guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mike.jum...@guac-dev.org>
Subject Re: guacd won't connect to RDP server using NLA and UPN
Date Tue, 31 May 2016 19:00:13 GMT
On Mon, May 30, 2016 at 11:07 PM, James Johnston <
johnstonj.public@codenest.com> wrote:

> Hi,
>
> I'm trying to connect to an RDP server that is set up with both TLS and
> NLA.  I
> want the RDP connection to take place using the username of the guacamole
> user
> who has logged in.  (guacamole has been linked with LDAP.)  Unfortunately,
> this
> doesn't work: the RDP server disconnects the client immediately (according
> to
> the guacamole web GUI).  docker logs guacd merely reports:
>
>     guacd[41]: ERROR:       Error connecting to RDP server
>     guacd[41]: INFO:        Connection did not succeed
>
> My connection username is set to ${GUAC_USERNAME}.  Password is set to
> ${GUAC_PASSWORD}.  Domain box is left blank, security mode set to NLA, and
> Ignore server certificate has been checked to work around the issue in my
> last
> e-mail.  Everything is left at defaults.
>
>
Have you tried specifying the domain? (And only specifying the username for
the username, not username@domain)

Guacamole is integrated with Active Directory using LDAP, with a PostgreSQL
> back-end for configuration.  I set up docker to use the userPrincipalName
> LDAP
> attribute for usernames.  So e.g. I login to guacamole as "
> user@mydomain.com".
>
>
I'm not sure if the RDP server will happily accept the full user@domain as
the username. If this works with other RDP clients, it may be that those
clients are parsing out the user and domain, and still pass them to the RDP
server separately.

I usually see users configuring Guacamole + Active Directory by:

1) Providing a search DN and password within guacamole.properties
2) Using "sAMAccountName" as the username attribute
3) Specifying the domain explicitly
4) Using "${GUAC_USERNAME}" for the username in the connection parameters

Note that I am using latest docker images for both guacd and guacamole.
>
> I have verified that logging in with regular Microsoft Remote Desktop
> client
> using the UPN works.  So that's not the problem...  On the other hand, if I
> manually type the UPN into the username box instead of using
> ${GUAC_USERNAME},
> it still doesn't work.
>

By "the username box", are you referring to Windows' own username/password
prompt when you're logging in, or are you referring to the connection
parameters within Guacamole?

Thanks,

- Mike

Mime
View raw message