Hi Nick.
Thank fo you answer.

1) What version of Guacamole are you running?
The version is 1.3.0

2) When you create the connection, are you providing values for username
and password?
We have configured the saml parameters in the guacamole.properties using
Azure.
The authentication with the Azure-AD is done correctly, once I authenticate
to the Azure-AD I enter the Gaucamole portal without problems.
But when I try to access a Windows computer that I have configured, I see
the Invalid Credential error in the log file.

3) Are you setting the RDP security type correctly for your version of
Windows (probably NLA or NLA Ext)?
The security type is configured in LA.
I only have the drawback when using saml, if I authenticate via LDAP I
connect without problems.

This is my guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: 127.0.0.1
guacd-port:     4822

# MySQL properties

api-session-timeout:1

mysql-hostname: dbsvr.winux
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: xxxxxxxxxxxxxxxxxx
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0
#mysql-auto-create-accounts: true

#skip-if-unavailable: mysql,ldap
#LDAP Properties
#ldap-hostname: chidmzvip.winux
#ldap-port: 389
#ldap-username-attribute: uid
#ldap-member-attribute: memberUid
#ldap-encryption-method: none
#ldap-search-bind-dn: uid=aixldap,ou=openldap,ou=services,dc=winux
#ldap-search-bind-password: xxxxxxxxxx
#ldap-config-base-dn: dc=winux
#ldap-user-base-dn: ou=Users,dc=winux
#ldap-user-search-filter:(objectClass=shadowAccount)
#ldap-group-base-dn: ou=Groups,dc=winux
#ldap-group-name-attribute: cn
#ldap-max-search-results: 6000
#ldap-operation-timeout: 300

saml-idp-url:
https://login.microsoftonline.com/3f27f816-99e9-48e2-96b8-7197a6632921/saml2
saml-callback-url: https://ertest.winux.com
saml-debug: True
saml-strict: False
saml-entity-id: https://ertest.winux.com
saml-debug: true

Victor J. Martínez
RHCE
Cel.: (595)972-918-550
Asunción - Paraguay



El jue, 29 jul 2021 a las 9:36, Nick Couchman (<vn...@apache.org>) escribió:

> On Thu, Jul 29, 2021 at 8:32 AM Victor Martinez <vjmartin...@gmail.com>
> wrote:
>
>> Good evening Team.They told me that I could make inquiries in this
>> list, referring to a problem that we are having for the implementation
>> of Guacamole + SAML + RDP.
>> The downside is for authentication with the RDP service.
>> I entered the Guacamole Portal with the SAML_ID, but when we tried to
>> connect via rdp to a Windows 10 host, we received the following from
>> Invalid Credential:
>> Jul 28 16:27:10 chidmz117 guacd [17514]: guacd [17905]: INFO: # 011RDP
>> server closed / refused connection: Authentication failure (invalid
>> credentials?)
>> We hope we can count on your help.
>> Thanks a lot
>>
>
> Several questions:
> 1) What version of Guacamole are you running?
> 2) When you create the connection, are you providing values for username
> and password?
> 3) Are you setting the RDP security type correctly for your version of
> Windows (probably NLA or NLA Ext)?
>
> As the server indicates, authentication is failing, so it needs to be
> corrected in some form or another.
>
> -Nick
>
>>

Reply via email to