Re: Configuring LDAP

[harry.devine]

/var/log/tomcat/catalina.2017-11-13.log

From: Mike Jumper 
Sent: Monday, November 13, 2017 4:56:23 PM
To: user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

Which log are these messages from?

- Mike


On Mon, Nov 13, 2017 at 12:55 PM, 
> wrote:
OK, here goes:  https://pastebin.com/Be35FaN6

Thanks,
Harry

From: Mike Jumper 
[mailto:mike.jum...@guac-dev.org]
Sent: Monday, November 13, 2017 3:49 PM

To: 
user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

Don't send it to me directly off-list - things really need to be kept on-list.

pastebin or a GitHub gist are decent choices. You could also paste the logs 
directly into a new email. I don't recommend trying to attach the logs, as 
attachments are sometimes filtered away.


On Mon, Nov 13, 2017 at 12:44 PM, 
> wrote:
Any place in particular?  Not really sure where I can put something like that.  
Can I send it to you off-list?

Thanks,
Harry

From: Mike Jumper 
[mailto:mike.jum...@guac-dev.org]
Sent: Monday, November 13, 2017 2:02 PM

To: 
user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

Following a restart of Tomcat, can you post the entire Tomcat log somewhere, at 
least the portion which follows that restart?

- Mike


On Mon, Nov 13, 2017 at 10:51 AM, 
> wrote:
I tried to add GUACAMOLE_HOME=”/etc/guacamole” into /etc/tomcat/tomcat.conf and 
restarting Tomcat, but that didn’t work.  Instead of getting “Login failed” on 
the page, the page did nothing.  So I backed that out and restarted everything, 
and can’t log in at all.  I enter the guacadmin user and password and click 
Login, and nothing happens.  I do see a successful login message in 
/var/log/messages, but the page doesn’t redirect me anywhere any longer.

Thanks,
Harry

From: Devine, Harry (FAA)
Sent: Monday, November 13, 2017 8:49 AM
To: 
user@guacamole.incubator.apache.org
Subject: RE: Configuring LDAP

Well, I tried moving the extensions to /etc/guacamole and restarting Tomcat and 
guacamole, and I still don’t see LDAP referenced in the logs.  Where do I set 
that in catalina.properties?  That’s my next step.  Also, when I try to log in, 
I do see the following error in the log (I masked out the IP and the user name):

Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN  
o.a.g.r.auth.AuthenticationService - Authentication attempt from 
xxx.xxx.xxx.xxx for user "user" failed.

Thanks,
Harry

From: Nick Couchman [mailto:vn...@apache.org]
Sent: Monday, November 13, 2017 8:05 AM
To: 
user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

On Mon, Nov 13, 2017 at 7:55 AM, 
> wrote:
I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP 
loading.  I have the 0.9.13 LDAP extension at 
/usr/share/tomcat/.guacamole/extensions.  Is that the proper directory for it?  
I’m pretty sure that’s where the user guide said to put it.  I also have the 
pertinent LDAP parameters set in the guacamole.properties file at 
/etc/guacamole.

In 0.9.13-incubating, if you downloaded the release from the website, then the 
default GUACAMOLE_HOME will be the $HOME/.guacamole directory.  Double-check 
and make sure that's the Tomcat user's home directory.  You can also change the 
GUACAMOLE_HOME via either the guacamole.home property in Tomcat's 
catalina.properties file, or by setting the GUACAMOLE_HOME environment variable 
before starting Tomcat.  This changes slightly in 0.9.14-incubating (git repo), 
with /etc/guacamole becoming the fallback-default location.

If you have guacamole.properties in /etc/guacamole, and you can successfully 
change other items in that file and see the changes take effect, then I believe 
your GUACAMOLE_HOME is probably configured for /etc/guacamole, in which case 
your extensions should be in /etc/guacamole/extensions.  So, you might try 
creating that directory, placing the LDAP extension there, and then restarting 
Tomcat.

-Nick

Re: IP of web session for ssh connection

[Tjareson]

Hi Nick,

do you know if that topic will ever get addressed somehow?
I'm not quite sure, what I could do to support that.

