Re: Error when compile guacamole-server-1.5.3
Hi, anyone have a hint? I don't know how to solve this, I had try also to rollback to the previouse state, before upgrade to Debian 12 & Guacamole 1.5.3 (reload the snapshot taken before upgrade) but I notice that also there RDP wont connect (so is not something related to Debian 12 and/or Guacamole 1.5.3), someone can tell me where to search so I can dig more deeper? Thanks, Alessandro Il 14/08/2023 14:23, Alessandro Sironi ha scritto: Hi Nick, it's a win, now it compile and ATM is up and running! But I can't RDPing into any Server (Windows Server with RDP running, tested using Windows Client). Here qhat I have in catalina.out: [2023-08-14 14:19:52] [info] 14:19:52.453 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "alessandro.sironi" connected to connection "3". [2023-08-14 14:19:52] [info] Exception in thread "Thread-12" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:442) [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:314) [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:254) [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195) [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37) [2023-08-14 14:19:52] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152) [2023-08-14 14:19:52] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53) [2023-08-14 14:19:52] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253) [2023-08-14 14:19:52] [info] 14:19:52.806 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User "alessandro.sironi" disconnected from connection "3". Duration: 353 milliseconds I have all green during ./config: guacamole-server version 1.5.3 Library status: freerdp2 yes pango ... yes libavcodec .. yes libavformat.. yes libavutil ... yes libssh2 . yes libssl .. yes libswscale .. yes libtelnet ... yes libVNCServer yes libvorbis ... yes libpulse yes libwebsockets ... yes libwebp . yes wsock32 . no Protocol support: Kubernetes yes RDP ... yes SSH ... yes Telnet yes VNC ... yes Services / tools: guacd .. yes guacenc yes guaclog yes FreeRDP plugins: /usr/lib/x86_64-linux-gnu/freerdp2 Init scripts: no Systemd units: /etc/systemd/system Type "make" to compile guacamole-server. SSH works w/out any issues, I don't know about VNC and Telnet because I do not have any connections to check. Any hint? Thanks for your support, Alessandro Il 14/08/2023 14:10, Adrian Owen ha scritto: Hi, Please be careful with unsupported repo components, you may unknowingly hide security patches. Waiting for Guacamole Debian 12 support is safest option. Adrian *From:*Yves Auffret *Sent:* 14 August 2023 13:00 *To:* user@guacamole.apache.org *Subject:* Re: Error when compile guacamole-server-1.5.3 Hi, I agree. Another solution is to keep Debian 12 and downgrade Tomcat from 10 to 9 by using Debian 11 repo for Tomcat. Regards, Le lun. 14 août 2023, 13:54, Adrian Owen a écrit : Debian 12 runs tomcat 10 that’s not supported by Guacamole https://issues.apache.org/jira/browse/GUACAMOLE-1325 Debian 11 is okay and should also fix your build issues. Adrian -Original Message- From: Alessandro Sironi Sent: 14 August 2023 11:54 To: user@guacamole.apache.org Subject: Error when compile guacamole-server-1.5.3 Hello all, I'm trying to upgrade from Guacamole 1.5.2 to Guacamole 1.5.3 but I got this error during make: make[2]: uscita dalla directory «/tmp/guacamole-server-1.5.3/src/guacd» Making all in src/guacenc make[2]: ingresso nella directory «/tmp/guacamole-server-1.5.3/src/guacenc» CC guacenc-video.o video.c: In function ‘guacenc_video_alloc’: video.c:63:22: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 6
Re: Error when compile guacamole-server-1.5.3
Hi, I've digged more deeply and I found that RDP is not working only on Windows OS, if I RDP on Linux boxes (XRDP) it works w/out any issue on both Debian 11/Guacamole 1.5.2 and Debian 12/Guacamole 1.5.3. I've to debug why it stop working on Windows, from LOG seems to be something related to security protocol, but I have selected "Any" and checked "Ignor server certificate" as usual, I don't know why it stop working. Alessandro Il 16/08/2023 09:55, Alessandro Sironi ha scritto: Hi, anyone have a hint? I don't know how to solve this, I had try also to rollback to the previouse state, before upgrade to Debian 12 & Guacamole 1.5.3 (reload the snapshot taken before upgrade) but I notice that also there RDP wont connect (so is not something related to Debian 12 and/or Guacamole 1.5.3), someone can tell me where to search so I can dig more deeper? Thanks, Alessandro Il 14/08/2023 14:23, Alessandro Sironi ha scritto: Hi Nick, it's a win, now it compile and ATM is up and running! But I can't RDPing into any Server (Windows Server with RDP running, tested using Windows Client). Here qhat I have in catalina.out: [2023-08-14 14:19:52] [info] 14:19:52.453 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "alessandro.sironi" connected to connection "3". [2023-08-14 14:19:52] [info] Exception in thread "Thread-12" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:442) [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:314) [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:254) [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195) [2023-08-14 14:19:52] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37) [2023-08-14 14:19:52] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152) [2023-08-14 14:19:52] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53) [2023-08-14 