Ignore my las mail. Now it all works. No idea why though. Maybe the clock of the VM was off or something,
> On 15 Apr 2018, at 11.37, Kalle Jääskeläinen <kalle.jaaskelai...@gmail.com> > wrote: > > Hi all, > > I compiled the latest and greatest server and client yesterday from master to > try out google auth topt extension. > > I got everything working great (first time I built it from source) to a point > where I login using password, get a QR code for new account get “Apache > Guacamole (topttest (or guacadmin)) entry to the Google Authenticator > (android) application with changing code, but when I enter it, it just keeps > on saying "Verification failed. Please try again.” > Both topttest (normal account with only change password permission) and > guacadmin has the same behavior. > > If I take topt extension out, the users (topttest, guacadmin) can access ok > using just the password. > > I’m using mySQL, schema etc built using the scripts I got from master. > > After failed login attempts (tried both topttest and guacadmin) mySQL shows > > mysql> SELECT * FROM guacamole_user_attribute; > +---------+-------------------------+----------------------------------+ > | user_id | attribute_name | attribute_value | > +---------+-------------------------+----------------------------------+ > | 1 | guac-totp-key-confirmed | false | > | 1 | guac-totp-key-secret | XXVBQ3HTHLJMXRNPMD57ZIZG2ZIN2U43 | > | 5 | guac-totp-key-confirmed | false | > | 5 | guac-totp-key-secret | YAKJNQMMZKY2MVIVCGSV6TMXLOUD2VIR | > +---------+-------------------------+----------------------------------+ > 4 rows in set (0.00 sec) > > mysql> SELECT * FROM guacamole_user; > +---------+-----------+----------------------------------+----------------------------------+---------------------+----------+---------+---------------------+-------------------+------------+-------------+----------+-----------+---------------+--------------+---------------------+ > | user_id | username | password_hash | password_salt > | password_date | disabled | expired | > access_window_start | access_window_end | valid_from | valid_until | timezone > | full_name | email_address | organization | organizational_role | > +---------+-----------+----------------------------------+----------------------------------+---------------------+----------+---------+---------------------+-------------------+------------+-------------+----------+-----------+---------------+--------------+---------------------+ > | 1 | guacadmin | ?E?}IN;?$???u?Ul??,-}?c;?J)?A` | > ?$???+%(???zy?B??`d?iųw??"d | 2018-04-15 07:21:55 | 0 | 0 | NULL > | NULL | NULL | NULL | NULL | > NULL | NULL | NULL | NULL | > ??W~v??YD??'?GG;F??n-? | 2018-04-15 10:36:21 | 0 | 0 | NULL > | NULL | NULL | NULL | NULL | NULL > | NULL | NULL | NULL | > | 5 | topttest | ??e > ??wG?x?v? ?F??mT=A??w?" | ?BۘF;?f??xk???i???P?m\f? | 2018-04-15 10:54:14 | > 0 | 0 | NULL | NULL | NULL | NULL > | NULL | NULL | NULL | NULL | NULL > | > +---------+-----------+----------------------------------+----------------------------------+---------------------+----------+---------+---------------------+-------------------+------------+-------------+----------+-----------+---------------+--------------+---------------------+ > 3 rows in set (0.00 sec) > > mysql> SELECT * FROM guacamole_user_permission; > +---------+------------------+------------+ > | user_id | affected_user_id | permission | > +---------+------------------+------------+ > | 1 | 1 | READ | > | 1 | 1 | UPDATE | > | 1 | 1 | ADMINISTER | > | 1 | 4 | READ | > | 1 | 4 | UPDATE | > | 1 | 4 | DELETE | > | 1 | 4 | ADMINISTER | > | 4 | 4 | READ | > | 4 | 4 | UPDATE | > | 1 | 5 | READ | > | 1 | 5 | UPDATE | > | 1 | 5 | DELETE | > | 1 | 5 | ADMINISTER | > | 5 | 5 | READ | > | 5 | 5 | UPDATE | > +---------+------------------+------------+ > 15 rows in set (0.01 sec) > > > > Tomcat logs show only: > Sun Apr 15 11:02:17 EEST 2018 WARN: Establishing SSL connection without > server's identity verification is not recommended. According to MySQL > 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established > by default if explicit option isn't set. For compliance with existing > applications not using SSL the verifyServerCertificate property is set to > 'false'. You need either to explicitly disable SSL by setting useSSL=false, > or set useSSL=true and provide truststore for server certificate verification. > > ==> localhost_access_log.2018-04-15.txt <== > 192.168.100.11 - - [15/Apr/2018:11:02:17 +0300] "GET /guacamole/ HTTP/1.1" > 304 - > 192.168.100.11 - - [15/Apr/2018:11:02:17 +0300] "GET > /guacamole/app.css?v=0.9.14 HTTP/1.1" 200 49878 > 192.168.100.11 - - [15/Apr/2018:11:02:17 +0300] "GET > /guacamole/app.js?v=0.9.14 HTTP/1.1" 200 304771 > 192.168.100.11 - - [15/Apr/2018:11:02:17 +0300] "GET > /guacamole/images/logo-144.png HTTP/1.1" 200 9167 > 192.168.100.11 - - [15/Apr/2018:11:02:17 +0300] "GET /guacamole/api/languages > HTTP/1.1" 200 151 > 192.168.100.11 - - [15/Apr/2018:11:02:17 +0300] "GET /guacamole/api/patches > HTTP/1.1" 200 352 > 192.168.100.11 - - [15/Apr/2018:11:02:17 +0300] "GET > /guacamole/translations/en.json HTTP/1.1" 200 37198 > 192.168.100.11 - - [15/Apr/2018:11:02:18 +0300] "POST /guacamole/api/tokens > HTTP/1.1" 403 237 > > ==> catalina.out <== > 11:02:30.987 [http-bio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService > - User "topttest" successfully authenticated from 192.168.100.11. > > ==> localhost_access_log.2018-04-15.txt <== > 192.168.100.11 - - [15/Apr/2018:11:02:31 +0300] "POST /guacamole/api/tokens > HTTP/1.1" 403 1433 > > ==> catalina.out <== > 11:03:00.822 [http-bio-8080-exec-9] INFO o.a.g.r.auth.AuthenticationService > - User "topttest" successfully authenticated from 192.168.100.11. > > ==> localhost_access_log.2018-04-15.txt <== > 192.168.100.11 - - [15/Apr/2018:11:03:00 +0300] "POST /guacamole/api/tokens > HTTP/1.1" 400 188 > > > > Permissions of the extension are the same as with jdbc, and the other stuff > built using the 0.9.14 manual. > I have not added any topt specific things to guacamole.properties. > > What could be the issue, what to check? Have I missed a step somewhere? > > Thanks for your help. > > — kalle > > > > >