guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SergeyKh <mail4ser...@gmail.com>
Subject Re: two factor auth
Date Thu, 15 Nov 2018 15:17:17 GMT
Nick i'm sorry. i'm the idiot.  i replied to the wrong email....

i believe radius extension does not work well or as i mentioned earlier i'm
the idiot and i do something wrong.
it authenticates the user but cant get user to his own work space. but if i
make one and only one connection that starts automatically. i get to that
ssh/rdp session right after authorization.
if i "exit" ssh session or press "ctrl-alt-shift" i get the same error that
i've got if have no connections attached to my username.
i've tried two different radius servers to authenticate to and it is all
the same.

any thoughts?



чт, 15 нояб. 2018 г. в 14:42, SergeyKh <mail4sergey@gmail.com>:

> chrome+f12+network shows:
>
> {"message":"Session not associated with authentication provider
> \"radius\".","translatableMessage":{"key":"Session not associated with
> authentication provider
> \"radius\".","variables":null},"statusCode":null,"expected":null,"type":"NOT_FOUND"}
>
>
>
> чт, 15 нояб. 2018 г. в 12:07, Nick Couchman <vnick@apache.org>:
>
>> On Thu, Nov 15, 2018 at 3:47 AM SergeyKh <mail4sergey@gmail.com> wrote:
>>
>>> i've configured guacamole's radius extension to communicate with
>>> freeradius proxy as described here -
>>> https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy
>>>  so additional freeradius asks for login/password from my AD via LDAP
>>> and then it asks OTP from my RcDevs OTP server via radius. and it works! i
>>> can see success-auth logs everywhere
>>>  and even catalina.out tells me:
>>>  [http-nio-8080-exec-4] INFO  o.a.g.r.auth.AuthenticationService - User
>>> "my-ad-login-name-here" successfully authenticated from my-ip-address
>>> but my browser says:
>>> An error has occurred and this action cannot be completed. If the
>>> problem persists, please notify your system administrator or check your
>>> system logs.
>>> so what system logs should i check?
>>>
>>>
>> Is there anything else in the catalina.out file around this that
>> indicates what might be going on?  Also, RADIUS authentication in Guacamole
>> requires some other module to provide connections and permissions
>> management (usually SQL, but LDAP would work in your case, as well), so you
>> might try setting up one of those modules to actually store your
>> connections and see if the error goes away after that.
>>
>> -Nick
>>
>

Mime
View raw message