Hi, I have installed guacd from Debian's repos, and it runs by default in the name of user guacd.
guacd 3163019 0.0 0.1 246252 10376 ? S Jan24 0:00 /usr/sbin/guacd -b 127.0.0.1 -l 4822 -p /var/run/guacd/guacd.pid Ang guacd has no home by default (which is acceptable from security viewpoint, but affect usability :D maybe i need to file a bug to Debian team :D ) guacd:x:998:996::/var/run/guacd:/bin/false So i need to specify a home dir for it. I'll see how it will work. Cs. Nick Couchman <nick.e.couch...@gmail.com> ezt írta (időpont: 2024. jan. 26., P, 16:47): > > On Wed, Jan 24, 2024 at 3:40 PM Horváth Csaba <horvathcsabalas...@gmail.com> > wrote: >> >> Hi, >> >> Tried with a Windows VM with NLA turned off; so simple RDP connection >> works with security=rdp . So the issue is that guacd cannot >> communicate with TLS and NLA security servers. > > > This means it likely has to do with the issue that David mentioned with the > home directory for the user running guacd. > > Note that we're talking about the Linux/UNIX home directory for the Linux > user running guacd, not the GUACAMOLE_HOME directory. For example, if you run > guacd under the "daemon" account, and the daemon account has a home directory > of /usr/sbin (as is the case in RHEL8, for example), then the "daemon" user > does not have access to write to the /usr/sbin directory and cannot create > the host fingerprint file that is required for NLA and TLA connections. > > The easiest thing to do is just create a Linux user account for guacd to run > under, allowing Linux to create a home directory (useradd with "-m" flag, for > example), and then make sure guacd is being started under that account. Then > re-try the connection. > > -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org