That was the issue that the IP address of the web session is not 
correctly provided in ${GUAC_CLIENT_ADDRESS} when starting e.g. a ssh 
session.


kind regards
Tjareson


Am 24.08.2017 um 12:26 schrieb Tjareson:


https://issues.apache.org/jira/browse/GUACAMOLE-369



Am 24.08.2017 um 11:49 schrieb Nick Couchman:
As far as NoAuth, I think that's pretty much a closed issue - there's 
not really any support for that among the development community.  You 
might try, instead, using either SSO or LDAP and then using the 
${GUAC_USERNAME} and ${GUAC_PASSWORD} tokens to pass through 
authentication such that you can avoid the dual-login requirements. 
 I do understand the frustration there - I've lived the admin side of 
things for long enough that I recognize that you want to make the 
experience as simple as possible for users, and asking them to login 
twice can cause frustration.  I also realize that use of SSO or LDAP 
modules would require your destination SSH server to use the same 
authentication that Guacamole does, and that that's not always 
possible, but you can probably work something out, there.


Yeah, probably good to go ahead and log a JIRA issue for the IP issue 
you're seeing.


-Nick



On Thursday, August 24, 2017, 11:45:40 AM EDT, Tjareson 
 wrote:




Yes, I saw some discussion about the no-auth as well. It's a bit of a 
pity that it will be removed.
Even if off-topic here right now: I think in the end it will in fact 
make it more confusing for the user. Today I can tell the user "You 
only ever type your credentials into the login screen of the 
application, never anywhere else." Which makes it clear and easy to 
remember and avoids fishing.
Without no-auth, the user has to login either at login screen of 
guacamole and/or at the login screen of the application, in case he 
or she connects on the internal network directly with a Putty client. 
So we are loosing that unique point where to type in login data only.
Is that still under discussion, means is there a point where I can 
mention my argument?


Back to the topic: if you could find something where the ip behaviour 
could be changed that would be very helpful.

Would it make sense, if I log an issue for that?

I've also checked the option to track down the web ip of a ssh 
session with lsof and netstat and all logs, to see who is talking to 
whom via which ports. But it always stops where communication is 
aggregated in one single process and connections becoming 1:n. (e.g. 
nginx)


kind regards
Tjareson

Am 24.08.2017 um 09:02 schrieb Nick Couchman:
A word of caution about no-auth: it is deprecated, no longer 
maintained or supported, and will not be available in future releases.


As far as why it's not getting updated, I'm not sure off the top of 
my head, except that there's likely a session somewhere in the 
Guacamole Servlet code that has the data cached for a particular 
user login.  I'll see if I can do some debugging on this and figure 
out where it's happening and what needs to be done to flush it out.


-Nick

== He has shown you, O man, what is good; And what does the LORD 
require of you But to do justly, To love mercy, And to walk humbly 
with your God? --Micah 6:8-- ==




On Wednesday, August 23, 2017, 7:16:51 PM EDT, Tjareson 
  wrote:




By the way: I see the same phenomenon when I'm using no-auth, where 
there is no specific user anymore.


If it works proper with no-auth it would have been a solution in my 
case already as the application does a proper authentication anyway. 
(so currently I'm redirecting all users to a url containing a 
default user name and password, so they do not need to authenticate 
twice.)


So the not changing ip address in ${GUAC_CLIENT_ADDRESS} remains 
kind of a question mark.



Am 23.08.2017 um 17:38 schrieb Nick Couchman:
There may be some buffering done inside the Guacamole code 
somewhere - I'm not sure about that.  Maybe Mike or James can chime 
in and confirm or debunk that?


-Nick



On Wednesday, August 23, 2017, 5:10:19 PM EDT, Tjareson 
  wrote:



Hi Nick,

that did the trick.

Do you know if there is any setting stopping tomcat7 (or maybe 
guacd) from buffering the ip?
Currently I have the odd situation that if I log in from a 
different ip address with the same user I see this different ip 
address in catalina.out, but the first ip it got after starting 
tomcat stays in ${GUAC_CLIENT_ADDRESS}, no matter if I logout the 
user before or not.
It looks like that the user session for a particular username in 
guacamole gets buffered somewhere.

Only if I restart tomcat then the ip gets updated.
The odd thing is: catalina.out shows always the correct ip and a 
restart of guacd doesn't reset this link 

Re: Configuring LDAP

[Mike Jumper]

Which log are these messages from?

