Re: Guacamole 1.1.0 and LDAP binding on M$ AD

Caleb Crawford Fri, 20 Mar 2020 12:12:09 -0700

First thing to check: Is 'uid' what you want there? The property in ourAD is 'uidNumber' - though I think what you actually want there is'sAMAccountName'. I also don't immediately see the config setting'ldap-user-attributes' in the documentation which might be breaking things.


Here's a comparison to my config which is working without issue:


ldap-hostname: ldap.ad.mydomain
ldap-port: 389
ldap-user-base-dn: OU=MYOU=,DC=MY,DC=DOMAIN
ldap-search-bind-dn: cn=ldapuser,ou=Users,OU=MYOU,DC=MY,DC=DOMAIN
ldap-search-bind-password: myldapuserpassword
ldap-username-attribute: sAMAccountName

ldap-user-search-filter:(&(objectClass=user)(!(objectClass=computer))(CustomString2=*)(!(CustomString2=/nonexistent)))

ldap-group-base-dn: OU=Guacamole Access Groups,OU=MYOU,DC=MY,DC=DOMAIN

On 3/20/20 6:35 AM, Niubbo75 wrote:

Hello all, I'm going crazy trying to connect to Guacamole via LDAP using M$
AD users.
here my LDAP configuration into guacamole.properties: (some personal data
omitted)

####################################################
# LDAP Configuration
ldap-hostname: 192.168.1.249
ldap-port: 389
ldap-encryption-method: none
ldap-search-bind-dn: CN=Administrator,CN=Users,DC=DOMAIN,DC=local
ldap-search-bind-password: S3cr3t!
ldap-user-base-dn: CN=Users,DC=DOMAIN,DC=local
ldap-username-attribute: uid
ldap-user-attributes: sAMAccountName
ldap-config-base-dn: CN=Guacamole,CN=Users,DC=DOMAIN,DC=local
####################################################

I use Administrator as bind user, I have create it also into Guacamole's
MySQL user and I can login w/out any problem (I have create the user using
the same password as domain user have), when I log in with Administrator in
Guacamole and I go under settings => Users I can't see domain users, if I
try to log in with a domain user different from Administrator I got this:

14:21:44.191 [http-nio-8080-exec-6] WARN  o.a.g.r.auth.AuthenticationService
- Authentication attempt from 192.168.1.73 for user "mydomainuser" failed.

LDAP module is correctly loaded from what I can read in catalina.out, also
bind seems to be correct because I can't see any error or warnings related,
I have this messages:

Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver
class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered
via the SPI and manual loading of the driver class is generally unnecessary.
14:15:26.414 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.3.6.1.4.1.18060.0.0.1)
14:15:26.415 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(2.16.840.1.113730.3.4.7)
14:15:26.415 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(2.16.840.1.113730.3.4.2)
14:15:26.416 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.2.840.113556.1.4.319)
14:15:26.416 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(2.16.840.1.113730.3.4.3)
14:15:26.417 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(2.16.840.1.113730.3.4.18)
14:15:26.417 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.2.840.113556.1.4.473)
14:15:26.418 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.2.840.113556.1.4.474)
14:15:26.418 [http-nio-8080-exec-3] INFO
o.a.d.a.l.c.o.DefaultLdapCodecService - MSG_06000_REGISTERED_CONTROL_FACTORY
(1.3.6.1.4.1.4203.1.10.1)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.18060.0.0.1)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.7)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.2)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.319)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.3)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.18)
14:15:26.419 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.473)
14:15:26.420 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.474)
14:15:26.420 [http-nio-8080-exec-3] INFO  o.a.d.a.l.c.StockCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.10.1)
14:15:26.421 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.841)
14:15:26.421 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.841)
14:15:26.422 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.2239)
14:15:26.422 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.417)
14:15:26.423 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.528)
14:15:26.423 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.42.2.27.8.5.1)
14:15:26.424 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.42.2.27.8.5.1)
14:15:26.425 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.1413)
14:15:26.425 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.3)
14:15:26.426 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.1)
14:15:26.426 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.2)
14:15:26.427 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.1.21.2)
14:15:26.427 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.9)
14:15:26.428 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.10)
14:15:26.430 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.8)
14:15:26.431 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.8)
14:15:26.431 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.21.3)
14:15:26.432 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.5)
14:15:26.433 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.3)
14:15:26.433 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.1466.20036)
14:15:26.434 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.4203.1.11.1)
14:15:26.435 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.1466.20037)
14:15:26.436 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.21.1)
14:15:26.437 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.6)
14:15:26.438 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.4203.1.11.3)
14:15:26.439 [http-nio-8080-exec-3] INFO  o.a.d.a.l.e.ExtrasCodecFactoryUtil
- MSG_06002_REGISTERED_INTERMEDIATE_FACTORY (1.3.6.1.4.1.4203.1.9.1.4)

I have try using the same configuration I had used in past with Guacamole
1.0.0 (and that worked) but I still can't see any domain users and can't
login with them.

Any help will be very appreciate, I'm in hurry to get this working because
we need to have this for let our colleagues works from home due to covid-19
emergency, thanks.



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: Guacamole 1.1.0 and LDAP binding on M$ AD

Reply via email to