guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SergeyKh <mail4ser...@gmail.com>
Subject Re: two factor auth
Date Thu, 15 Nov 2018 09:47:23 GMT
nope. catalina.out hasn't got anything else
but localhost_access_log has:
6.10 - - [15/Nov/2018:12:42:08 +0300] "GET
/guacamole/api/patches?token=F4E3D0DC6986A46CB6B33424EB8C80827BC27F7844B71C56625C3ED47B880058
HTTP/1.1" 200 12
6.10 - - [15/Nov/2018:12:42:08 +0300] "GET
/guacamole/api/languages?token=F4E3D0DC6986A46CB6B33424EB8C80827BC27F7844B71C56625C3ED47B880058
HTTP/1.1" 200 171
6.10 - - [15/Nov/2018:12:42:08 +0300] "POST /guacamole/api/tokens HTTP/1.1"
200 169
6.10 - - [15/Nov/2018:12:42:08 +0300] "GET
/guacamole/api/session/data/radius/users/my-AD-username?token=F4E3D0DC6986A46CB6B33424EB8C80827BC27F7844B71C56625C3ED47B880058
HTTP/1.1" 404 254

so there is 404. what is it that can't be found?


чт, 15 нояб. 2018 г. в 12:07, Nick Couchman <vnick@apache.org>:

> On Thu, Nov 15, 2018 at 3:47 AM SergeyKh <mail4sergey@gmail.com> wrote:
>
>> i've configured guacamole's radius extension to communicate with
>> freeradius proxy as described here -
>> https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy
>>  so additional freeradius asks for login/password from my AD via LDAP and
>> then it asks OTP from my RcDevs OTP server via radius. and it works! i can
>> see success-auth logs everywhere
>>  and even catalina.out tells me:
>>  [http-nio-8080-exec-4] INFO  o.a.g.r.auth.AuthenticationService - User
>> "my-ad-login-name-here" successfully authenticated from my-ip-address
>> but my browser says:
>> An error has occurred and this action cannot be completed. If the problem
>> persists, please notify your system administrator or check your system logs.
>> so what system logs should i check?
>>
>>
> Is there anything else in the catalina.out file around this that indicates
> what might be going on?  Also, RADIUS authentication in Guacamole requires
> some other module to provide connections and permissions management
> (usually SQL, but LDAP would work in your case, as well), so you might try
> setting up one of those modules to actually store your connections and see
> if the error goes away after that.
>
> -Nick
>


-- 
С уважением,
 Сергей Хворостяной

Mime
View raw message