- Mike


On Mon, Nov 13, 2017 at 12:55 PM,  wrote:

> OK, here goes:  https://pastebin.com/Be35FaN6
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Mike Jumper [mailto:mike.jum...@guac-dev.org]
> *Sent:* Monday, November 13, 2017 3:49 PM
>
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> Don't send it to me directly off-list - things really need to be kept
> on-list.
>
>
>
> pastebin or a GitHub gist are decent choices. You could also paste the
> logs directly into a new email. I don't recommend trying to attach the
> logs, as attachments are sometimes filtered away.
>
>
>
>
>
> On Mon, Nov 13, 2017 at 12:44 PM,  wrote:
>
> Any place in particular?  Not really sure where I can put something like
> that.  Can I send it to you off-list?
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Mike Jumper [mailto:mike.jum...@guac-dev.org]
> *Sent:* Monday, November 13, 2017 2:02 PM
>
>
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> Following a restart of Tomcat, can you post the entire Tomcat log
> somewhere, at least the portion which follows that restart?
>
>
>
> - Mike
>
>
>
>
>
> On Mon, Nov 13, 2017 at 10:51 AM,  wrote:
>
> I tried to add GUACAMOLE_HOME=”/etc/guacamole” into
> /etc/tomcat/tomcat.conf and restarting Tomcat, but that didn’t work.
> Instead of getting “Login failed” on the page, the page did nothing.  So I
> backed that out and restarted everything, and can’t log in at all.  I enter
> the guacadmin user and password and click Login, and nothing happens.  I do
> see a successful login message in /var/log/messages, but the page doesn’t
> redirect me anywhere any longer.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Devine, Harry (FAA)
> *Sent:* Monday, November 13, 2017 8:49 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* RE: Configuring LDAP
>
>
>
> Well, I tried moving the extensions to /etc/guacamole and restarting
> Tomcat and guacamole, and I still don’t see LDAP referenced in the logs.
> Where do I set that in catalina.properties?  That’s my next step.  Also,
> when I try to log in, I do see the following error in the log (I masked out
> the IP and the user name):
>
>
>
> Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN
> o.a.g.r.auth.AuthenticationService - Authentication attempt from
> xxx.xxx.xxx.xxx for user "user" failed.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Nick Couchman [mailto:vn...@apache.org ]
> *Sent:* Monday, November 13, 2017 8:05 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> On Mon, Nov 13, 2017 at 7:55 AM,  wrote:
>
> I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP
> loading.  I have the 0.9.13 LDAP extension at 
> /usr/share/tomcat/.guacamole/extensions.
> Is that the proper directory for it?  I’m pretty sure that’s where the user
> guide said to put it.  I also have the pertinent LDAP parameters set in the
> guacamole.properties file at /etc/guacamole.
>
>
>
> In 0.9.13-incubating, if you downloaded the release from the website, then
> the default GUACAMOLE_HOME will be the $HOME/.guacamole directory.
> Double-check and make sure that's the Tomcat user's home directory.  You
> can also change the GUACAMOLE_HOME via either the guacamole.home property
> in Tomcat's catalina.properties file, or by setting the GUACAMOLE_HOME
> environment variable before starting Tomcat.  This changes slightly in
> 0.9.14-incubating (git repo), with /etc/guacamole becoming the
> fallback-default location.
>
>
>
> If you have guacamole.properties in /etc/guacamole, and you can
> successfully change other items in that file and see the changes take
> effect, then I believe your GUACAMOLE_HOME is probably configured for
> /etc/guacamole, in which case your extensions should be in
> /etc/guacamole/extensions.  So, you might try creating that directory,
> placing the LDAP extension there, and then restarting Tomcat.
>
>
>
> -Nick
>
>
>
>
>

RE: Configuring LDAP

[harry.devine]

OK, here goes:  https://pastebin.com/Be35FaN6

Thanks,
Harry

From: Mike Jumper [mailto:mike.jum...@guac-dev.org]
Sent: Monday, November 13, 2017 3:49 PM
To: user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

Don't send it to me directly off-list - things really need to be kept on-list.

pastebin or a GitHub gist are decent choices. You could also paste the logs 
directly into a new email. I don't recommend trying to attach the logs, as 
attachments are sometimes filtered away.


On Mon, Nov 13, 2017 at 12:44 PM, 
> wrote:
Any place in particular?  Not really sure where I can put something like that.  
Can I send it to you off-list?

