guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Configuring LDAP
Date Mon, 27 Nov 2017 15:09:59 GMT
On Mon, Nov 27, 2017 at 10:02 AM, <harry.devine@faa.gov> wrote:

> OK, so I tried that, including modifying ldap-username-attribute to be
> cn=users,cn=accounts,dc=example,dc=com, and now I get a 403 error in the
> Developer Tools, and the following error in /var/log/messages:
>
>
>
> Nov 27 10:00:34 access server: 10:00:34.766 [http-bio-8080-exec-8] WARN
> o.a.g.r.auth.AuthenticationService - Authentication attempt from
> xxx.xxx.xxx.xxx for user "harry.devine" failed.
>
>
>
> However, I know that the password is 100% correct.  Where to look now?  I
> feel we’re getting very close.
>
>
>

What LDAP server are you running?  You probably mentioned it already
somewhere in this thread, and I'm going to guess Active Directory, but just
want to make sure?  If it's OpenLDAP then it is quite possible it is
configured to disallow logins without some form of encryption (although I
wouldn't expect the search bind to work in this case, but who knows).  AD
doesn't usually have those restrictions, but depending on the environment,
it actually might require encryption, as well.  Other than that, it would
be useful to get a log from the LDAP server that indicates why it is
failing authentication - if it believes the password is wrong, or if it is
throwing some other sort of error.  I realize that you might be in an
organization where you don't have access to that server or those logs, but,
if you do, that would be helpful.

-Nick

Mime
View raw message