Hello,
So I have only the DUO Jar in the extensions folder and my guacamole.properties have the following mysql-hostname: localhost mysql-port: 3306 mysql-database: SOMEDB mysql-username: SOMEUSER mysql-password: SOMEPASSWORD mysql-user-password-min-length: 12 mysql-user-password-min-age: 7 mysql-user-password-max-age: 60 mysql-user-password-history-size: 6 mysql-user-password-require-multiple-case: true mysql-user-password-require-symbol: true mysql-user-password-require-digit: true mysql-user-password-prohibit-username: true mysql-server-timezone: America/Los_Angeles totp-issuer: Internal-NAMEHERE totp-mode: sha512 api-session-timeout: 5 duo-api-hostname: api-xxxxxxx.duosecurity.com duo-integration-key: CLIENT ID FROM DUO HERE duo-secret-key: SECRET FROM DUO HERE duo-application-key: GENERATED ON GUACAMOLE USING PWGEN 40 1 I get this error LOGIN.INFO_DUO_AUTH_REQUIRED Permissions are set correctly I set it to the as my TOTP jar when it was in the extension directory. I did change MySQL daemon to use loopback on both bind-address and mysqlx-bind-address, could this be an issue? LOGS: localhost_access_log.2023-03-25.txt 127.0.0.1 - - [25/Mar/2023:00:00:02 -0700] "GET /duo/api/session/data/mysql/connectionGroups/ROOT/tree HTTP/1.1" 200 1188 127.0.0.1 - - [25/Mar/2023:00:00:02 -0700] "GET /duo/api/session/data/mysql-shared/self/effectivePermissions HTTP/1.1" 200 248 127.0.0.1 - - [25/Mar/2023:00:00:02 -0700] "GET /duo/api/session/data/mysql-shared/activeConnections HTTP/1.1" 200 2 127.0.0.1 - - [25/Mar/2023:00:00:03 -0700] "GET /duo/api/session/data/mysql/users/USERACCOUNTHERE HTTP/1.1" 200 380 127.0.0.1 - - [25/Mar/2023:00:00:03 -0700] "GET /duo/api/session/data/mysql/self/effectivePermissions HTTP/1.1" 200 396 127.0.0.1 - - [25/Mar/2023:00:00:03 -0700] "GET /duo/api/session/data/mysql/activeConnections HTTP/1.1" 200 2 127.0.0.1 - - [25/Mar/2023:00:18:01 -0700] "DELETE /duo/api/session HTTP/1.1" 403 192 127.0.0.1 - - [25/Mar/2023:00:18:02 -0700] "POST /duo/api/tokens HTTP/1.1" 403 257 127.0.0.1 - - [25/Mar/2023:00:18:18 -0700] "POST /duo/api/tokens HTTP/1.1" 403 616 127.0.0.1 - - [25/Mar/2023:00:18:23 -0700] "POST /duo/api/tokens HTTP/1.1" 400 201 catalina.out [2023-03-24 23:59:35] [info] 23:59:35.793 [main] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support... [2023-03-24 23:59:37] [info] 23:59:37.574 [main] WARN o.g.jersey.server.wadl.WadlFeature - JAXBContext implementation could not be found. WADL feature is disabled. [2023-03-24 23:59:38] [info] Deployment of web application archive [/var/lib/tomcat9/webapps/duo.war] has finished in [13,607] ms [2023-03-24 23:59:38] [info] Deploying web application directory [/var/lib/tomcat9/webapps/ROOT] [2023-03-24 23:59:39] [info] At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. [2023-03-24 23:59:39] [info] Deployment of web application directory [/var/lib/tomcat9/webapps/ROOT] has finished in [1,450] ms [2023-03-24 23:59:39] [info] Starting ProtocolHandler ["http-nio-8080"] [2023-03-24 23:59:39] [info] Server startup in [15347] milliseconds [2023-03-24 23:59:40] [info] Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. [2023-03-25 00:00:01] [info] 00:00:01.456 [http-nio-8080-exec-8] INFO o.a.g.r.auth.AuthenticationService - User "USERACCOUNTHERE" successfully authenticated from [172.16.8.2, 127.0.0.1]. guac_access.log 172.16.8.2 - - [25/Mar/2023:00:00:02 -0700] "GET /duo/api/session/data/mysql-shared/self/effectivePermissions HTTP/1.1" 200 248 "http://internal2.domainname.net/duo/"; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" 172.16.8.2 - - [25/Mar/2023:00:00:02 -0700] "GET /duo/api/session/data/mysql-shared/activeConnections HTTP/1.1" 200 2 "http://internal2. domainname.net/duo/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" 172.16.8.2 - - [25/Mar/2023:00:00:03 -0700] "GET /duo/api/session/data/mysql/users/USERACCOUNT HTTP/1.1" 200 380 "http://internal2. domainname.net/duo/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" 172.16.8.2 - - [25/Mar/2023:00:00:03 -0700] "GET /duo/api/session/data/mysql/activeConnections HTTP/1.1" 200 2 "http://internal2. domainname.net/duo/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" 172.16.8.2 - - [25/Mar/2023:00:00:03 -0700] "GET /duo/api/session/data/mysql/self/effectivePermissions HTTP/1.1" 200 396 "http://internal2. domainname.net/duo/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" error.log 2023-03-25T06:04:55.313186Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.32' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server - GPL. 2023-03-25T06:08:26.630978Z 0 [System] [MY-013172] [Server] Received SHUTDOWN from user <via user signal>. Shutting down mysqld (Version: 8.0.32). 2023-03-25T06:08:27.653730Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.32) MySQL Community Server - GPL. 2023-03-25T06:08:28.254101Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.32) starting as process 1127 2023-03-25T06:08:28.280025Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. 2023-03-25T06:08:28.929874Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. 2023-03-25T06:08:29.491066Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. 2023-03-25T06:08:29.491304Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel. 2023-03-25T06:08:29.621014Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '127.0.0.1' port: 33060, socket: /var/run/mysqld/mysqlx.sock 2023-03-25T06:08:29.621889Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.32' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server - GPL. Thoughts?