14:19:52] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253) [2023-08-14 14:19:52] [info] 14:19:52.806 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User "alessandro.sironi" disconnected from connection "3". Duration: 353 milliseconds I have all green during ./config: guacamole-server version 1.5.3 Library status: freerdp2 yes pango ... yes libavcodec .. yes libavformat.. yes libavutil ... yes libssh2 . yes libssl .. yes libswscale .. yes libtelnet ... yes libVNCServer yes libvorbis ... yes libpulse yes libwebsockets ... yes libwebp . yes wsock32 . no Protocol support: Kubernetes yes RDP ... yes SSH ... yes Telnet yes VNC ... yes Services / tools: guacd .. yes guacenc yes guaclog yes FreeRDP plugins: /usr/lib/x86_64-linux-gnu/freerdp2 Init scripts: no Systemd units: /etc/systemd/system Type "make" to compile guacamole-server. SSH works w/out any issues, I don't know about VNC and Telnet because I do not have any connections to check. Any hint? Thanks for your support, Alessandro Il 14/08/2023 14:10, Adrian Owen ha scritto: Hi, Please be careful with unsupported repo components, you may unknowingly hide security patches. Waiting for Guacamole Debian 12 support is safest option. Adrian *From:*Yves Auffret *Sent:* 14 August 2023 13:00 *To:* user@guacamole.apache.org *Subject:* Re: Error when compile guacamole-server-1.5.3 Hi, I agree. Another solution is to keep Debian 12 and downgrade Tomcat from 10 to 9 by using Debian 11 repo for Tomcat. Regards, Le lun. 14 août 2023, 13:54, Adrian Owen a écrit : Debian 12 runs tomcat 10 that’s not supported by Guacamole https://issues.apache.org/jira/browse/GUACAMOLE-1325 Debian 11 is okay and should also fix your build issues. Adrian -Original Message- From: Alessandro Sironi Sent: 14 August 2023 11:54 To: user@guacamole.apache.org Subject: Error when compile guacamole-server-1.5.3 Hello all, I'm trying
Re: Error when compile guacamole-server-1.5.3
With ignore certificate set, and either nothing or 'any' in security mode, have you tried with 'disable authentication' checked? Also, when fault-finding, I suggest you don't have anything else set, at least initially, as I've sometimes found that can adversely affect the outcome. I include user/pass etc with this caveat, as well as all the other settings. On 16/08/23 20:32, Alessandro Sironi wrote: Hi, I've digged more deeply and I found that RDP is not working only on Windows OS, if I RDP on Linux boxes (XRDP) it works w/out any issue on both Debian 11/Guacamole 1.5.2 and Debian 12/Guacamole 1.5.3. I've to debug why it stop working on Windows, from LOG seems to be something related to security protocol, but I have selected "Any" and checked "Ignor server certificate" as usual, I don't know why it stop working. Alessandro - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Error when compile guacamole-server-1.5.3
On Wed, Aug 16, 2023 at 6:39 AM Ivanmarcus wrote: > > With ignore certificate set, and either nothing or 'any' in security > mode, have you tried with 'disable authentication' checked? > > Also, when fault-finding, I suggest you don't have anything else set, at > least initially, as I've sometimes found that can adversely affect the > outcome. I include user/pass etc with this caveat, as well as all the > other settings. > > On 16/08/23 20:32, Alessandro Sironi wrote: > > Hi, > > > > I've digged more deeply and I found that RDP is not working only on > > Windows OS, if I RDP on Linux boxes (XRDP) it works w/out any issue on > > both Debian 11/Guacamole 1.5.2 and Debian 12/Guacamole 1.5.3. > > > > I've to debug why it stop working on Windows, from LOG seems to be > > something related to security protocol, but I have selected "Any" and > > checked "Ignor server certificate" as usual, I don't know why it stop > > working. > > Can you post the logs from guacd when the RDP connection fails, and bump the log level for guacd up to debug? https://guacamole.apache.org/doc/gug/configuring-guacamole.html#configuring-guacd -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Error when compile guacamole-server-1.5.3
Hi Ivanmarcus! I've tryed both with "disable authentication" and also leaving blanck username & password fields (before I had ${GUAC_USERNAME} and ${GUAC_PASSWORD}) but nothing changed. What is strange is that it works for about 3 years until now, maybe I have to check if anything is changed Windows side. Alessandro Il 16/08/2023 12:38, Ivanmarcus ha scritto: With ignore certificate set, and either nothing or 'any' in security mode, have you tried with 'disable authentication' checked? Also, when fault-finding, I suggest you don't have anything else set, at least initially, as I've sometimes found that can adversely affect the outcome. I include user/pass etc with this caveat, as well as all the other settings. On 16/08/23 20:32, Alessandro Sironi wrote: Hi, I've digged more deeply and I found that RDP is not working only on Windows OS, if I RDP on Linux boxes (XRDP) it works w/out any issue on both Debian 11/Guacamole 1.5.2 and Debian 12/Guacamole 1.5.3. I've to debug why it stop working on Windows, from LOG seems to be something related to security protocol, but I have selected "Any" and checked "Ignor server certificate" as usual, I don't know why it stop working. Alessandro - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Disable GUACAMOLE’S AUTHENTICATION