Thanks,
Harry

From: Mike Jumper 
[mailto:mike.jum...@guac-dev.org]
Sent: Monday, November 13, 2017 2:02 PM

To: 
user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

Following a restart of Tomcat, can you post the entire Tomcat log somewhere, at 
least the portion which follows that restart?

- Mike


On Mon, Nov 13, 2017 at 10:51 AM, 
> wrote:
I tried to add GUACAMOLE_HOME=”/etc/guacamole” into /etc/tomcat/tomcat.conf and 
restarting Tomcat, but that didn’t work.  Instead of getting “Login failed” on 
the page, the page did nothing.  So I backed that out and restarted everything, 
and can’t log in at all.  I enter the guacadmin user and password and click 
Login, and nothing happens.  I do see a successful login message in 
/var/log/messages, but the page doesn’t redirect me anywhere any longer.

Thanks,
Harry

From: Devine, Harry (FAA)
Sent: Monday, November 13, 2017 8:49 AM
To: 
user@guacamole.incubator.apache.org
Subject: RE: Configuring LDAP

Well, I tried moving the extensions to /etc/guacamole and restarting Tomcat and 
guacamole, and I still don’t see LDAP referenced in the logs.  Where do I set 
that in catalina.properties?  That’s my next step.  Also, when I try to log in, 
I do see the following error in the log (I masked out the IP and the user name):

Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN  
o.a.g.r.auth.AuthenticationService - Authentication attempt from 
xxx.xxx.xxx.xxx for user "user" failed.

Thanks,
Harry

From: Nick Couchman [mailto:vn...@apache.org]
Sent: Monday, November 13, 2017 8:05 AM
To: 
user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

On Mon, Nov 13, 2017 at 7:55 AM, 
> wrote:
I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP 
loading.  I have the 0.9.13 LDAP extension at 
/usr/share/tomcat/.guacamole/extensions.  Is that the proper directory for it?  
I’m pretty sure that’s where the user guide said to put it.  I also have the 
pertinent LDAP parameters set in the guacamole.properties file at 
/etc/guacamole.

In 0.9.13-incubating, if you downloaded the release from the website, then the 
default GUACAMOLE_HOME will be the $HOME/.guacamole directory.  Double-check 
and make sure that's the Tomcat user's home directory.  You can also change the 
GUACAMOLE_HOME via either the guacamole.home property in Tomcat's 
catalina.properties file, or by setting the GUACAMOLE_HOME environment variable 
before starting Tomcat.  This changes slightly in 0.9.14-incubating (git repo), 
with /etc/guacamole becoming the fallback-default location.

If you have guacamole.properties in /etc/guacamole, and you can successfully 
change other items in that file and see the changes take effect, then I believe 
your GUACAMOLE_HOME is probably configured for /etc/guacamole, in which case 
your extensions should be in /etc/guacamole/extensions.  So, you might try 
creating that directory, placing the LDAP extension there, and then restarting 
Tomcat.

-Nick

Re: Configuring LDAP

[Mike Jumper]

Don't send it to me directly off-list - things really need to be kept
on-list.

pastebin or a GitHub gist are decent choices. You could also paste the logs
directly into a new email. I don't recommend trying to attach the logs, as
attachments are sometimes filtered away.


On Mon, Nov 13, 2017 at 12:44 PM,  wrote:

