first IP in the header is always the true IP address of the
client. If a proxy is *not* in use, then the regex should be altered
to pay attention to only the *last* IP address (the only address which
does not come from this header), as any other address may be spoofed.

Doing otherwise could allow users to override their own IP address
from the perspective of fail2ban, intentionally forcing any other IP
address to be blocked (which would effectively be denial of service).

- Mike

Re: Guamole with ldap getting error.

2018-05-17 Thread Jaya Chandra 
Hi

Thanks for the response. I have cross check but its not working.

Below is my configuration files. Please let me know is anything missing.

 cat /etc/guacamole/guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822

api-session-timeout: 5

auth-provider:
net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider

ldap-hostname: PreProdDC01.AETC.INTERNAL
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn: ou=AETC,ou=Users,ou=Admins,dc=AETC,dc=INTERNAL
#ldap-user-base-dn: ou=AETC,dc=AETC,dc=INTERNAL
#ldap-search-bind-dn: CN=PreProd DC
Admin,OU=Admins,OU=Users,OU=AETC,DC=AETC,DC=INTERNAL
#ldap-search-bind-password: Community4rceCloudDC1
ldap-username-attribute: sAMAccountName

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: cfadmin123
mysql-username: cfadmin123
mysql-password: cfadmin123
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0



and


below is my ldif conf file in /var/lib/guacamole/extensions/schema

cat preproddc01LDAPCONNECTION.ldif
dn: cn=PreProd DC Admin,OU=Admins,OU=Users,OU=AETC,DC=AETC,DC=INTERNAL
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: PreProd DC Admin
guacConfigProtocol: rdp
guacConfigParameter: hostname=192.165.10.4
guacConfigParameter: port=3389
guacConfigParameter: password=Community4rceCloudDC1
member: cn=w.haq,ou=AETC,ou=Users,ou=Admins,dc=AETC,dc=INTERNAL
member: cn=i.khawaja,ou=AETC,ou=Users,ou=Admins,dc=AETC,dc=INTERNAL
member: cn=ppadmin,ou=AETC,ou=Users,ou=Admins,dc=AETC,dc=INTERNAL
member: cn=s.frederick,ou=AETC,ou=Users,ou=Admins,dc=AETC,dc=INTERNAL



 ldapadd -x -D cn=ppadmindc,ou=AETC,ou=Users,ou=Admins,dc=AETC,dc=INTERNAL
-W -f  preproddc01LDAPCONNECTION.ldif

Getting invalid credentials.

Thanks & Regards

Jaya Chandra B







On Wed, May 16, 2018 at 11:14 PM, Nick Couchman  wrote:

>
> On Wed, May 16, 2018 at 11:05 jaya  wrote:
>
>> Hi
>>
>> Iam getting below error while connecting to ldapadd.
>>
>> ldap_bind: Invalid credentials (49)
>
>
> It is exactly as it is telling you - you're using incorrect credentials.
> Check to make sure they are correct - both the ones you're using to log in
> and the credential for searching of you've entered that.
>
> -Nick
>

Re: anyone still using fail2ban

2018-05-17 Thread mdbarber 
Whilst not a guacamole issue it does reflect on it's usability so just 
in case anyone else comes across this possibly after an "upgrade"
I have traced back the regular expression seen in a few places on the 
web and discovered that a change has occurred either in the writing or 
reading of the log and it's consistency with the filter used in 
fail2ban, also anyone using the ubuntu install will need to adjust the 
log location in jail.local


I have only "got this working" not traced back any undesirable effects 
to the modification of the filter but here it is now working with my install

( ubuntu server 16.04, tomcat 9.07, guacamole 9.14 oracle-java 10server)

failregex = ^.*\bAuthentication attempt from (?:,.*)? for user 
".*" failed\.


I am not sure if the carat at the start is still necessary but according 
to the python documentation on re's it is at least "best practice"

regards
mdb

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus