On Tue, Mar 20, 2018 at 6:39 PM, John Hanks <[email protected]> wrote:
> Hi, > > I have guacamole working with an Apache reverse proxy which does kerberos > authentication and guacamole using HTTP header auth and mysql (mariaDB on > CentOS 7). I'd like to have the user auth with apache and then have that > accepted by guacamole but when I attempt connect in the logs I get: > > server: 15:27:03.592 [http-apr-8080-exec-3] WARN > o.a.g.r.auth.AuthenticationService > - Authentication attempt from [10.210.255.254, ::1] for user "griznog" > failed. > server: 15:27:09.804 [http-apr-8080-exec-7] WARN > o.a.g.r.auth.AuthenticationService > - Authentication attempt from [10.210.255.254, ::1] for user "griznog" > failed. > > I then get the guacamole login screen and can log in with the password set > in the users entry in the database. I've tried with an empty password in > the database entry for the user, but that fails as well, however with only > one warning in the logs. > > What I would like to do is to have the database just used to store > user/connection info and let the web proxy handle all the authentication. > Is that possible and if so, how do I configure that? > > Do you have the header authentication extension loaded? Can you verify in your logs that it is loading correctly? Also, if the user is being passed through with some header other than REMOTE_USER, you'll need to configure the header name that is used by the header extension. See: http://guacamole.apache.org/doc/gug/header-auth.html If you've verified that it's loading, and you're still having issues, then you'll need to post logs and probably your Apache httpd configs back here so we can try to help figure out what's going on. -Nick
