RE: Configuring LDAP

5 [http-bio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN ""cn=My User"" Nov 21 14:56:15 access server: 14:56:15.496 [http-bio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 172.31.26.216

RE: Configuring LDAP

er,dc=example,dc=com" Nov 27 09:30:31 access server: 09:30:31.839 [http-bio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 172.31.26.216 for user "harry.devine" failed. Thanks, Harry From: Jonathan Hankins [mailto:jhank...@homewood.k12.al.us] Se

RE: Configuring LDAP

"harry.devine": [uid=harry.devine,cn=users,cn=compat,dc=example,dc=com, uid=harry.devine,cn=users,cn=accounts,dc=example,dc=com] Nov 27 09:42:01 access server: 09:42:01.917 [http-bio-8080-exec-6] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from xxx.xxx.xxx.xx

RE: Configuring LDAP

o.a.g.r.auth.AuthenticationService - Authentication attempt from xxx.xxx.xxx.xxx for user "harry.devine" failed. However, I know that the password is 100% correct. Where to look now? I feel we’re getting very close. Thanks, Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Monday, Novembe

RE: Configuring LDAP

s you have it currently? Also, I saw that on a previous attempt today you got the log message: Nov 27 09:42:01 access server: 09:42:01.909 [http-bio-8080-exec-6] WARN o.a.g.a.l.AuthenticationProviderService - Multiple DNs possible for user "harry.devine": [uid=harry.devine,cn=users,cn=comp

RE: Configuring LDAP

exec-6] INFO o.a.g.r.auth.AuthenticationService - User "harry.devine" successfully authenticated from 172.31.26.216. Dec 1 13:34:35 access server: 13:34:35.644 [http-bio-8080-exec-6] WARN o.a.g.auth.ldap.user.UserService - Possibly ambiguous user account: "Jon Moen". Dec 1 13:34:36 a

X Forwarding on an SSH connection

Is it possible to forward X when connected to an SSH session in guacamole? For example, if I was connected and wanted to edit a file using gedit in Linux, how can we make that work? Thanks, Harry Harry Devine DOT/FAA/AJM-2412 Common ARTS Software Development Terminal Server (NASDAC)

Re: Configuring LDAP

Nothing at all. And the Guacamole screen never changes, as if the Login button doesn't work or is somehow dead. Thanks, Harry From: Nick Couchman Sent: Wednesday, November 15, 2017 7:59:36 PM To: u...@guacamole.incubator.apache.org Subject:

RE: Configuring LDAP

Looks like I get a 403 when it tries to access /guacamole/api/tokens. Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Monday, November 20, 2017 11:40 AM To: user@guacamole.apache.org Subject: Re: Configuring LDAP On Mon, Nov 20, 2017 at 8:10 AM,

RE: Configuring LDAP

/var/log/messages doesn’t show anything at all when I try the login. Also, when I click Login, the area at the top of the Developer Tools window (with the times in it 2000ms, 4000ms, etc.) updates, but the list of javascript files that is accessed doesn’t change. The tokens file/topic is in

RE: Configuring LDAP

We’re using Red Hat Enterprise Linux 7.4 with SELinux set to enforcing. I disabled the LDAP extension and just used MySQL for the guacadmin user and could log in. I do see the following information in /var/log/messages: Nov 20 13:43:57 access server: 13:43:57.545 [http-bio-8080-exec-6] INFO

RE: Configuring LDAP

I use Chrome and I use the Developer Console all the time. I just tried it again and got nothing at all in the console. I even had the catalina.2017-11-20.log file open and got nothing in there either. Nothing happens. Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Friday,

RE: Configuring LDAP

I set SELinux to permissive and put the LDAP extension back (its under /usr/share/tomcat/.guacamole/extensions), restarted tomcat and guacd, and try to log in using an LDAP user. I click Login and on the Network tab, it shows tokens (/guacamole/api/tokens) as having a “pending” status. Never

RE: Configuring LDAP

o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN ""cn=My User"" Nov 21 14:56:15 access server: 14:56:15.496 [http-bio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 172.31.26.216 for user "harry.devine" failed. I ha

RE: Configuring LDAP

roperties as you have it currently? Also, I saw that on a previous attempt today you got the log message: Nov 27 09:42:01 access server: 09:42:01.909 [http-bio-8080-exec-6] WARN o.a.g.a.l.AuthenticationProviderService - Multiple DNs possible for user "harry.devine": [uid=harry.de

RE: Creating JAR files for a branding extension

Understood! I added a CSS element to that override file and it looks how we want it. Thanks for the help!!! Harry From: Mike Jumper [mailto:mike.jum...@guac-dev.org] Sent: Friday, January 26, 2018 4:08 PM To: user@guacamole.apache.org Subject: Re: Creating JAR files for a branding extension

RE: Creating JAR files for a branding extension

After I sent my original email, I got the logo to display properly. But I still had issues with the application name. I had it set in translations/en.json, however, I had an extra comma at the end. Once I removed that, the app name came up as we expected. We also added in an html template

Dynamic VNC connections

Is it possible to have 1 VNC connection that is configured in such a way that when user A logs he, they connection to the first port, then when user B logs into the same connection, they connect to the next available port? Our users have a server that is running VNC on quite a few ports, and

FW: Guacamole SSH delete key

Is the question we were asked below possible? If so, how? Thanks, Harry Harry Devine DOT/FAA/AJM-2412 Common ARTS Software Development Terminal Server (NASDAC) Adminstrator Red Hat Certfied System Adminstrator (RHCSA) harry.dev...@faa.gov (609)485-4218 Building 300,

RE: Connection failures

Guacd is running. I looked at /var/log/messages and encountered the following: Jan 22 09:09:21 access guacd[1760]: Creating new client for protocol "ssh" Jan 22 09:09:21 access guacd[1760]: Connection ID is "$e25765a1-e06d-4bd7-959c-2e7878839efe" Jan 22 09:09:21 access guacd[30054]: User

Connection failures

Today, when I try to connect to any connection we have in Guacamole (0.9.13), either an SSH or RDP connection, I get the following error: [cid:image001.png@01D3935F.C7CA0C80] I tried to look in the logs under /var/log/tomcat but didn't see anything about any errors. What logs should I be

RE: Connection failures

OK, I see that. Looks like it has support for it, however, I have libssh2 version 1.4.3 installed. I couldn’t find anything that says what 1.4.3 had support for. Assuming that it DOES support the FIPS algorithms, what settings for an SSH connection will I need to set to allow this? The only

RE: Connection failures

I just played around with my setup for an RDP connection we have, and what you suggested didn't work. The RDP server is a Windows 2008 R2 server. I truly believe that the issue is due to us making our machines FIPS compliant, which is why SSH connections now fail with "SSH handshake failed".

RE: Connection failures

As a test, I made a new Guacamole connection to a server that we did NOT make FIPS 140-2 compliant yet, and was able to get right in. So the FIPS 140-2 is definitely the issue. So I need to know if there’s something in guacamole 0.9.13 that I need to tweak, or libssh2. I’m not sure if I can

RE: Login screen issues

What is the screen supposed to look like? I made the change in my login-override.css in my extension as follows: div.login-ui { position: absolute; } The screen looks exactly the same to me. Should I put all of the CSS properties into my override? And was this supposed to either swap the

RE: Installation question

Thanks! That was it. I missed that step. Sorry for the dumb question. Figured it was something I did. Thanks, Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Wednesday, February 28, 2018 3:18 PM To: user@guacamole.apache.org Subject: Re: Installation question On Wed, Feb 28, 2018

Installation question

This is going to seem like a basic question, but I'm setting up a new guacamole installation following the user guide. If I go to :8080, I get the Tomcat status page. If I got to :8080/guacamole, I get Error 404 Resource not found. I can't seem to find where to set up the virtual directory

Issues with SFTP

We have our guacamole set up where users can connect to a machine via VNC and connect to 1 of 25 available connections. Our users have a requirement to SFTP files between their desktops and the VNC connection. However, according to the documentation, the SFTP requires a user name and

