Hi, Thanks for clarification! How i specify the account for guacd? I mean, OK, i create the user, but how i specify that guacd should start in the account's behalf?
Thanks, Cs. Nick Couchman <nick.e.couch...@gmail.com> ezt írta (időpont: 2024. jan. 26., P, 16:47): > > On Wed, Jan 24, 2024 at 3:40 PM Horváth Csaba <horvathcsabalas...@gmail.com> > wrote: >> >> Hi, >> >> Tried with a Windows VM with NLA turned off; so simple RDP connection >> works with security=rdp . So the issue is that guacd cannot >> communicate with TLS and NLA security servers. > > > This means it likely has to do with the issue that David mentioned with the > home directory for the user running guacd. > > Note that we're talking about the Linux/UNIX home directory for the Linux > user running guacd, not the GUACAMOLE_HOME directory. For example, if you run > guacd under the "daemon" account, and the daemon account has a home directory > of /usr/sbin (as is the case in RHEL8, for example), then the "daemon" user > does not have access to write to the /usr/sbin directory and cannot create > the host fingerprint file that is required for NLA and TLA connections. > > The easiest thing to do is just create a Linux user account for guacd to run > under, allowing Linux to create a home directory (useradd with "-m" flag, for > example), and then make sure guacd is being started under that account. Then > re-try the connection. > > -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
