guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SergeyKh <mail4ser...@gmail.com>
Subject Re: two factor auth
Date Thu, 15 Nov 2018 11:09:08 GMT
i've installed mysql and now i can log in as guacadmin.
added user with the same username as ldap user has.
but still get the same error

localhost_access_log:

[15/Nov/2018:13:56:32 +0300] "POST /guacamole/api/tokens HTTP/1.1" 200 191
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/patches?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 200 352
[15/Nov/2018:13:56:32 +0300] "POST /guacamole/api/tokens HTTP/1.1" 200 191
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/mysql-shared/connectionGroups/ROOT/tree?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1"
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/mysql-shared/self/permissions?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 200 247
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/mysql/self/permissions?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 200 232
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/mysql/connectionGroups/ROOT/tree?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 200 108
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/mysql-shared/activeConnections?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 200 12
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/radius/users/MY-LDAP-USERNAME-HERE?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 404 254
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/mysql-shared/self/effectivePermissions?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 2
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/mysql/activeConnections?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 200 12
[15/Nov/2018:13:56:32 +0300] "GET
/guacamole/api/session/data/mysql/self/effectivePermissions?token=F5F94D53360FE3D543985CFC099017CA8460645442374D118731D11ADD9FBC12
HTTP/1.1" 200 232
 so there is still 404




чт, 15 нояб. 2018 г. в 12:07, Nick Couchman <vnick@apache.org>:

> On Thu, Nov 15, 2018 at 3:47 AM SergeyKh <mail4sergey@gmail.com> wrote:
>
>> i've configured guacamole's radius extension to communicate with
>> freeradius proxy as described here -
>> https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy
>>  so additional freeradius asks for login/password from my AD via LDAP and
>> then it asks OTP from my RcDevs OTP server via radius. and it works! i can
>> see success-auth logs everywhere
>>  and even catalina.out tells me:
>>  [http-nio-8080-exec-4] INFO  o.a.g.r.auth.AuthenticationService - User
>> "my-ad-login-name-here" successfully authenticated from my-ip-address
>> but my browser says:
>> An error has occurred and this action cannot be completed. If the problem
>> persists, please notify your system administrator or check your system logs.
>> so what system logs should i check?
>>
>>
> Is there anything else in the catalina.out file around this that indicates
> what might be going on?  Also, RADIUS authentication in Guacamole requires
> some other module to provide connections and permissions management
> (usually SQL, but LDAP would work in your case, as well), so you might try
> setting up one of those modules to actually store your connections and see
> if the error goes away after that.
>
> -Nick
>

Mime
View raw message