I have resolved this issue. To do so, I had to follow the following (less than intuitive steps) that I could not find in the guacamole documentation - perhaps I missed them somehow?
a) deploy guacamole docker image WITHOUT TOTP b) login as guacadmin c) create local user within guac for LDAP user d) login to guac with LDAP (enabling ability to see AD users) e) within guacamole, set setting for LDAP user to include 'change own password' f) redeploy guacamole docker image with TOTP g) remember LDAP users are case sensitive LDAP users can now successfully login to guacamole and associate with MFA. Steps a) - e) were the key. If you first deploy guacamole with TOTP before changing the user's 'change own password' setting within guacamole, you will encounter errors such as I did. FYI, I was NOT able to even see the LDAP users at first with TOTP deployed and logging in as guacadmin. I needed to revert to an image that did not have TOTP and then create a local user to match LDAP user. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