> Any place in particular?  Not really sure where I can put something like
> that.  Can I send it to you off-list?
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Mike Jumper [mailto:mike.jum...@guac-dev.org]
> *Sent:* Monday, November 13, 2017 2:02 PM
>
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> Following a restart of Tomcat, can you post the entire Tomcat log
> somewhere, at least the portion which follows that restart?
>
>
>
> - Mike
>
>
>
>
>
> On Mon, Nov 13, 2017 at 10:51 AM,  wrote:
>
> I tried to add GUACAMOLE_HOME=”/etc/guacamole” into
> /etc/tomcat/tomcat.conf and restarting Tomcat, but that didn’t work.
> Instead of getting “Login failed” on the page, the page did nothing.  So I
> backed that out and restarted everything, and can’t log in at all.  I enter
> the guacadmin user and password and click Login, and nothing happens.  I do
> see a successful login message in /var/log/messages, but the page doesn’t
> redirect me anywhere any longer.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Devine, Harry (FAA)
> *Sent:* Monday, November 13, 2017 8:49 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* RE: Configuring LDAP
>
>
>
> Well, I tried moving the extensions to /etc/guacamole and restarting
> Tomcat and guacamole, and I still don’t see LDAP referenced in the logs.
> Where do I set that in catalina.properties?  That’s my next step.  Also,
> when I try to log in, I do see the following error in the log (I masked out
> the IP and the user name):
>
>
>
> Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN
> o.a.g.r.auth.AuthenticationService - Authentication attempt from
> xxx.xxx.xxx.xxx for user "user" failed.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Nick Couchman [mailto:vn...@apache.org ]
> *Sent:* Monday, November 13, 2017 8:05 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> On Mon, Nov 13, 2017 at 7:55 AM,  wrote:
>
> I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP
> loading.  I have the 0.9.13 LDAP extension at 
> /usr/share/tomcat/.guacamole/extensions.
> Is that the proper directory for it?  I’m pretty sure that’s where the user
> guide said to put it.  I also have the pertinent LDAP parameters set in the
> guacamole.properties file at /etc/guacamole.
>
>
>
> In 0.9.13-incubating, if you downloaded the release from the website, then
> the default GUACAMOLE_HOME will be the $HOME/.guacamole directory.
> Double-check and make sure that's the Tomcat user's home directory.  You
> can also change the GUACAMOLE_HOME via either the guacamole.home property
> in Tomcat's catalina.properties file, or by setting the GUACAMOLE_HOME
> environment variable before starting Tomcat.  This changes slightly in
> 0.9.14-incubating (git repo), with /etc/guacamole becoming the
> fallback-default location.
>
>
>
> If you have guacamole.properties in /etc/guacamole, and you can
> successfully change other items in that file and see the changes take
> effect, then I believe your GUACAMOLE_HOME is probably configured for
> /etc/guacamole, in which case your extensions should be in
> /etc/guacamole/extensions.  So, you might try creating that directory,
> placing the LDAP extension there, and then restarting Tomcat.
>
>
>
> -Nick
>
>
>

RE: Configuring LDAP

[harry.devine]

Any place in particular?  Not really sure where I can put something like that.  
Can I send it to you off-list?

Thanks,
Harry

From: Mike Jumper [mailto:mike.jum...@guac-dev.org]
Sent: Monday, November 13, 2017 2:02 PM
To: user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

Following a restart of Tomcat, can you post the entire Tomcat log somewhere, at 
least the portion which follows that restart?

- Mike


On Mon, Nov 13, 2017 at 10:51 AM, 
> wrote:
I tried to add GUACAMOLE_HOME=”/etc/guacamole” into /etc/tomcat/tomcat.conf and 
restarting Tomcat, but that didn’t work.  Instead of getting “Login failed” on 
the page, the page did nothing.  So I backed that out and restarted everything, 
and can’t log in at all.  I enter the guacadmin user and password and click 
Login, and nothing happens.  I do see a successful login message in 
/var/log/messages, but the page doesn’t redirect me anywhere any longer.

Thanks,
Harry

From: Devine, Harry (FAA)
Sent: Monday, November 13, 2017 8:49 AM
To: 
user@guacamole.incubator.apache.org
Subject: RE: Configuring LDAP

Well, I tried moving the extensions to /etc/guacamole and restarting Tomcat and 
guacamole, and I still don’t see LDAP referenced in the logs.  Where do I set 
that in catalina.properties?  That’s my next step.  Also, when I try to log in, 
I do see the following error in the log (I masked out the IP and the user name):

Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN  
o.a.g.r.auth.AuthenticationService - Authentication attempt from 
xxx.xxx.xxx.xxx for user "user" failed.

Thanks,
Harry

From: Nick Couchman [mailto:vn...@apache.org]
Sent: Monday, November 13, 2017 8:05 AM
To: 
user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

On Mon, Nov 13, 2017 at 7:55 AM, 
> wrote:
I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP 
loading.  I have the 0.9.13 LDAP extension at 
/usr/share/tomcat/.guacamole/extensions.  Is that the proper directory for it?  
I’m pretty sure that’s where the user guide said to put it.  I also have the 
pertinent LDAP parameters set in the guacamole.properties file at 
/etc/guacamole.

