On Mon, Aug 26, 2019 at 12:21 PM "michael böhm" <k...@gmx.net> wrote:
> Hi Nick, > > regarding Challenge-Response. I tried it out today, please see the > following trace of the Access-Challenge which the radius-server sends to > Guacamole: > > Access-Challenge (11), id: 0x06, Authenticator: > 9c0a074ce112e463792171399bfxxxxx > Reply-Message Attribute (18), length: 40, Value: Please set the new > PIN for your Token. > State Attribute (24), length: 18, Value: ^z...~0..mc..\7. > > Guacamole does not handle the challenge as expected but with a deny: > > 09:39:35.392 [http-nio-8080-exec-10] WARN > o.a.g.r.auth.AuthenticationService - Authentication attempt from 1.2.3.4 > for user "username" failed. > If you're using multiple authentication extensions (like RADIUS and JDBC), try making sure that the RADIUS extension is loaded, first, so that it is evaluated first. I basically just rename the extensions such that it'll be evaluated, first - something like guacamole-auth-0-radius.jar, so that the -0- makes it load before anything else. See the following JIRA issue: https://issues.apache.org/jira/browse/GUACAMOLE-684 -Nick