date:20240131

Re: guacamole can't communicate with guacd

2024-01-31 Thread jimham


Apparently there are two problems.
The first is a ipv4 vs. ipv6 issue. If I use localhost in guacd.conf:
[server]
bind_host = localhost
bind_port = 4822

guacd binds to a ipv6 address  and guacamola never finds it. Change 
guacd.conf to

[server]
bind_host = 127.0.0.1
bind_port = 4822

and guacamola now finds guacd.

Second problem:
guacd can't find its vnc plugin. Again, systemctl status guacd yields:
Jan 31 18:10:22 pi4dev guacd[5518]: Creating new client for protocol 
"vnc"
Jan 31 18:10:22 pi4dev guacd[5518]: Connection ID is 
"$4e2159ab-c7ff-4243-884f-267cd3bd8ad2"

Jan 31 18:10:22 pi4dev guacd[5567]: Cursor rendering: local
Jan 31 18:10:22 pi4dev guacd[5567]: User 
"@6c10f1d1-cf63-404a-8479-e16259dcccbe" joined connection 
"$4e2159ab-c7ff-4243-8>

Jan 31 18:10:22 pi4dev guacd[5567]: ConnectClientToTcpAddr6: connect
Jan 31 18:10:22 pi4dev guacd[5567]: Unable to connect to VNC server
Jan 31 18:10:22 pi4dev guacd[5567]: Unable to connect to VNC server.
Jan 31 18:10:32 pi4dev guacd[5567]: User 
"@6c10f1d1-cf63-404a-8479-e16259dcccbe" disconnected (0 users remain)
Jan 31 18:10:32 pi4dev guacd[5567]: Last user of connection 
"$4e2159ab-c7ff-4243-884f-267cd3bd8ad2" disconnected
Jan 31 18:10:32 pi4dev guacd[5518]: Connection 
"$4e2159ab-c7ff-4243-884f-267cd3bd8ad2" removed.


And yet I compiled guacamole with vnc support:

guacamole-server version 1.5.4


   Library status:

 freerdp2  no
 pango ... yes
 libavcodec .. yes
 libavformat.. yes
 libavutil ... yes
 libssh2 . yes
 libssl .. yes
 libswscale .. yes
 libtelnet ... no
 libVNCServer  yes
 libvorbis ... no
 libpulse  no
 libwebsockets ... yes
 libwebp . yes
 wsock32 . no

   Protocol support:

  Kubernetes  yes
  RDP ... no
  SSH ... yes
  Telnet  no
  VNC ... yes

   Services / tools:

  guacd .. yes
  guacenc  yes
  guaclog  yes

   FreeRDP plugins: no
   Init scripts: no
   Systemd units: no

And the plugin libraries are in /usr/local/lib:
jeh@pi4dev:/usr/local/lib $ ls
cmake   libguac-client-ssh.so.0.0.0  
libguac-terminal.lalibopen62541.so.1.3.2
libguac.a   libguac-client-vnc.a 
libguac-terminal.solibuldaq.a
libguac-client-kubernetes.a libguac-client-vnc.la
libguac-terminal.so.0  libuldaq.la
libguac-client-kubernetes.lalibguac-client-vnc.so
libguac-terminal.so.0.1.0  libuldaq.so
libguac-client-kubernetes.solibguac-client-vnc.so.0  
libmxml.a  libuldaq.so.1
libguac-client-kubernetes.so.0  libguac-client-vnc.so.0.0.0  
libmxml.so libuldaq.so.1.2.0
libguac-client-kubernetes.so.0.0.0  libguac.la   
libmxml.so.1   pkgconfig
libguac-client-ssh.alibguac.so   
libmxml.so.1.6 pypy2.7
libguac-client-ssh.la   libguac.so.23
libopen62541.a python2.7
libguac-client-ssh.so   libguac.so.23.0.0
libopen62541.sopython3.11
libguac-client-ssh.so.0 libguac-terminal.a   
libopen62541.so.1


