Re: guacamole can't communicate with guacd
Apparently there are two problems. The first is a ipv4 vs. ipv6 issue. If I use localhost in guacd.conf: [server] bind_host = localhost bind_port = 4822 guacd binds to a ipv6 address and guacamola never finds it. Change guacd.conf to [server] bind_host = 127.0.0.1 bind_port = 4822 and guacamola now finds guacd. Second problem: guacd can't find its vnc plugin. Again, systemctl status guacd yields: Jan 31 18:10:22 pi4dev guacd[5518]: Creating new client for protocol "vnc" Jan 31 18:10:22 pi4dev guacd[5518]: Connection ID is "$4e2159ab-c7ff-4243-884f-267cd3bd8ad2" Jan 31 18:10:22 pi4dev guacd[5567]: Cursor rendering: local Jan 31 18:10:22 pi4dev guacd[5567]: User "@6c10f1d1-cf63-404a-8479-e16259dcccbe" joined connection "$4e2159ab-c7ff-4243-8> Jan 31 18:10:22 pi4dev guacd[5567]: ConnectClientToTcpAddr6: connect Jan 31 18:10:22 pi4dev guacd[5567]: Unable to connect to VNC server Jan 31 18:10:22 pi4dev guacd[5567]: Unable to connect to VNC server. Jan 31 18:10:32 pi4dev guacd[5567]: User "@6c10f1d1-cf63-404a-8479-e16259dcccbe" disconnected (0 users remain) Jan 31 18:10:32 pi4dev guacd[5567]: Last user of connection "$4e2159ab-c7ff-4243-884f-267cd3bd8ad2" disconnected Jan 31 18:10:32 pi4dev guacd[5518]: Connection "$4e2159ab-c7ff-4243-884f-267cd3bd8ad2" removed. And yet I compiled guacamole with vnc support: guacamole-server version 1.5.4 Library status: freerdp2 no pango ... yes libavcodec .. yes libavformat.. yes libavutil ... yes libssh2 . yes libssl .. yes libswscale .. yes libtelnet ... no libVNCServer yes libvorbis ... no libpulse no libwebsockets ... yes libwebp . yes wsock32 . no Protocol support: Kubernetes yes RDP ... no SSH ... yes Telnet no VNC ... yes Services / tools: guacd .. yes guacenc yes guaclog yes FreeRDP plugins: no Init scripts: no Systemd units: no And the plugin libraries are in /usr/local/lib: jeh@pi4dev:/usr/local/lib $ ls cmake libguac-client-ssh.so.0.0.0 libguac-terminal.lalibopen62541.so.1.3.2 libguac.a libguac-client-vnc.a libguac-terminal.solibuldaq.a libguac-client-kubernetes.a libguac-client-vnc.la libguac-terminal.so.0 libuldaq.la libguac-client-kubernetes.lalibguac-client-vnc.so libguac-terminal.so.0.1.0 libuldaq.so libguac-client-kubernetes.solibguac-client-vnc.so.0 libmxml.a libuldaq.so.1 libguac-client-kubernetes.so.0 libguac-client-vnc.so.0.0.0 libmxml.so libuldaq.so.1.2.0 libguac-client-kubernetes.so.0.0.0 libguac.la libmxml.so.1 pkgconfig libguac-client-ssh.alibguac.so libmxml.so.1.6 pypy2.7 libguac-client-ssh.la libguac.so.23 libopen62541.a python2.7 libguac-client-ssh.so libguac.so.23.0.0 libopen62541.sopython3.11 libguac-client-ssh.so.0 libguac-terminal.a libopen62541.so.1 And according to ldconfig the libraries are known. jeh@pi4dev:/usr/local/lib $ ldconfig --print-cache | grep libguac libguac.so.23 (libc6,hard-float) => /usr/local/lib/libguac.so.23 libguac.so (libc6,hard-float) => /usr/local/lib/libguac.so libguac-terminal.so.0 (libc6,hard-float) => /usr/local/lib/libguac-terminal.so.0 libguac-terminal.so (libc6,hard-float) => /usr/local/lib/libguac-terminal.so libguac-client-vnc.so.0 (libc6,hard-float) => /usr/local/lib/libguac-client-vnc.so.0 libguac-client-vnc.so (libc6,hard-float) => /usr/local/lib/libguac-client-vnc.so libguac-client-ssh.so.0 (libc6,hard-float) => /usr/local/lib/libguac-client-ssh.so.0 libguac-client-ssh.so (libc6,hard-float) => /usr/local/lib/libguac-client-ssh.so libguac-client-kubernetes.so.0 (libc6,hard-float) => /usr/local/lib/libguac-client-kubernetes.so.0 libguac-client-kubernetes.so (libc6,hard-float) => /usr/local/lib/libguac-client-kubernetes.so So what's the problem? Clearly I'm missing something. Regards, Jim On 2024-01-30 19:20, jim...@porcine.com wrote: It appears to be a ipv4 vs. ipv6 issue. Here is what I get with systemctl status guacd after a failed attempt: Jan 30 15:54:04 pi4dev guacd[6014]: Creating new client for protocol "vnc" Jan 30 15:54:04 pi4dev guacd[6014]: Connection ID is "$ea3a9369-9157-428c-be87-3b0e08498367" Jan 30 15:54:04 pi4dev guacd[6061]: Cursor rendering: local Jan 30 15:54:04 pi4dev guacd[6061]: User "@d1cf66c3-9bb5-4a46-b8eb-82a718cae00f" joined