Connecting as admin user issue

I have our admin user set to connect to a VNC connection. So when it logs in, it automatically goes into that connection. We didn't mean to do this and need to back that out, so we can go into the Guacamole settings page and administer the other connections and users. How can I do this? I

RE: Connecting as admin user issue

Thanks Nick! The Ctrl+Alt+Shift gave me what I needed. Forgot all about that! Thanks, Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Friday, March 23, 2018 3:27 PM To: user@guacamole.apache.org Subject: Re: Connecting as admin user issue On Fri, Mar 23, 2018 at 3:13 PM,

VNC display settings

We have a few users that are complaining that the fonts on the VNC connections they use are not very clear. I tried setting the Color Depth for the connection to True Color (32-bit), but it didn't make any difference. Is there anything within Guacamole that I can do to improve the display

Question about adding connections

We have a server set up that currently has 28 users and 39 connections. We have a request to add 112 more SSH connections, which will then have to be added to each user. Is there a way to script this in Guacamole somehow, either in bash or PHP, to do this easier? I can do it manually, but

Database issue installing version 1.0.0

We have a new machine that we're setting up with Guacamole, and I'm putting version 1.0.0 on it (we have 2 others that are running 0.9.13 currently). When I try to implement the MySQL database portion, I'm getting the following errors in /var/log/messages (this is a RHEL 7.6 server): Mar 28

RE: Issue with branding extension on 1.0.0

OK, I got it working. When I made the jar file, I had to put in every file: zip tsose.jar css/login-override.css resources/ARMTLogo.png translations/en.json guac-manifest.json warningBanner.html I restarted everything and it works now. Thanks, Harry From: Devine, Harry (FAA) Sent: Thursday,

RE: Issue with branding extension on 1.0.0

I fixed that error in the manifest and restarted everything. The apache error log shows this when I load the page: [Thu Mar 28 13:10:38.853330 2019] [proxy_http:error] [pid 12362] (70008)Partial results are valid but processing is incomplete: [client 172.31.26.83:55068] AH01110: error reading

RE: Issue with branding extension on 1.0.0

OK, so the files I modified are in my setup folder, but when I create the zip file, they don’t get included. I’ve created it 2 ways: 1) zip tsose.jar * 2) zip tsose.jar css resources translations guac-manifest.json warningBanner.html The only files that get into the jar file is

RE: Issue with branding extension on 1.0.0

Here’s what I see from when I restarted Tomcat earlier (the “Overlay language resource ‘en’ does not exist” seems suspicious): Mar 28 13:09:14 armt server: INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that

RE: Database issue installing version 1.0.0

OK, so I set the timezone to be ‘America/New_York’ as described here: https://mariadb.com/kb/en/library/time-zones/. Will I have to do this every time the guacd or mariadb services are restarted? Thanks, Harry From: Nick Couchman Sent: Thursday, March 28, 2019 9:35 AM To:

RE: Issue with branding extension on 1.0.0

Only this, but when I reloaded the page, nothing got added to it (I think what I have below was from when Tomcat got restarted about 30 minutes ago): [r...@armt.ts.faa.gov ~/guacbranding]#tail -f /var/log/tomcat/catalina.2019-03-28.log Mar 28, 2019 1:09:18 PM

RE: Database issue installing version 1.0.0

I had to do the following: 1) mysql_tzinfo_to_sql /usr/share/zoneinfo/|mysql -u root mysql -p 2) From within MySQL: SET GLOBAL time_zone = 'America/New_York'; Then everything seemed to work. Thanks, Harry From: Mike Jumper Sent: Thursday, March 28, 2019 11:02 AM To:

RE: Issue with branding extension on 1.0.0

Nope, nothing changed in the environment that I could see. I just looked at the other 2 servers running Guacamole 0.9.13 with my custom branding extension, and they come up fine with no errors in the debug console. But the new one with 1.0.0 throws that error whenever I have my extension