[jira] [Issue Comment Deleted] (GUACAMOLE-1133) VNC fails to connect to macOS

Mon, 28 Dec 2020 15:43:06 -0800 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Couchman updated GUACAMOLE-1133:
-------------------------------------
    Comment: was deleted

(was: Digging into the source code of both Guacamole and LibVNCClient a bit 
more, I've found a couple of things...
* This is definitely a regression due to GUACAMOLE-514 - adding support for 
retrieving credentials beyond just password (username + password) allows 
libvncclient to expand the types of VNC security it will allow, including 
Apple's Remote Desktop (ARD) security.
* It looks like ARD does some encryption of the credentials as they cross the 
wire - it basically does a key exchange with the remote server, encrypts the 
credentials using the key, and passes them. My guess is that something in this 
key exchange process is failing, resulting in the authentication failure.
* There is a short-term solution that involves setting specific authentication 
schemes that the Guacamole VNC client can support - something like No Auth, VNC 
Auth, TLS, VeNCRypt, and MSLogin, which I think all work fine with Guacamole 
today. However, this is just a band-aide that will disable ARD support and 
force a lower security level.
* The real solution is to figure out how to make ARD security work correctly, 
but I'm thin on details on what's actually missing from Guacamole's use of 
libvncclient to make this work. As far as I can tell everything *should* be 
there, but, clearly something is not working.)

> VNC fails to connect to macOS
> -----------------------------
>
>                 Key: GUACAMOLE-1133
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1133
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 1.2.0
>         Environment: Remote host macOS 10.15.5
> Guacamole server Raspbian GNU/Linux 10
>            Reporter: Matt Fusfield
>            Priority: Minor
>
> Since upgrading to version 1.2.0, I am unable to connect via VNC to a Mac 
> host. The same exact configuration works with 1.1.0.
>  
> In syslog, there are entries regarding "Selecting security type 30" and then 
> it receives back types 33, 36,2,35. Then "VNC connection failed: 
> authentication or authorization failure"
>  
> I attempted to change config to use mac username and password, and that did 
> not work either (on 1.1.0 the password is set to the Mac VNC password)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to