Hi Nick. Thank fo you answer. 1) What version of Guacamole are you running? The version is 1.3.0
2) When you create the connection, are you providing values for username and password? We have configured the saml parameters in the guacamole.properties using Azure. The authentication with the Azure-AD is done correctly, once I authenticate to the Azure-AD I enter the Gaucamole portal without problems. But when I try to access a Windows computer that I have configured, I see the Invalid Credential error in the log file. 3) Are you setting the RDP security type correctly for your version of Windows (probably NLA or NLA Ext)? The security type is configured in LA. I only have the drawback when using saml, if I authenticate via LDAP I connect without problems. This is my guacamole.properties # Hostname and port of guacamole proxy guacd-hostname: 127.0.0.1 guacd-port: 4822 # MySQL properties api-session-timeout:1 mysql-hostname: dbsvr.winux mysql-port: 3306 mysql-database: guacamole_db mysql-username: guacamole_user mysql-password: xxxxxxxxxxxxxxxxxx mysql-default-max-connections-per-user: 0 mysql-default-max-group-connections-per-user: 0 #mysql-auto-create-accounts: true #skip-if-unavailable: mysql,ldap #LDAP Properties #ldap-hostname: chidmzvip.winux #ldap-port: 389 #ldap-username-attribute: uid #ldap-member-attribute: memberUid #ldap-encryption-method: none #ldap-search-bind-dn: uid=aixldap,ou=openldap,ou=services,dc=winux #ldap-search-bind-password: xxxxxxxxxx #ldap-config-base-dn: dc=winux #ldap-user-base-dn: ou=Users,dc=winux #ldap-user-search-filter:(objectClass=shadowAccount) #ldap-group-base-dn: ou=Groups,dc=winux #ldap-group-name-attribute: cn #ldap-max-search-results: 6000 #ldap-operation-timeout: 300 saml-idp-url: https://login.microsoftonline.com/3f27f816-99e9-48e2-96b8-7197a6632921/saml2 saml-callback-url: https://ertest.winux.com saml-debug: True saml-strict: False saml-entity-id: https://ertest.winux.com saml-debug: true Victor J. Martínez RHCE Cel.: (595)972-918-550 Asunción - Paraguay El jue, 29 jul 2021 a las 9:36, Nick Couchman (<vn...@apache.org>) escribió: > On Thu, Jul 29, 2021 at 8:32 AM Victor Martinez <vjmartin...@gmail.com> > wrote: > >> Good evening Team.They told me that I could make inquiries in this >> list, referring to a problem that we are having for the implementation >> of Guacamole + SAML + RDP. >> The downside is for authentication with the RDP service. >> I entered the Guacamole Portal with the SAML_ID, but when we tried to >> connect via rdp to a Windows 10 host, we received the following from >> Invalid Credential: >> Jul 28 16:27:10 chidmz117 guacd [17514]: guacd [17905]: INFO: # 011RDP >> server closed / refused connection: Authentication failure (invalid >> credentials?) >> We hope we can count on your help. >> Thanks a lot >> > > Several questions: > 1) What version of Guacamole are you running? > 2) When you create the connection, are you providing values for username > and password? > 3) Are you setting the RDP security type correctly for your version of > Windows (probably NLA or NLA Ext)? > > As the server indicates, authentication is failing, so it needs to be > corrected in some form or another. > > -Nick > >>
