On Tue, Mar 10, 2020, 14:16 Stefan Bogdan Cimpeanu <[email protected]> wrote:
> Hello all, > > I’m using Azure Active Directory Domain Services as my ldap source for > Guacamole. The main use is for RDP with domain joined machines. > I sometimes experience two (I think related issues): > - some of the user accounts are not able to login to guacamole even though > supplied user/password are correct (the user can RDP to the VM directly, > but not login to guacamole). Error in logs don’t say much except > "Authentication attempt from [ IP ] for user xxxx failed” > - sometimes it takes few hours or even a server restart to see newly > created AADDS users in guacamole > > Is there a way I can “force” an ldap sync so that users are added to > guacamole? There is no sync. When using LDAP, Guacamole authenticates against LDAP directly. The relevant users and groups do not need to exist in the database except where you are granting those users/groups permissions for connections stored on the database, however the web interface is organized such that attempting to do so would result in their creation. If you are seeing inconsistencies in whether users/groups exist, I don't believe that inconsistency would be on the Guacamole side. There's no cache between sessions, nothing stored from LDAP. Data from LDAP is queried directly as needed. It may be that the LDAP server takes time to become consistent, and that the correlation with server restarts is a coincidence. Regarding the login failures, have you tried enabling debug-level logging in for the webapp? - Mike
