Identifying local User Accounts vs LDAP accounts
In my Guacamole deployment I have a mix of user accounts that are local and some that have been brought in by LDAP. Is there a way in the DB or via the API to verify which users are local and which were created via LDAP? Thanks, Kevin
Re: Shared folder issue on Windows 10 pro OS
On Wed, Nov 16, 2022, 7:18 AM Anburaj Palraj wrote: > Hi Nick, > > Could see the below error logs in the messages file. > > > [image: image.png] > This is an error being reported by Windows to guacd. Check your GPOs and whether there are any corresponding events in the Windows event log. - Mike
Re: Issues with LDAP groups and users not populating
I know this is an old post but given the amount of time I put into this I thought I would post a follow-up. So I was having a crazy amount of issues with users not populating consistently or not working from LDAP. What I finally figured out is it was related to the Primary AD group that the users were part of. In our use case the accounts used by Guac users were not part of the "Domain Users" group so we had the primary group the same as the AD group tied to Guacamole. Because of the way that the LDAP details are returned a users primary AD group does not appear in the "MembersOf" list. After finally figuring this out we had to have a unique AD group to use as the primary AD group and then when we assigned a user to their sub group which was tied to Guacamole they populated right away! Kevin On Fri, Jul 8, 2022 at 1:25 PM David Haukeness wrote: > For reference, here is my sanitized AD LDAP config. Do you notice any > obvious differences from yours? I’m running 1.4.0 on Ubuntu LTS 20.04.3 > > auth-provider: net.sourceforge.guacamole.net > .auth.ldap.LDAPAuthenticationProvider > > ### LDAP properties > ldap-hostname: contoso.com > ldap-port: 636 > ldap-encryption-method: ssl > ldap-user-base-dn: OU=Users,DC=contoso,DC=com > ldap-username-attribute: sAMAccountName > ldap-search-bind-dn: CN=LDAP Query User,OU=Service > Accounts,DC=contoso,DC=com > ldap-search-bind-password: correcthorsebatterystaple > ldap-group-base-dn: OU=Guacamole Groups,DC=contoso,DC=com > ldap-follow-referrals: true > ldap-dereference-aliases: always > > # Postgres > postgresql-hostname: localhost > postgresql-port: 5432 > postgresql-database: guacamole_db > postgresql-username: guacamole_user > postgresql-password: correcthorsebatterystaple > postgresql-auto-create-accounts: true > > > David Haukeness > Sent from my iPhone > > > On Jul 8, 2022, at 10:47 AM, Kevin Cameron > wrote: > > > > > > I have 6 different instances of Guacamole setup connected to MS Active > Directory with a Postgres background DB. > > > > They all have a similar guacamole.properties and when I verify my group > and user search filter strings with ldapsearch I get consistent and > expected results. > > > > Problem: > > In the catalina.out I can see LDAP search results showing the users > and AD groups that are expected but they sometimes update in Guacamole, > sometimes not. If I sign into guacamole with an AD user the user can > authenticate and the user does show up in the Guacamole Gui BUT at the top > of the page they don't have the tabs that reflect that they are LDAP / > Postgres users. > > > > At the same time the AD groups don't populate the groups list. > > > > postgresql-auto-create-accounts is set to true. > > > > Sometimes if I manually create a random user then all of a sudden the > lists populate on the next user login but not always. And then any future > updates do not show. Restarting the application does not seem to make a > difference. > > > > Instance 1 > > > > vs > > > > Instance2: > > > > > > My logback is setup to debug so I get a lot of log activity but is there > something I can add to the logback to focus on the LDAP process. > > > > I have spent a lot of time on this and could use help. I really need > the AD groups to import correctly so that we can tie connections to them > > Thanks, > > Kevin > > > - > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Shared folder issue on Windows 10 pro OS
Hi Nick, Could see the below error logs in the messages file. [image: image.png] On Tue, Nov 15, 2022 at 8:31 PM Nick Couchman wrote: > On Tue, Nov 15, 2022 at 9:31 AM Anburaj Palraj > wrote: > > > > Hi Ivan, > > thanks for your email. > > > > Shared folders are visible on all other windows systems(mostly windows > servers). > > > > Only issue on this newly added windows 10 pro desktop. > > > > Do I need to start/stop any service on Windows 10 pro desktop.? > > No, there should not be any additional service that has to be enabled > - although you may need to adjust GPO rules, as those could disable or > block file transfers. > > Is there anything in the guacd logs that indicates a failure in > setting up the file transfer when you connect? Maybe put guacd into > Debug logging and see if that shows any additional output. > > -Nick > > - > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org > >
RE: Config host in LDAP / No historical informations
Hi Mike Thanks for the reply. I understand better although it's not what I expected. So I guess I will have to manage the host config in guacamole despite managing it in the AD was so easy in Powershell. Having the host config outside the docker made life easier Thanks Philippe De : Michael Jumper Envoyé : mardi 15 novembre 2022 19:59 À : user@guacamole.apache.org Objet : Re: Config host in LDAP / No historical informations On Tue, Nov 15, 2022, 2:36 AM Philippe CAMELIO mailto:philippe.came...@ocapiat.fr>> wrote: Hi guys I deployed a Guacamole 1.4.0 (docker stack) to use Active Directory for both users and hosts configurations. It is working fine but log connection informations are not available (Historical). If I create a local connection, logs connection for this host using an AD account are OK. Is this behaviour normal /expected ? Yes - the database currently only logs the history of connections it maintains. This has changed recently via https://issues.apache.org/jira/browse/GUACAMOLE-1616 . - Mike
Re: Issue with users in behind ZScaler
My two cents on the subject: I have the same issue. I host a Guacamole server at home, and I have a few SSH connections setup. When I connect from my work place, behind ZScaler, the ssh sessions drop, usually between 30 seconds and 1 minute. Connecting from any other network works fine. It did not use to be so unstable, though. But there must have been an update recently (either on my company's network, or on ZScaler side) that created this issue. Definitely not an issue on Guacamole's side though. CheersAntoine Le lundi 14 novembre 2022 à 04:09:10 UTC+1, Michael Jumper a écrit : On Sun, Nov 13, 2022, 6:33 PM Lockhart, Roland wrote: Hi This is a follow on from the previous email Our Guacamole logs are recording two public addresses for these users that experience intermittent disconnections. One address is their Businesses external egress address and the other one the Zscaler network. Could this be making their connection reliability lower for the Guac sessions? Sure. It's not impossible that their corporate network is interfering. If they have no issue outside that network, that would be pretty conclusive. - Mike
