guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From surfrock66 <surfroc...@surfrock66.com>
Subject Re: Path forward to get Guacamole working with AD LDAP?
Date Sat, 10 Aug 2019 21:02:57 GMT
Another thought; we service a second organization that is a tree domain off
of ours; I wonder if this is adding to the complexity and why our AD doesn't
work.  Here's the 4 scenarios:

1) Port 389, bound to the root of the domain, search account credentials
provided, Referral following disabled:

WARN  o.a.g.auth.ldap.ObjectQueryService - Given a referral, but referrals
are disabled. Error was: Referral 
WARN  o.a.g.auth.ldap.ObjectQueryService - Given a referral, but referrals
are disabled. Error was: Referral 
WARN  o.a.g.auth.ldap.ObjectQueryService - Given a referral, but referrals
are disabled. Error was: Referral 
WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from
10.1.18.39 for user "username" failed.

2) Port 389, bound to the root of the domain, search account credentials
provided, Referral following enabled:

ERROR o.a.g.auth.ldap.ObjectQueryService - Could not follow referral: null 
ERROR o.a.g.a.l.AuthenticationProviderService - Cannot bind with LDAP
server: Unable to query list of objects from LDAP directory. 
WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from
10.1.18.39 for user "username" failed. 

3) Port 3268, bound to the root of the domain, search account credentials
provided:

DEBUG o.a.g.a.l.AuthenticationProviderService - Anonymous bind is not
currently allowed by the LDAP authentication provider. 
DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt
from 10.1.18.39 failed. 
DEBUG o.a.g.a.ldap.LDAPConnectionService - Connection to LDAP server without
encryption. 
DEBUG o.a.g.auth.ldap.ObjectQueryService - Searching
"DC=AD,DC=DOMAIN,DC=org" for objects matching
"(&(objectClass=*)(cn=username))". 
DEBUG o.a.g.a.l.AuthenticationProviderService - Unable to determine DN for
user "username". 
WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from
10.1.18.39 for user "username" failed. 

4) Port 389, bound to an OU 1 level off the root of the domain, search
account credentials provided, Referral following enabled:

Worked as expected.

I am glad to hear another AD environment is working, especially on port
389/the non-GC configuration. 
 It's that null referral that appears to be killing me, and I can't figure
out how to troubleshoot.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org


Mime
View raw message