Re: Security Issue "token" "authToken" hijacking

2017-11-20 Thread Mike Jumper
On Nov 20, 2017 20:07, "Thiago Araújo" wrote: Hello everyone, I will be very brief in my story. We recently tried to implement guacamole for about 2500 users or more. However, guacamole did not respond well to pen testing. The pen testing team has found a

Security Issue "token" "authToken" hijacking

2017-11-20 Thread Thiago Araújo
Hello everyone, I will be very brief in my story. We recently tried to implement guacamole for about 2500 users or more. However, guacamole did not respond well to pen testing. The pen testing team has found a way to hijack the authToken, and connect to the guacamole interface of any other

Re: Configuring LDAP

2017-11-20 Thread Mike Jumper
On Mon, Nov 20, 2017 at 10:01 AM, Richard Lee wrote: > How can I leave this group? > > If you want to unsubscribe to the user@ list, send an email to user-unsubscr...@guacamole.apache.org and follow the instructions in the confirmation email. Be sure to send the email

Re: Configuring LDAP

2017-11-20 Thread Nick Couchman
On Mon, Nov 20, 2017 at 1:52 PM, wrote: > We’re using Red Hat Enterprise Linux 7.4 with SELinux set to enforcing. I > disabled the LDAP extension and just used MySQL for the guacadmin user and > could log in. I do see the following information in /var/log/messages: > > >

RE: Configuring LDAP

2017-11-20 Thread harry.devine
We’re using Red Hat Enterprise Linux 7.4 with SELinux set to enforcing. I disabled the LDAP extension and just used MySQL for the guacadmin user and could log in. I do see the following information in /var/log/messages: Nov 20 13:43:57 access server: 13:43:57.545 [http-bio-8080-exec-6] INFO

Re: Configuring LDAP

2017-11-20 Thread Nick Couchman
On Mon, Nov 20, 2017 at 1:06 PM, wrote: > /var/log/messages doesn’t show anything at all when I try the login. > Also, when I click Login, the area at the top of the Developer Tools window > (with the times in it 2000ms, 4000ms, etc.) updates, but the list of > javascript

RE: Configuring LDAP

2017-11-20 Thread harry.devine
/var/log/messages doesn’t show anything at all when I try the login. Also, when I click Login, the area at the top of the Developer Tools window (with the times in it 2000ms, 4000ms, etc.) updates, but the list of javascript files that is accessed doesn’t change. The tokens file/topic is in

Re: Configuring LDAP

2017-11-20 Thread Richard Lee
How can I leave this group? Richard Lee // Production Director // +44 203 627 6280 // www.streamgo.co.uk the streaming and online event experts On 20 November 2017 at 18:00, Nick Couchman wrote: > On Mon, Nov 20, 2017 at 12:53 PM,

Re: Configuring LDAP

2017-11-20 Thread Nick Couchman
On Mon, Nov 20, 2017 at 12:53 PM, wrote: > Looks like I get a 403 when it tries to access /guacamole/api/tokens. > > > There will be an initial 403 that happens when the page is loaded (this prompts the login dialog to appear in the first place), but if you're getting a

RE: Configuring LDAP

2017-11-20 Thread harry.devine
Looks like I get a 403 when it tries to access /guacamole/api/tokens. Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Monday, November 20, 2017 11:40 AM To: user@guacamole.apache.org Subject: Re: Configuring LDAP On Mon, Nov 20, 2017 at 8:10 AM,

Re: guacamole ldap

2017-11-20 Thread Nick Couchman
2017-11-20 5:58 GMT-05:00 Falcy, Cedrik : > Hello, > I have a problematic, I have 300 connection posts to enter guacamole. Is > it possible to import into guacamole all the computer names of the active > directory or LDAP? If not, do you have a way to get all these posts back

Re: Configuring LDAP

2017-11-20 Thread Nick Couchman
On Mon, Nov 20, 2017 at 8:10 AM, wrote: > I use Chrome and I use the Developer Console all the time. I just tried > it again and got nothing at all in the console. I even had the > catalina.2017-11-20.log file open and got nothing in there either. Nothing > happens. >

VNC access with password

2017-11-20 Thread Adrian.Staudenmaier
Hi I have several VNC Server, some with, some without password. For all servers without password, the connection works For all servers with password I get a black screen or an error message that the connection was closed by the server. If I connect to this VNC Servers with any other VNC client

RE: Configuring LDAP

2017-11-20 Thread harry.devine
I use Chrome and I use the Developer Console all the time. I just tried it again and got nothing at all in the console. I even had the catalina.2017-11-20.log file open and got nothing in there either. Nothing happens. Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Friday,

guacamole ldap

2017-11-20 Thread Falcy, Cedrik
Hello, I have a problematic, I have 300 connection posts to enter guacamole. Is it possible to import into guacamole all the computer names of the active directory or LDAP? If not, do you have a way to get all these posts back faster and not one by one? Thanks you very much ! Cédrik Falcy

how to remote a computer in the DOMAIN by guacamole?

2017-11-20 Thread Oliver . Zhan
my computer is in DOMAIN named "pc1-pubyfcs23" my account is "test",passwd is "Abcd12345" when I remote the computer by local windows system by Remote Desktop Connection like this: username: "pc1-pubyfcs23\test" passwd: Abcd12345 the connection is works! But whren I use username: