[
https://issues.apache.org/jira/browse/GUACAMOLE-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15853949#comment-15853949
]
Nick Couchman commented on GUACAMOLE-197:
-----------------------------------------
Yeah, so something is not working, there. Here's the response I get back:
{noformat}
{"message":"Invalid login","translatableMessage":{"key":"Invalid
login","variables":null},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"}
{noformat}
So, I'm guessing that the end there should be INSUFFICIENT_CREDENTIALS instead
of INVALID_CREDENTIALS? And, in the Tomcat log output, I see the following:
{noformat}
07:55:14.055 [http-nio-8080-exec-251] DEBUG
o.a.g.a.l.AuthenticationProviderService - Unable to determine DN for user
"Andy_Taylor".
07:55:14.058 [http-nio-8080-exec-251] DEBUG o.a.g.a.r.RadiusConnectionService -
Sending authentication request to radius server for user Andy_Taylor.
07:55:14.102 [http-nio-8080-exec-251] DEBUG
o.a.g.a.r.AuthenticationProviderService - RADIUS sent challenge response:
Please enter your otp value:
07:55:14.103 [http-nio-8080-exec-251] DEBUG
o.a.g.a.r.AuthenticationProviderService - RADIUS sent state: [B@3b5376ab
07:55:14.103 [http-nio-8080-exec-251] DEBUG
o.a.g.a.r.f.RadiusChallengeResponseField - Initializing the RADIUS
challenge/response field: Please enter your otp value:
07:55:14.103 [http-nio-8080-exec-251] DEBUG
o.a.g.a.f.FileAuthenticationProvider - User mapping file
"/etc/guacamole/user-mapping.xml" does not exist and will not be read.
07:55:14.103 [http-nio-8080-exec-251] WARN o.a.g.r.auth.AuthenticationService
- Authentication attempt from [10.43.112.36, 0:0:0:0:0:0:0:1] for user
"Andy_Taylor" failed.
{noformat}
I would guess that last part - authentication attempt failed - is what's
causing the JSON response to be INVALID_CREDENTIALS instead of
INSUFFICIENT_CREDENTIALS, just not sure at the moment why it's throwing that.
Maybe I'll unload some of the other authentication modules that are in my
extensions folder and see if that helps.
> Implement Support for RADIUS Authentication
> -------------------------------------------
>
> Key: GUACAMOLE-197
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-197
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole, guacamole-client
> Affects Versions: 0.9.11-incubating
> Reporter: Nick Couchman
> Priority: Minor
>
> Working on implementing a RADIUS authentication module -
> guacamole-auth-radius. The basic implementation is completed - with a basic
> PAP or CHAP RADIUS server, the authentication succeeds and the user is logged
> in.
> I'm running into an issue, though, trying to implement Challenge/Response in
> RADIUS. I have my RADIUS server configured to talk to LinOTP for MFA/2FA,
> and RADIUS sends the AccessChallenge package back, asking for the second
> factor. My issue is in my continual failure to grasp the connection between
> the servlet side and the AngularJS web application. I've copied the Duo
> authentication code and tried to morph it into something that will present
> another box for the RADIUS challenge, but I can't get my controller function
> to actually fire.
> Once that is working, I'd like to support other RADIUS authentication
> protocols, like EAP-TLS and EAP-TTLS, so there's a little more work to be
> done, but right now I'm focusing on the basic protocols and the
> challenge/response.
> Will have a repo posted here in a moment for working on this.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
