On 11/2/2023 11:51 AM, Aero Tech wrote:
That is the weird thing it won't create any logs in the guacamole log location even though I specified it in guacamole.properties.
Specified what? There is no configuration property for log location in guacamole.properties.
From what I read I should be able to get the 2fa working without the duo extension if the 2fa SRVR is handling LDAPS. It can do LDAPS or RADIUS. I've added both into the file but it still fails.
What specifically have you added?
I added the .pem cert to the cert store and can do an ldapsearch from terminal. If I need to add a DB I'm not opposed to that. If I add a user.xml I can get past the login page but it fails to remote which may be a FW port setting or something else.
You will need to locate the guacd logs to determine the nature of that failure, though if you could post the error message that you're seeing that would be something.
guacd logs to syslog, which on most Linux distributions will result in logs going to the systemd journal, which you view using the "journalctl" command. Some distributions may instead use a log file like "/var/log/syslog" or "/var/log/messages".
The Tomcat logs may be relevant, especially if the issue is that guacd isn't running at all or isn't reachable at localhost. Depending on how you installed Tomcat and your distribution, those may be "catalina.out" in the "logs" directory provided by Tomcat, or a dedicated log file like "/var/logs/tomcat9/catalina.out", or they may also get sent to the systemd journal.
Before trying any further changes, I strongly recommend first locating the logs. It's going to be nearly impossible to guess the correct problem and solution without logs, and the logs definitely exist.
Was trying to set the user.xml to the actual server. I added a no authentication to test and still cannot get into it with every LDAPS and RADIUS setting commented out.
Commenting out settings has no impact on whether support for a particular authentication method is loaded. On the contrary, installing an authentication setting and omitting required configuration properties would be an error, and those errors are logged.
To disable an authentication method provided by an extension, you would need to remove the extension's .jar file (or rename it so that it doesn't end in ".jar").
- Mike --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