Hi Team, A Custom application is developed which does authentication. Guacamole is integrated to get invoked from my application after successful authentication. I want to disable default guacamole authentication. How do I disable authentication within Guacamole? Thanks and Regards, Praveen T.K Cell : +91-8971762539 *Nothing Changes, if nothing changes.*
Re: Disable GUACAMOLE’S AUTHENTICATION
On Wed, Aug 16, 2023 at 8:49 AM Praveen Tk wrote: > > Hi Team, > > A Custom application is developed which does authentication. > > Guacamole is integrated to get invoked from my application after successful > authentication. I want to disable default guacamole authentication. > > How do I disable authentication within Guacamole? Please see: https://guacamole.apache.org/faq/#disable-auth You shouldn't disable it; instead, you should either use one of the available modules to integrate with the authentication system, or you should write your own module to do the integrated authentication. If your custom application is so different that you truly do not need any of the authentication, connection management, etc., then you should probably write an actual custom application using only the guacamole-common and guacamole-common-js components, and not the entire client. https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: TOTP Verification Failed During MFA Enrollment
On 8/15/2023 1:30 PM, Delvain Mbina wrote: Hi Mike, I have checked the following: 1) Server's clock: NTP is enabled and the local time is in sync. For good measure, I changed the time zone to PST. The timezone has no impact on the behavior of TOTP, which uses a timestamp in UTC. Regardless of whether NTP is enabled, have you verified that the current system clock exactly matches a reliable public time source? 2) The only default option I changed was the "totp-issuer" setting. That should be fine. - Mike - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Disable GUACAMOLE’S AUTHENTICATION
It's always frustrating when someone tries to tell you how to handle your security, especially when they have no knowledge of your requirements or environment. A way around it is to use the header module with a static header sent via your web server in combiation with the obdc module to define your terminals. A problem with this is the static header screws up the ability to login to the admin account to define your hosts so you have to take it away, get that setup, then put it back. -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Wed, 16 Aug 2023, Nick Couchman wrote: Date: Wed, 16 Aug 2023 10:32:28 -0400 From: Nick Couchman Reply-To: user@guacamole.apache.org To: user@guacamole.apache.org Subject: Re: Disable GUACAMOLE’S AUTHENTICATION On Wed, Aug 16, 2023 at 8:49 AM Praveen Tk wrote: Hi Team, A Custom application is developed which does authentication. Guacamole is integrated to get invoked from my application after successful authentication. I want to disable default guacamole authentication. How do I disable authentication within Guacamole? Please see: https://guacamole.apache.org/faq/#disable-auth You shouldn't disable it; instead, you should either use one of the available modules to integrate with the authentication system, or you should write your own module to do the integrated authentication. If your custom application is so different that you truly do not need any of the authentication, connection management, etc., then you should probably write an actual custom application using only the guacamole-common and guacamole-common-js components, and not the entire client. https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
RE: TOTP Verification Failed During MFA Enrollment
Hi Mike, After changing the timezone and leaving the default configuration settings, we didn't encounter the "failed verification" issue and were able to complete the MFA enrollment. Thank you, Delvain Mbina Security Operations Engineer M: (209) 305-0215 The Save Mart Companies 1600 Yosemite Blvd., Modesto, CA 95354 -Original Message- From: Michael Jumper Sent: Wednesday, August 16, 2023 12:02 PM To: user@guacamole.apache.org Subject: Re: TOTP Verification Failed During MFA Enrollment On 8/15/2023 1:30 PM, Delvain Mbina wrote: > Hi Mike, > > I have checked the following: > > 1) Server's clock: NTP is enabled and the local time is in sync. For good > measure, I changed the time zone to PST. The timezone has no impact on the behavior of TOTP, which uses a timestamp in UTC. Regardless of whether NTP is enabled, have you verified that the current system clock exactly matches a reliable public time source? > 2) The only default option I changed was the "totp-issuer" setting. > That should be fine. - Mike - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Apple OS/X Domain User Connection
I have had easy success connecting to an Apple OS/X over VNC AND easy success connecting to Windows over RDP as both local users and using the Active Directory login. I have not been able to figure out how to connect Guacamole to an Apple computer that is on a company Active Directory. Is this possible and if so, what are the mechanics of that? What sayeth the group? -- Sincerely, Jay Jay Lepore CompuMatter *Office*: 360 299 2428 | *Cell*: 360 202 0434 *Email*: j...@compumatter.com /If you are satisfied with your service, please consider providing us a social media review at https://compumatter.com/reviews ...If you are not, please let me know so I can make it better/