Guacamole 1.1.0 and LDAP binding on M$ AD

Fri, 20 Mar 2020 06:35:26 -0700 

Hello all, I'm going crazy trying to connect to Guacamole via LDAP using M$
AD users.
here my LDAP configuration into guacamole.properties: (some personal data
omitted)

####################################################
# LDAP Configuration
ldap-hostname: 192.168.1.249
ldap-port: 389
ldap-encryption-method: none
ldap-search-bind-dn: CN=Administrator,CN=Users,DC=DOMAIN,DC=local
ldap-search-bind-password: S3cr3t!
ldap-user-base-dn: CN=Users,DC=DOMAIN,DC=local
ldap-username-attribute: uid
ldap-user-attributes: sAMAccountName
ldap-config-base-dn: CN=Guacamole,CN=Users,DC=DOMAIN,DC=local
####################################################

I use Administrator as bind user, I have create it also into Guacamole's
MySQL user and I can login w/out any problem (I have create the user using
the same password as domain user have), when I log in with Administrator in
Guacamole and I go under settings => Users I can't see domain users, if I
try to log in with a domain user different from Administrator I got this:

14:21:44.191 [http-nio-8080-exec-6] WARN  o.a.g.r.auth.AuthenticationService
- Authentication attempt from 192.168.1.73 for user "mydomainuser" failed.

LDAP module is correctly loaded from what I can read in catalina.out, also
bind seems to be correct because I can't see any error or warnings related,
I have this messages:

Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver
class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered
via the SPI and manual loading of the driver class is generally unnecessary.
14:15:26.414 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.3.6.1.4.1.18060.0.0.1)
14:15:26.415 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(2.16.840.1.113730.3.4.7)
14:15:26.415 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(2.16.840.1.113730.3.4.2)
14:15:26.416 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.2.840.113556.1.4.319)
14:15:26.416 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(2.16.840.1.113730.3.4.3)
14:15:26.417 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(2.16.840.1.113730.3.4.18)
14:15:26.417 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.2.840.113556.1.4.473)
14:15:26.418 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.2.840.113556.1.4.474)
14:15:26.418 [http-nio-8080-exec-3] INFO 
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.3.6.1.4.1.4203.1.10.1)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.18060.0.0.1)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.7)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.2)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.319)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.3)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.18)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.473)
14:15:26.420 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.474)
14:15:26.420 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.10.1)
14:15:26.421 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.841)
14:15:26.421 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.841)
14:15:26.422 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.2239)
14:15:26.422 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.417)
14:15:26.423 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.528)
14:15:26.423 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.42.2.27.8.5.1)
14:15:26.424 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.42.2.27.8.5.1)
14:15:26.425 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.1413)
14:15:26.425 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.3)
14:15:26.426 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.1)
14:15:26.426 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.2)
14:15:26.427 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.1.21.2)
14:15:26.427 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.9)
14:15:26.428 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.10)
14:15:26.430 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.8)
14:15:26.431 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.8)
14:15:26.431 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.21.3)
14:15:26.432 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.5)
14:15:26.433 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.3)
14:15:26.433 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.1466.20036)
14:15:26.434 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.4203.1.11.1)
14:15:26.435 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.1466.20037)
14:15:26.436 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.21.1)
14:15:26.437 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.6)
14:15:26.438 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.4203.1.11.3)
14:15:26.439 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06002_REGISTERED_INTERMEDIATE_FACTORY (1.3.6.1.4.1.4203.1.9.1.4)

I have try using the same configuration I had used in past with Guacamole
1.0.0 (and that worked) but I still can't see any domain users and can't
login with them.

Any help will be very appreciate, I'm in hurry to get this working because
we need to have this for let our colleagues works from home due to covid-19
emergency, thanks.



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to