Re: Preventing a "double login" using SAML
On Wed, Jan 31, 2024 at 4:10 PM Barnhart, Steven wrote: > SAML is our main authentication provider, and we wouldn’t mind using it > with Guacamole to simplify things, unfortunately due to the way SAML works > we don’t have access to the credentials to pass through to connections. I > don’t suppose anyone has thought of ways around this? > > > Strictly speaking, no, there is no way around this, at least, not with SAML, and not with things as implemented today in Guacamole. There are some possibilities in the future - for example, SSL SSO (coming out in the Guacamole 1.6.0 version) + Smartcard pass-through (not yet implemented at all) could do the trick. It's also possible that implementing some sort of Kerberos authentication mechanism for Guacamole (not implemented at all), combined with FreeRDP 3.0's support for Kerberos authentication (also not in Guacamole, yet) would, in certain situations, get rid of the double-authentication requirement. It's also worth noting that other remote access/VDI products that I use on a regular basis - for example, Microsoft's Azure Virtual Desktop, and VMware Horizon - behave exactly the same way and have the "double authentication" requirement when accessing systems that require a username and password. -Nick >
Re: Log in to Gnome Shell RDP
Hi, I had time to continue the investigation. With a more verbose log, i get the stuff at the end of the post. Strange things : the Freerdp messages : guacd[354449]: DEBUG: Remote framebuffer format PIXEL_FORMAT_RGB16 guacd[354449]: DEBUG: expected PDU_TYPE_DEMAND_ACTIVE 0001, got 0006 guacd[354449]: DEBUG: transport_check_fds: transport->ReceiveCallback() - -1 guacd[354449]: DEBUG: rdp_client_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] guacd[354449]: DEBUG: expected PDU_TYPE_DEMAND_ACTIVE 0001, got 0006 guacd[354449]: DEBUG: transport_check_fds: transport->ReceiveCallback() - -1 guacd[354449]: DEBUG: rdp_client_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] guacd[354449]: DEBUG: freerdp_post_connect failed guacd[354449]: DEBUG: SVC "rdpdr" disconnected. guacd[354449]: DEBUG: SVC "rdpsnd" disconnected. guacd[354449]: INFO: RDP server closed/refused connection: Server refused connection (wrong security type?) And the username : guacd[354449]: INFO: User "@4a0e0744-34a1-4758-b722-da4dfd44642b" joined connection "$0ae5b730-fd3b-494f-957d-00542523a4b5" (1 users now present) Can someone please help to untangle this...? Thanks :) root@homeserver:/usr/sbin# /usr/sbin/guacd -L debug -f -b 127.0.0.1 -l 4822 -p /tmp/guacd/guacd.pid guacd[354367]: INFO: Guacamole proxy daemon (guacd) version 1.3.0 started guacd[354367]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822 guacd[354367]: INFO: Listening on host 127.0.0.1, port 4822 guacd[354367]: INFO: Creating new client for protocol "rdp" guacd[354367]: INFO: Connection ID is "$0ae5b730-fd3b-494f-957d-00542523a4b5" guacd[354449]: DEBUG: Processing instruction: size guacd[354449]: DEBUG: Processing instruction: audio guacd[354449]: DEBUG: Processing instruction: video guacd[354449]: DEBUG: Processing instruction: image guacd[354449]: DEBUG: Processing instruction: timezone guacd[354449]: DEBUG: Parameter "console" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "console-audio" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "disable-auth" omitted. Using default value of 0. guacd[354449]: INFO: Security mode: NLA guacd[354449]: DEBUG: User resolution is 1920x1003 at 96 DPI guacd[354449]: DEBUG: Parameter "dpi" omitted. Using default value of 96. guacd[354449]: DEBUG: Using resolution of 1920x1003 at 96 DPI guacd[354449]: DEBUG: Parameter "read-only" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "client-name" omitted. Using default value of "Guacamole RDP". guacd[354449]: DEBUG: Parameter "enable-wallpaper" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "enable-theming" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "enable-font-smoothing" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "enable-full-window-drag" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "enable-desktop-composition" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "enable-menu-animations" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "disable-bitmap-caching" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "disable-offscreen-caching" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "disable-glyph-caching" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "color-depth" omitted. Using default value of 16. guacd[354449]: DEBUG: Parameter "disable-audio" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "enable-printing" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "printer-name" omitted. Using default value of "Guacamole Printer". guacd[354449]: DEBUG: Parameter "enable-drive" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "drive-name" omitted. Using default value of "Guacamole Filesystem". guacd[354449]: DEBUG: Parameter "drive-path" omitted. Using default value of "". guacd[354449]: DEBUG: Parameter "create-drive-path" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "disable-download" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "disable-upload" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "timezone" omitted. Using default value of "Europe/Budapest". guacd[354449]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0. guacd[354449]: DEBUG: Parameter "sftp-hostname" omitted. Using default value of "t430". guacd[354449]: DEBUG: Parameter "sftp-port" omitted. Using default value of "22". guacd[354449]: DEBUG: Parameter "sftp-username" omitted. Using default value of "colt". guacd[354449]: DEBUG: Parameter "sftp-password" omitted. Using default value of "". guacd[354449]: DEBUG: Parameter "sftp-passphrase" omitted. Using default value of "". guacd[354449]: DEBUG: Parameter "sftp-root-directory" omitted. Using default value of "/". guacd[354449]: DEBUG:
Preventing a "double login" using SAML
SAML is our main authentication provider, and we wouldn’t mind using it with Guacamole to simplify things, unfortunately due to the way SAML works we don’t have access to the credentials to pass through to connections. I don’t suppose anyone has thought of ways around this? Steve
Re: Fw: Using SAML Authentication behind a Reverse Proxy (nginx)
On Tue, Jan 30, 2024 at 2:10 AM Oliver, Dario N wrote: > Hi! > > *Note: I posted a similar topic some time ago, but that one was to use > Guacamole behind a Proxy Server. This time, the issue is behind a Reverse > Proxy.* > > I am using the Guacamole DockerHub image, behind an Nginx proxy, as > documented in > https://guacamole.apache.org/doc/gug/reverse-proxy.html#nginx. > Guacamole is set up with the "saml" extension, as documented in > https://guacamole.apache.org/doc/gug/saml-auth.html. > > The documentation is actually missing a couple of headers that should be set: proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto $scheme; Make sure all of those are set - I think the X-Forwarded-Proto, in particular, will resolve your issue. -Nick >
Re: guacamole can't communicate with guacd
On 1/30/24 16:20, jim...@porcine.com wrote: It appears to be a ipv4 vs. ipv6 issue. Here is what I get with systemctl status guacd after a failed attempt: Jan 30 15:54:04 pi4dev guacd[6014]: Creating new client for protocol "vnc" Jan 30 15:54:04 pi4dev guacd[6014]: Connection ID is "$ea3a9369-9157-428c-be87-3b0e08498367" Jan 30 15:54:04 pi4dev guacd[6061]: Cursor rendering: local Jan 30 15:54:04 pi4dev guacd[6061]: User "@d1cf66c3-9bb5-4a46-b8eb-82a718cae00f" joined connection "$ea3a9369-9157-428c-be87-3b0e08498367" (1 users > Jan 30 15:54:04 pi4dev guacd[6061]: ConnectClientToTcpAddr6: connect Jan 30 15:54:04 pi4dev guacd[6061]: Unable to connect to VNC server Jan 30 15:54:04 pi4dev guacd[6061]: Unable to connect to VNC server. Do you have a VNC server running and accepting connections at the hostname/address and port you've specified? According to the logs above, the web application is not having any issue connecting to guacd - that much is working fine. It's the attempt to connect to the VNC server that's failing. - Mike - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org