Hi Nick this is what I get in catalina.out (changing user names to generic)
INFO: Deployment of web application directory /var/lib/tomcat7/webapps/ROOT has finished in 185 ms Apr 05, 2019 9:38:21 AM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-8080"] Apr 05, 2019 9:38:21 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 3930 ms Fri Apr 05 09:38:40 EDT 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. 09:38:40.397 [http-bio-8080-exec-1] INFO o.a.g.r.auth.AuthenticationService - User "aduser" successfully authenticated from 10.0.1.2 09:39:00.827 [http-bio-8080-exec-2] INFO o.a.g.r.auth.AuthenticationService - User "guacadmin" successfully authenticated from 10.0.1.2 Fri Apr 05 09:39:00 EDT 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. Fri Apr 05 09:39:01 EDT 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. guacadmin is a mysql account, not an AD account, and is successful in logging in, and from there I can see the guacamole interface and add machines etc. aduser is the AD account that is successful in logging in, the login page stalls for 2 seconds, then throws the error about unable to query list from LDAP. just for testing, I created the same aduser in mysql database and assigned a connection to it, thinking as per the other documentation I saw, as long as the same user is present in mysql, it should use LDAP for authentication, and link the mysql account over along with the connections. It doesn't do that in my case. I was wondering if there's any other log to check to see why this is. Thanks V -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