And according to ldconfig the libraries are known.
jeh@pi4dev:/usr/local/lib $ ldconfig --print-cache | grep libguac
libguac.so.23 (libc6,hard-float) => /usr/local/lib/libguac.so.23
libguac.so (libc6,hard-float) => /usr/local/lib/libguac.so
	libguac-terminal.so.0 (libc6,hard-float) => 
/usr/local/lib/libguac-terminal.so.0
	libguac-terminal.so (libc6,hard-float) => 
/usr/local/lib/libguac-terminal.so
	libguac-client-vnc.so.0 (libc6,hard-float) => 
/usr/local/lib/libguac-client-vnc.so.0
	libguac-client-vnc.so (libc6,hard-float) => 
/usr/local/lib/libguac-client-vnc.so
	libguac-client-ssh.so.0 (libc6,hard-float) => 
/usr/local/lib/libguac-client-ssh.so.0
	libguac-client-ssh.so (libc6,hard-float) => 
/usr/local/lib/libguac-client-ssh.so
	libguac-client-kubernetes.so.0 (libc6,hard-float) => 
/usr/local/lib/libguac-client-kubernetes.so.0
	libguac-client-kubernetes.so (libc6,hard-float) => 
/usr/local/lib/libguac-client-kubernetes.so



So what's the problem? Clearly I'm missing something.

Regards,  Jim



On 2024-01-30 19:20, jim...@porcine.com wrote:

It appears to be a ipv4 vs. ipv6 issue. Here is what I get with
systemctl status guacd after a failed attempt:

Jan 30 15:54:04 pi4dev guacd[6014]: Creating new client for protocol 
"vnc"

Jan 30 15:54:04 pi4dev guacd[6014]: Connection ID is
"$ea3a9369-9157-428c-be87-3b0e08498367"
Jan 30 15:54:04 pi4dev guacd[6061]: Cursor rendering: local
Jan 30 15:54:04 pi4dev guacd[6061]: User
"@d1cf66c3-9bb5-4a46-b8eb-82a718cae00f" joined

Re: Preventing a "double login" using SAML

2024-01-31 Thread Nick Couchman

On Wed, Jan 31, 2024 at 4:10 PM Barnhart, Steven 
wrote:

> SAML is our main authentication provider, and we wouldn’t mind using it
> with Guacamole to simplify things, unfortunately due to the way SAML works
> we don’t have access to the credentials to pass through to connections. I
> don’t suppose anyone has thought of ways around this?
>
>
>

Strictly speaking, no, there is no way around this, at least, not with
SAML, and not with things as implemented today in Guacamole. There are some
possibilities in the future - for example, SSL SSO (coming out in the
Guacamole 1.6.0 version) + Smartcard pass-through (not yet implemented at
all) could do the trick. It's also possible that implementing some sort of
Kerberos authentication mechanism for Guacamole (not implemented at all),
combined with FreeRDP 3.0's support for Kerberos authentication (also not
in Guacamole, yet) would, in certain situations, get rid of the
double-authentication requirement.

It's also worth noting that other remote access/VDI products that I use on
a regular basis - for example, Microsoft's Azure Virtual Desktop, and
VMware Horizon - behave exactly the same way and have the "double
authentication" requirement when accessing systems that require a username
and password.

-Nick

>

Re: Log in to Gnome Shell RDP

2024-01-31 Thread Horváth Csaba

Hi,

I had time to continue the investigation.
With a more verbose log, i get the stuff at the end of the post.

Strange things : the Freerdp messages :
guacd[354449]: DEBUG: Remote framebuffer format PIXEL_FORMAT_RGB16
guacd[354449]: DEBUG: expected PDU_TYPE_DEMAND_ACTIVE 0001, got 0006
guacd[354449]: DEBUG: transport_check_fds: transport->ReceiveCallback() - -1
guacd[354449]: DEBUG: rdp_client_connect:freerdp_set_last_error_ex
ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
guacd[354449]: DEBUG: expected PDU_TYPE_DEMAND_ACTIVE 0001, got 0006
guacd[354449]: DEBUG: transport_check_fds: transport->ReceiveCallback() - -1
guacd[354449]: DEBUG: rdp_client_connect:freerdp_set_last_error_ex
ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
guacd[354449]: DEBUG: freerdp_post_connect failed
guacd[354449]: DEBUG: SVC "rdpdr" disconnected.
guacd[354449]: DEBUG: SVC "rdpsnd" disconnected.
guacd[354449]: INFO: RDP server closed/refused connection: Server
refused connection (wrong security type?)

