guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vieri <rentor...@yahoo.com>
Subject LDAP authentication and connection settings
Date Wed, 24 Apr 2019 09:16:56 GMT
Hi,

I am trying to configure LDAP authentication with connection details within the LDAP directory.
Actually, I'm using AD instead of standard LDAP, but I'm pretty sure the obects have been
created properly on the AD server (guacConfigParameter, guacConfigProtocol, guacConfigGroup).

I created a test "telnet" group called AlcatelPBXtelnet (objectClass: guacConfigGroup, guacConfigProtocol:
telnet, etc.), and added my user as a member.

These are my config files:

# cat guacd.conf
[daemon]
log_level = debug

[server]
bind_host = 10.215.144.124

# cat guacamole.properties
guacd-hostname: 10.215.144.124
guacd-port: 4822

# LDAP
# auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
ldap-hostname: 10.215.144.35
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn: cn=Users,dc=mydomain,dc=org
ldap-username-attribute: cn
ldap-user-search-filter: (&(objectClass=user)(sAMAccountName=*)(memberOf=cn=VPN,cn=Users,dc=mydomain,dc=org))
ldap-max-search-results: 4000

# ls extensions/
guacamole-auth-ldap-1.0.0.jar 

I can log into the Guacamole web UI, but I cannot see my configured connection (telnet).

I'm totally new to Tomcat so please bear with me. My /var/log/tomcat has several files:
catalina.*.log      
localhost.*.log
localhost_access_log.*.txt
host-manager.*.log
manager.*.log

I'm expecting to see LDAP debug messages in catalina.*.log files, but I see none.
I enabled a few things in /etc/tomcat/logging.properties, but it doesn't seem to make any
difference regarding the LDAP extension.

Anyway, I resorted to grabbing a tcpdump on port 389 to see what guacamole was doing.
I can see a successful bindResponse, followed by a searchRequest wholeSubtree.
I can then see a list of all the users who actually belong to the VPN group. One of these
is my user (CN=myuser,CN=Users,DC=mydomain,DC=org).
After the searchResEntry results I get an unbindRequest, and the connection finishes.

I'm guessing Guacamole is not finding the guac* objects.

I then added this to my guacamole.properties:

ldap-config-base-dn: cn=Schema,cn=Configuration,dc=mydomain,dc=org

The tcpdump shows a searchRequest on cn=Schema,cn=Configuration,dc=mydomain,dc=org and a searchResDone
with 30 results.

However, when my user enters the Guacamole web UI there's no connection available.

A quick manual search shows this:

# ldapsearch -b 'cn=Schema,cn=Configuration,dc=mydomain,dc=org' -x -D admin-w passwd -x -h10.215.144.35
| grep guac
# guacConfigParameter, Schema, Configuration, mydomain.org
dn: CN=guacConfigParameter,CN=Schema,CN=Configuration,DC=mydomain,DC=or
cn: guacConfigParameter
distinguishedName: CN=guacConfigParameter,CN=Schema,CN=Configuration,DC=mydoma
adminDisplayName: guacConfigParameter
adminDescription: guacConfigParameter
lDAPDisplayName: guacConfigParameter
name: guacConfigParameter
# guacConfigProtocol, Schema, Configuration, mydomain.org
dn: CN=guacConfigProtocol,CN=Schema,CN=Configuration,DC=mydomain,DC=org
cn: guacConfigProtocol
distinguishedName: CN=guacConfigProtocol,CN=Schema,CN=Configuration,DC=mydomai
adminDisplayName: guacConfigProtocol
adminDescription: guacConfigProtocol
lDAPDisplayName: guacConfigProtocol
name: guacConfigProtocol
# guacConfigGroup, Schema, Configuration, mydomain.org
dn: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydomain,DC=org
cn: guacConfigGroup
distinguishedName: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydomain
mustContain: guacConfigProtocol
mayContain: guacConfigParameter
adminDisplayName: guacConfigGroup
adminDescription: guacConfigGroup
lDAPDisplayName: guacConfigGroup
name: guacConfigGroup
defaultObjectCategory: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydoma

# ldapsearch -b 'cn=Users,dc=mydomain,dc=org' -x -D admin -w passwd -x -h10.215.144.35 | grep
telnet
# AlcatelPBXtelnet, Users, mydomain.org
dn: CN=AlcatelPBXtelnet,CN=Users,DC=mydomain,DC=org
cn: AlcatelPBXtelnet
distinguishedName: CN=AlcatelPBXtelnet,CN=Users,DC=mydomain,DC=org
name: AlcatelPBXtelnet
guacConfigProtocol: telnet

What can I try?

Thanks,

Vieri

Mime
View raw message