Re: External access with Apache Guacamole in the cloud

[Mike Jumper]

On Wed, May 16, 2018 at 8:53 PM, Gustavo Silva
 wrote:
>  Hello, my name is Gustavo. I'm from Brazil. I'm doing a technical course
> and my course completion work will tell about the Apache Guacamole.
>
> I'm using the MySQL database with Guacamole. After some settings on my
> router, I can access the service from anywhere and access my machines from
> my local network.
>
> But I would like to know if it would be possible to access a machine that is
> elsewhere, such as at a friend's house, for example, with Apache Guacamole
> hosted in the cloud, that is, without having to run it on the same client
> network.
>
> Thank you for your attention, I await your response.
>

All that matters as far as Guacamole is concerned is that there exists
a network route between guacd and the remote desktop(s) in question.
As long as such a route exists, you will be able to access those
remote desktops from anywhere that you can access your Guacamole
deployment. Ideally, you will isolate that route such that the only
means of accessing that remote desktop is through Guacamole, and
Guacamole thus becomes both a convenience and a security layer.

If your Guacamole server and the remote desktop are not on the same
network, you will need to bring the remote desktop onto the Guacamole
server's internal network through other means, such as a VPN.

- Mike

Re: anyone still using fail2ban

[Mark Barber]

thanks mate but i came across that one somewhere, unfortunately it's not 
working for me on ubuntu server 16.04, tomcat 9.07, guacamole 9.14 java 10..
just wish the syntax itself wasn't so obscure.


Mark Barber
md...@aol.com




-Original Message-
From: Евгений Н. Жуков 
To: user ; mdbuk 
Sent: Wed, 16 May 2018 21:31
Subject: Re: anyone still using fail2ban


This works fine


[Definition]

failregex = \bAuthentication attempt from \[(?:,.*)?\] for user ".*" 
faile                                                                           
                          d\.

[Init]

maxlines = 2





2018-05-16 23:25 GMT+03:00 mdbarber :

to cover guacamole?
using it to protect a webmin instance but the default gucamole filter doesn't 
work and all the documentation i can find regarding syntax for filters is out 
of date.
Any hints please?
regards
mdb

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus







--

Евгений Жуков
+79534155676  skype: xrt_nn

Re: anyone still using fail2ban

[Евгений Н . Жуков]

This works fine

[Definition]
failregex = \bAuthentication attempt from \[(?:,.*)?\] for user ".*"
faile
   d\.
[Init]
maxlines = 2


2018-05-16 23:25 GMT+03:00 mdbarber :

> to cover guacamole?
> using it to protect a webmin instance but the default gucamole filter
> doesn't work and all the documentation i can find regarding syntax for
> filters is out of date.
> Any hints please?
> regards
> mdb
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>


-- 
Евгений Жуков
+79534155676  skype: xrt_nn

anyone still using fail2ban

[mdbarber]

to cover guacamole?
using it to protect a webmin instance but the default gucamole filter 
doesn't work and all the documentation i can find regarding syntax for 
filters is out of date.

Any hints please?
regards
mdb

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: Guamole with ldap getting error.

[Nick Couchman]

On Wed, May 16, 2018 at 11:05 jaya  wrote:

> Hi
>
> Iam getting below error while connecting to ldapadd.
>
> ldap_bind: Invalid credentials (49)


It is exactly as it is telling you - you're using incorrect credentials.
Check to make sure they are correct - both the ones you're using to log in
and the credential for searching of you've entered that.

-Nick

Guamole with ldap getting error.

[jaya]

Hi

Iam getting below error while connecting to ldapadd.

ldap_bind: Invalid credentials (49)

Please let me know.

My main concern is to integrate guacamole with Active directory. Can any one
help me on this.



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: OpenID Connect authentication in 0.9.14 and 2FA

[Suncatcher16]

Thanks for extensive answer.
That is what I was going to hear, if both Duo and OpenConnect are
2FA-enabled, one of them can be certainly omitted.



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

[no subject]

[Александр Петров]

Help in setting up guacamole-auth-json

[WebE]

Hi,
I need help on setting up guacamole-auth-json for setting up authentication
and connect to RDP session which are provided in json file.

As far as I understand, the plugin allows to provide all connection
information in json file and signed using same key as defined in guacamole
properties file.

Let me know if this assumption is wrong,  I am not able get it work after
following below steps. 

Environment:

 - Ubuntu 16.04 (hosted in azure)
 - Guacamole server & client 0.9.14
 - tomcat 7

Steps

1. Configure and install guacamole, configure log to debug mode

2. Create a user-mapping.xml file for testing purpose.

3. Tested that I can connect to rdp session after log in using user name and
steps provided in  step 2

4. removed user-mapping.xml (as the connection info will be provided in json
file)

5. Build auth-json package. Placed it in /etc/guacamole/extension/. Added
json secrete key to properties file ( for generating the key which is
26031110ca4b0559283bb327d968f9f4). 
Content of properties file


6. restart tomcat 7, logs from tomcat7 


7. Create auth.json file with content

8. encrypt file using the script provided.


9. Posted the output as "data" variable to api/tokens


same time the log output of tomcat is


I event tried using rest client from another PC. But it failed with same
message. Kindly help me in solving this issue.




--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/