And the username :
guacd[354449]: INFO: User "@4a0e0744-34a1-4758-b722-da4dfd44642b"
joined connection "$0ae5b730-fd3b-494f-957d-00542523a4b5" (1 users now
present)

Can someone please help to untangle this...?

Thanks :)



root@homeserver:/usr/sbin#  /usr/sbin/guacd -L debug -f -b 127.0.0.1
-l 4822 -p /tmp/guacd/guacd.pid
guacd[354367]: INFO: Guacamole proxy daemon (guacd) version 1.3.0 started
guacd[354367]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822
guacd[354367]: INFO: Listening on host 127.0.0.1, port 4822
guacd[354367]: INFO: Creating new client for protocol "rdp"
guacd[354367]: INFO: Connection ID is "$0ae5b730-fd3b-494f-957d-00542523a4b5"
guacd[354449]: DEBUG: Processing instruction: size
guacd[354449]: DEBUG: Processing instruction: audio
guacd[354449]: DEBUG: Processing instruction: video
guacd[354449]: DEBUG: Processing instruction: image
guacd[354449]: DEBUG: Processing instruction: timezone
guacd[354449]: DEBUG: Parameter "console" omitted. Using default value of 0.
guacd[354449]: DEBUG: Parameter "console-audio" omitted. Using default
value of 0.
guacd[354449]: DEBUG: Parameter "disable-auth" omitted. Using default
value of 0.
guacd[354449]: INFO: Security mode: NLA
guacd[354449]: DEBUG: User resolution is 1920x1003 at 96 DPI
guacd[354449]: DEBUG: Parameter "dpi" omitted. Using default value of 96.
guacd[354449]: DEBUG: Using resolution of 1920x1003 at 96 DPI
guacd[354449]: DEBUG: Parameter "read-only" omitted. Using default value of 0.
guacd[354449]: DEBUG: Parameter "client-name" omitted. Using default
value of "Guacamole RDP".
guacd[354449]: DEBUG: Parameter "enable-wallpaper" omitted. Using
default value of 0.
guacd[354449]: DEBUG: Parameter "enable-theming" omitted. Using
default value of 0.
guacd[354449]: DEBUG: Parameter "enable-font-smoothing" omitted. Using
default value of 0.
guacd[354449]: DEBUG: Parameter "enable-full-window-drag" omitted.
Using default value of 0.
guacd[354449]: DEBUG: Parameter "enable-desktop-composition" omitted.
Using default value of 0.
guacd[354449]: DEBUG: Parameter "enable-menu-animations" omitted.
Using default value of 0.
guacd[354449]: DEBUG: Parameter "disable-bitmap-caching" omitted.
Using default value of 0.
guacd[354449]: DEBUG: Parameter "disable-offscreen-caching" omitted.
Using default value of 0.
guacd[354449]: DEBUG: Parameter "disable-glyph-caching" omitted. Using
default value of 0.
guacd[354449]: DEBUG: Parameter "color-depth" omitted. Using default
value of 16.
guacd[354449]: DEBUG: Parameter "disable-audio" omitted. Using default
value of 0.
guacd[354449]: DEBUG: Parameter "enable-printing" omitted. Using
default value of 0.
guacd[354449]: DEBUG: Parameter "printer-name" omitted. Using default
value of "Guacamole Printer".
guacd[354449]: DEBUG: Parameter "enable-drive" omitted. Using default
value of 0.
guacd[354449]: DEBUG: Parameter "drive-name" omitted. Using default
value of "Guacamole Filesystem".
guacd[354449]: DEBUG: Parameter "drive-path" omitted. Using default value of "".
guacd[354449]: DEBUG: Parameter "create-drive-path" omitted. Using
default value of 0.
guacd[354449]: DEBUG: Parameter "disable-download" omitted. Using
default value of 0.
guacd[354449]: DEBUG: Parameter "disable-upload" omitted. Using
default value of 0.
guacd[354449]: DEBUG: Parameter "timezone" omitted. Using default
value of "Europe/Budapest".
guacd[354449]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0.
guacd[354449]: DEBUG: Parameter "sftp-hostname" omitted. Using default
value of "t430".
guacd[354449]: DEBUG: Parameter "sftp-port" omitted. Using default
value of "22".
guacd[354449]: DEBUG: Parameter "sftp-username" omitted. Using default
value of "colt".
guacd[354449]: DEBUG: Parameter "sftp-password" omitted. Using default
value of "".
guacd[354449]: DEBUG: Parameter "sftp-passphrase" omitted. Using
default value of "".
guacd[354449]: DEBUG: Parameter "sftp-root-directory" omitted. Using
default value of "/".
guacd[354449]: DEBUG:

Preventing a "double login" using SAML

2024-01-31 Thread Barnhart, Steven

SAML is our main authentication provider, and we wouldn’t mind using it with 
Guacamole to simplify things, unfortunately due to the way SAML works we don’t 
have access to the credentials to pass through to connections. I don’t suppose 
anyone has thought of ways around this?

Steve

Re: Fw: Using SAML Authentication behind a Reverse Proxy (nginx)

2024-01-31 Thread Nick Couchman

On Tue, Jan 30, 2024 at 2:10 AM Oliver, Dario N 
wrote:

> Hi!
>
> *Note: I posted a similar topic some time ago, but that one was to use
> Guacamole behind a Proxy Server. This time, the issue is behind a Reverse
> Proxy.*
>
> I am using the Guacamole DockerHub image, behind an Nginx proxy, as
> documented in
> https://guacamole.apache.org/doc/gug/reverse-proxy.html#nginx.
> Guacamole is set up with the "saml" extension, as documented in
> https://guacamole.apache.org/doc/gug/saml-auth.html.
>
>
The documentation is actually missing a couple of headers that should be
set:

proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;

Make sure all of those are set - I think the X-Forwarded-Proto, in
particular, will resolve your issue.

-Nick

>

Re: guacamole can't communicate with guacd

2024-01-31 Thread Michael Jumper


On 1/30/24 16:20, jim...@porcine.com wrote:
It appears to be a ipv4 vs. ipv6 issue. Here is what I get with 
systemctl status guacd after a failed attempt:


Jan 30 15:54:04 pi4dev guacd[6014]: Creating new client for protocol "vnc"
Jan 30 15:54:04 pi4dev guacd[6014]: Connection ID is 
"$ea3a9369-9157-428c-be87-3b0e08498367"

Jan 30 15:54:04 pi4dev guacd[6061]: Cursor rendering: local
Jan 30 15:54:04 pi4dev guacd[6061]: User 
"@d1cf66c3-9bb5-4a46-b8eb-82a718cae00f" joined connection 
"$ea3a9369-9157-428c-be87-3b0e08498367" (1 users >

Jan 30 15:54:04 pi4dev guacd[6061]: ConnectClientToTcpAddr6: connect
Jan 30 15:54:04 pi4dev guacd[6061]: Unable to connect to VNC server
Jan 30 15:54:04 pi4dev guacd[6061]: Unable to connect to VNC server.


Do you have a VNC server running and accepting connections at the 
hostname/address and port you've specified?


According to the logs above, the web application is not having any issue 
connecting to guacd - that much is working fine. It's the attempt to 
connect to the VNC server that's failing.


- Mike

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: guacamole can't communicate with guacd

Re: Preventing a "double login" using SAML

Re: Log in to Gnome Shell RDP

Preventing a "double login" using SAML

Re: Fw: Using SAML Authentication behind a Reverse Proxy (nginx)

Re: guacamole can't communicate with guacd

6 matches

Site Navigation

Mail list logo

Footer information