In 0.9.13-incubating, if you downloaded the release from the website, then the 
default GUACAMOLE_HOME will be the $HOME/.guacamole directory.  Double-check 
and make sure that's the Tomcat user's home directory.  You can also change the 
GUACAMOLE_HOME via either the guacamole.home property in Tomcat's 
catalina.properties file, or by setting the GUACAMOLE_HOME environment variable 
before starting Tomcat.  This changes slightly in 0.9.14-incubating (git repo), 
with /etc/guacamole becoming the fallback-default location.

If you have guacamole.properties in /etc/guacamole, and you can successfully 
change other items in that file and see the changes take effect, then I believe 
your GUACAMOLE_HOME is probably configured for /etc/guacamole, in which case 
your extensions should be in /etc/guacamole/extensions.  So, you might try 
creating that directory, placing the LDAP extension there, and then restarting 
Tomcat.

-Nick

Re: Configuring LDAP

[Mike Jumper]

Following a restart of Tomcat, can you post the entire Tomcat log
somewhere, at least the portion which follows that restart?

- Mike


On Mon, Nov 13, 2017 at 10:51 AM,  wrote:

> I tried to add GUACAMOLE_HOME=”/etc/guacamole” into
> /etc/tomcat/tomcat.conf and restarting Tomcat, but that didn’t work.
> Instead of getting “Login failed” on the page, the page did nothing.  So I
> backed that out and restarted everything, and can’t log in at all.  I enter
> the guacadmin user and password and click Login, and nothing happens.  I do
> see a successful login message in /var/log/messages, but the page doesn’t
> redirect me anywhere any longer.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Devine, Harry (FAA)
> *Sent:* Monday, November 13, 2017 8:49 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* RE: Configuring LDAP
>
>
>
> Well, I tried moving the extensions to /etc/guacamole and restarting
> Tomcat and guacamole, and I still don’t see LDAP referenced in the logs.
> Where do I set that in catalina.properties?  That’s my next step.  Also,
> when I try to log in, I do see the following error in the log (I masked out
> the IP and the user name):
>
>
>
> Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN
> o.a.g.r.auth.AuthenticationService - Authentication attempt from
> xxx.xxx.xxx.xxx for user "user" failed.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Nick Couchman [mailto:vn...@apache.org ]
> *Sent:* Monday, November 13, 2017 8:05 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> On Mon, Nov 13, 2017 at 7:55 AM,  wrote:
>
> I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP
> loading.  I have the 0.9.13 LDAP extension at 
> /usr/share/tomcat/.guacamole/extensions.
> Is that the proper directory for it?  I’m pretty sure that’s where the user
> guide said to put it.  I also have the pertinent LDAP parameters set in the
> guacamole.properties file at /etc/guacamole.
>
>
>
> In 0.9.13-incubating, if you downloaded the release from the website, then
> the default GUACAMOLE_HOME will be the $HOME/.guacamole directory.
> Double-check and make sure that's the Tomcat user's home directory.  You
> can also change the GUACAMOLE_HOME via either the guacamole.home property
> in Tomcat's catalina.properties file, or by setting the GUACAMOLE_HOME
> environment variable before starting Tomcat.  This changes slightly in
> 0.9.14-incubating (git repo), with /etc/guacamole becoming the
> fallback-default location.
>
>
>
> If you have guacamole.properties in /etc/guacamole, and you can
> successfully change other items in that file and see the changes take
> effect, then I believe your GUACAMOLE_HOME is probably configured for
> /etc/guacamole, in which case your extensions should be in
> /etc/guacamole/extensions.  So, you might try creating that directory,
> placing the LDAP extension there, and then restarting Tomcat.
>
>
>
> -Nick
>

RE: Configuring LDAP

[harry.devine]

I tried to add GUACAMOLE_HOME=”/etc/guacamole” into /etc/tomcat/tomcat.conf and 
restarting Tomcat, but that didn’t work.  Instead of getting “Login failed” on 
the page, the page did nothing.  So I backed that out and restarted everything, 
and can’t log in at all.  I enter the guacadmin user and password and click 
Login, and nothing happens.  I do see a successful login message in 
/var/log/messages, but the page doesn’t redirect me anywhere any longer.

