Hi Nick,
regarding Challenge-Response. I tried it out today, please see the following trace of the Access-Challenge which the radius-server sends to Guacamole:
Access-Challenge (11), id: 0x06, Authenticator: 9c0a074ce112e463792171399bfxxxxx
Reply-Message Attribute (18), length: 40, Value: Please set the new PIN for your Token.
State Attribute (24), length: 18, Value: ^z...~0..mc..\7.
Reply-Message Attribute (18), length: 40, Value: Please set the new PIN for your Token.
State Attribute (24), length: 18, Value: ^z...~0..mc..\7.
Guacamole does not handle the challenge as expected but with a deny:
09:39:35.392 [http-nio-8080-exec-10] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 1.2.3.4 for user "username" failed.
Is the code for handling access-challenges already present in the Radius-plugin 1.0.0? Am I doing something wrong?
Thanks and best wishes
Michael
Gesendet: Freitag, 23. August 2019 um 21:31 Uhr
Von: "Nick Couchman" <[email protected]>
An: [email protected]
Betreff: Re: Re: Re: Re: docker-container for Guacamole 1.1.0
Von: "Nick Couchman" <[email protected]>
An: [email protected]
Betreff: Re: Re: Re: Re: docker-container for Guacamole 1.1.0
On Fri, Aug 23, 2019 at 3:18 PM "michael böhm" <[email protected]> wrote:
Hi Nick,thanks for your answer. Everything is well designed and working. That is why I like this project.I will test the challenge response next week.On more thing I recognized: I added a user via Guacamole-GUI and assign it to a group which has permissions for connections set. Then I authenticate this user via radius but the user does not see the connections which are included in the group. Is this a bug, intended behaviour or did I do something wrong?
This isn't really a bug, as it was originally intended to function this way, but it is something we have changed in code that will go into the 1.1.0 release. See the following JIRA issue:
-Nick
