[ https://issues.apache.org/jira/browse/GUACAMOLE-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15853949#comment-15853949 ]
Nick Couchman commented on GUACAMOLE-197: ----------------------------------------- Yeah, so something is not working, there. Here's the response I get back: {noformat} {"message":"Invalid login","translatableMessage":{"key":"Invalid login","variables":null},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"} {noformat} So, I'm guessing that the end there should be INSUFFICIENT_CREDENTIALS instead of INVALID_CREDENTIALS? And, in the Tomcat log output, I see the following: {noformat} 07:55:14.055 [http-nio-8080-exec-251] DEBUG o.a.g.a.l.AuthenticationProviderService - Unable to determine DN for user "Andy_Taylor". 07:55:14.058 [http-nio-8080-exec-251] DEBUG o.a.g.a.r.RadiusConnectionService - Sending authentication request to radius server for user Andy_Taylor. 07:55:14.102 [http-nio-8080-exec-251] DEBUG o.a.g.a.r.AuthenticationProviderService - RADIUS sent challenge response: Please enter your otp value: 07:55:14.103 [http-nio-8080-exec-251] DEBUG o.a.g.a.r.AuthenticationProviderService - RADIUS sent state: [B@3b5376ab 07:55:14.103 [http-nio-8080-exec-251] DEBUG o.a.g.a.r.f.RadiusChallengeResponseField - Initializing the RADIUS challenge/response field: Please enter your otp value: 07:55:14.103 [http-nio-8080-exec-251] DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file "/etc/guacamole/user-mapping.xml" does not exist and will not be read. 07:55:14.103 [http-nio-8080-exec-251] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [10.43.112.36, 0:0:0:0:0:0:0:1] for user "Andy_Taylor" failed. {noformat} I would guess that last part - authentication attempt failed - is what's causing the JSON response to be INVALID_CREDENTIALS instead of INSUFFICIENT_CREDENTIALS, just not sure at the moment why it's throwing that. Maybe I'll unload some of the other authentication modules that are in my extensions folder and see if that helps. > Implement Support for RADIUS Authentication > ------------------------------------------- > > Key: GUACAMOLE-197 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-197 > Project: Guacamole > Issue Type: Improvement > Components: guacamole, guacamole-client > Affects Versions: 0.9.11-incubating > Reporter: Nick Couchman > Priority: Minor > > Working on implementing a RADIUS authentication module - > guacamole-auth-radius. The basic implementation is completed - with a basic > PAP or CHAP RADIUS server, the authentication succeeds and the user is logged > in. > I'm running into an issue, though, trying to implement Challenge/Response in > RADIUS. I have my RADIUS server configured to talk to LinOTP for MFA/2FA, > and RADIUS sends the AccessChallenge package back, asking for the second > factor. My issue is in my continual failure to grasp the connection between > the servlet side and the AngularJS web application. I've copied the Duo > authentication code and tried to morph it into something that will present > another box for the RADIUS challenge, but I can't get my controller function > to actually fire. > Once that is working, I'd like to support other RADIUS authentication > protocols, like EAP-TLS and EAP-TTLS, so there's a little more work to be > done, but right now I'm focusing on the basic protocols and the > challenge/response. > Will have a repo posted here in a moment for working on this. -- This message was sent by Atlassian JIRA (v6.3.15#6346)