Thanks,
Harry

From: Devine, Harry (FAA)
Sent: Monday, November 13, 2017 8:49 AM
To: user@guacamole.incubator.apache.org
Subject: RE: Configuring LDAP

Well, I tried moving the extensions to /etc/guacamole and restarting Tomcat and 
guacamole, and I still don’t see LDAP referenced in the logs.  Where do I set 
that in catalina.properties?  That’s my next step.  Also, when I try to log in, 
I do see the following error in the log (I masked out the IP and the user name):

Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN  
o.a.g.r.auth.AuthenticationService - Authentication attempt from 
xxx.xxx.xxx.xxx for user "user" failed.

Thanks,
Harry

From: Nick Couchman [mailto:vn...@apache.org]
Sent: Monday, November 13, 2017 8:05 AM
To: 
user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

On Mon, Nov 13, 2017 at 7:55 AM, 
> wrote:
I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP 
loading.  I have the 0.9.13 LDAP extension at 
/usr/share/tomcat/.guacamole/extensions.  Is that the proper directory for it?  
I’m pretty sure that’s where the user guide said to put it.  I also have the 
pertinent LDAP parameters set in the guacamole.properties file at 
/etc/guacamole.

In 0.9.13-incubating, if you downloaded the release from the website, then the 
default GUACAMOLE_HOME will be the $HOME/.guacamole directory.  Double-check 
and make sure that's the Tomcat user's home directory.  You can also change the 
GUACAMOLE_HOME via either the guacamole.home property in Tomcat's 
catalina.properties file, or by setting the GUACAMOLE_HOME environment variable 
before starting Tomcat.  This changes slightly in 0.9.14-incubating (git repo), 
with /etc/guacamole becoming the fallback-default location.

If you have guacamole.properties in /etc/guacamole, and you can successfully 
change other items in that file and see the changes take effect, then I believe 
your GUACAMOLE_HOME is probably configured for /etc/guacamole, in which case 
your extensions should be in /etc/guacamole/extensions.  So, you might try 
creating that directory, placing the LDAP extension there, and then restarting 
Tomcat.

-Nick

Re: Intermittent VNC connectivity to IP KVM

[kpham]

Hi Mike, thank you for your instruction. I attempted to report it to LibVNC
Github but it is difficult to point exactly where the issue is with them.
It's a bit confusing with logs from Guacamole about LibVNC :) . I will try
to write a better post to them.

On a follow up question, please help me (Just on high level, just need
directions, I can Google the rest), how do you "Installing the absolute
latest libvncclient (part of libvncserver), rebuilding guacamole-server" ?





--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Re: Intermittent VNC connectivity to IP KVM

[Mike Jumper]

On Mon, Nov 13, 2017 at 9:47 AM, kpham  wrote:

> ...
> kernel: [20018.150998] traps: guacd[2185] trap divide error ip :
> 7f493214dbcd sp:7f4932d70b80 error:0 in
> libvncclient.so.1.0.0[7f493213d+1e]
>
> Do you think it's a bug in vncclient module? Any suggestion for me on how
> to
> fix it ?
>
>
This does look like a bug in libvncclient, the library used by Guacamole's
VNC support to handle the VNC protocol. It's hard to tell exactly where
within the library this is happening, but the kernel is reporting here that
the library is attempting to divide by zero. My guess, given context, is
that the VNC server is sending an empty rectangle with one of the
dimensions being zero, and libvncclient is improperly handling this
condition.

I would recommend installing the absolute latest libvncclient (part of
libvncserver), rebuilding guacamole-server, and seeing if the problem is
resolved. If the bug remains, the next step would be to report it upstream:

https://github.com/LibVNC/libvncserver

- Mike

Re: Guacamole Redirected Printer download files

[Mike Jumper]

On Mon, Nov 13, 2017 at 9:56 AM, Amarjeet Singh 
wrote:

> Hi Team,
>
> when I print any file using guacamole redirected printer, it always
> download the file instead of showing print preview.
> It is written to follow the above behavior
> .
> I looked into guacamole common js where it downloads with the help of
> iframe.
>

guacamole-common-js leaves the handling of downloads open to the
implementor using the API. If you're looking at code which leverages an
iframe for download, you are looking at the web application, not
guacamole-common-js.

I tried all the possible ways to edit the code and show the PDF files in
> iframe instead of downloading directly.
> It always downloads.
> Then I tried to change the url and gave the url of the PDF file from the
> server directly. It shows in the iframe and doesn't downloads.
> I came to know that there is something with the url which always tried to
> download.
> Any suggestions to resolve and show the PDF file in the iframe?
>

My suggestion would be to not attempt to override this behavior, and allow
the PDF to always download. Displaying the PDF within the browser is
problematic, and does not work identically across all browsers. Some will
display the PDF correctly, downloading the PDF only if no viewer is
present, others will display an empty iframe/tab even though a PDF viewer
is available or built-in, and yet others will silently fail with no way for
JavaScript to detect this.

