On Tue, Apr 30, 2019 at 11:42 AM Mike Jumper <[email protected]> wrote:
> On Tue, Apr 30, 2019 at 11:31 AM Lance Gropper < > [email protected]> wrote: > >> Hello All: >> >> >> >> Now I'm trying to get guacamole to work with RDP, and was wondering if >> anyone had any suggestions as far as what I could be doing wrong: I am >> using Active Directory, and have the username, password, and domain >> entered, but when I try to connect, I get the messages below. It looks like >> it's ignoring the user I'm entering for that system, and using the user >> name that I'm logged in to guacamole with instead. >> > > This will not happen automatically. The values given for username, > password, etc. are always taken from connection parameters. The only > exceptions to this would be if you explicitly entered ${GUAC_USERNAME} or > if you wrote an extension which derives these values dynamically. > > If you have one value entered in for username already, but a different > value is taking effect, things aren't being ignored; the only possibility > is that the different value is the one currently stored. Beware that some > authentication methods like user-mapping.xml will cache the details of > connections for the duration of the user's session. LDAP will do this, as > well, for any connections which are stored within the LDAP directory. The > database authentication will not cache things. If writing your own > extension, it's up to you whether things are cached. > Also: If the reason you are saying that it looks like Guacamole is using your current username rather than the one entered for the system is due to the following message in the logs: "Apr 30 11:26:04 guacamole-post server: 11:26:04.829 [http-bio-8080-exec-6] INFO o.a.g.tunnel.TunnelRequestService - User "test" connected to connection "3"." That message is from the webapp, not guacd. It is only noting that the webapp user "test" attempted to use that particular connection and is purely an informational message from the perspective of the webapp. It has no bearing on the username/password/etc. actually used by the connection and is not logging the credentials sent as connection parameters. The connection to the RDP server established by guacd will use the connection parameters sent to it by the webapp, which in this case will be the parameters retrieved from the database. - Mike