Downloading the PDF directly is the only behavior which works universally.

- Mike

Re: GUAC-1096 conditions for WebSockets

[bkalb]

> How do the failing environment and development environment differ? 

I was able to replicate the error by using an iptables rule to drop all
packets going to the port of the server running Tomcat.  Once that rule was
set, the Tomcat logs were acting as we expect with the connection to guacd
dropped (see below).

However, the client was not able to close the tunnel properly after the 15
second timeout and disconnect due to the communications drop resulting in
the black screen conditions I described.  I was able to resolve this
behavior by patching Tunnel.js to keep trying the reconnect action if the
code was UPSTREAM_TIMEOUT so Guacamole would reconnect properly once the
external comm issue disappeared.   This is probably a very edge case
scenario!

/// Ignore if already closed
if (tunnel.state === Guacamole.Tunnel.State.CLOSED && status.code
!== Guacamole.Status.Code.UPSTREAM_TIMEOUT)
return;/

14:36:58.141 [Thread-11] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint -
Connection to guacd terminated abnormally: Connection to guacd timed out.
14:36:58.154 [Thread-11] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint -
Internal error during connection to guacd.
org.apache.guacamole.GuacamoleUpstreamTimeoutException: Connection to guacd
timed out.
at
org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:182)
~[guacamole-common-0.9.10-incubating.jar:na]
at
org.apache.guacamole.io.ReaderGuacamoleReader.readInstruction(ReaderGuacamoleReader.java:197)
~[guacamole-common-0.9.10-incubating.jar:na]
at
org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:83)
~[guacamole-common-0.9.10-incubating.jar:na]
at
org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:83)
~[guacamole-common-0.9.10-incubating.jar:na]
at
org.apache.guacamole.protocol.FilteredGuacamoleReader.read(FilteredGuacamoleReader.java:66)
~[guacamole-common-0.9.10-incubating.jar:na]
at
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:162)
~[guacamole-common-0.9.10-incubating.jar:na]
Caused by: java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method) ~[na:1.8.0_151]
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
~[na:1.8.0_151]
at java.net.SocketInputStream.read(SocketInputStream.java:171)
~[na:1.8.0_151]
at java.net.SocketInputStream.read(SocketInputStream.java:141)
~[na:1.8.0_151]
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
~[na:1.8.0_151]
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
~[na:1.8.0_151]
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178) ~[na:1.8.0_151]
at java.io.InputStreamReader.read(InputStreamReader.java:184)
~[na:1.8.0_151]
at
org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:171)
~[guacamole-common-0.9.10-incubating.jar:na]
... 5 common frames omitted
14:36:58.156 [Thread-11] INFO  o.a.g.tunnel.TunnelRequestService - User
"bkalb" disconnected from connection group "6". Duration: 78430 milliseconds
14:36:58.157 [Thread-11] DEBUG o.a.g.net.InetGuacamoleSocket - Closing
socket to guacd.




--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Guacamole Redirected Printer download files

[Amarjeet Singh]

Hi Team,

when I print any file using guacamole redirected printer, it always
download the file instead of showing print preview.
It is written to follow the above behavior
.
I looked into guacamole common js where it downloads with the help of
iframe.
I tried all the possible ways to edit the code and show the PDF files in
iframe instead of downloading directly.
It always downloads.
Then I tried to change the url and gave the url of the PDF file from the
server directly. It shows in the iframe and doesn't downloads.
I came to know that there is something with the url which always tried to
download.
Any suggestions to resolve and show the PDF file in the iframe?

Regards,
Amarjeet Singh.

Re: Error message when disconnecting a Windows Server 2012

[Jonathan Hankins]

FWIW,

Re: my recent message to this list:
http://mail-archives.apache.org/mod_mbox/incubator-guacamole-user/201711.mbox/ajax/%3CCAAiD57hsi8mVYhwt33F9Rc2Uq_X6KoUUX%2BOSr6C8V3mX%2BGXjYQ%40mail.gmail.com%3E

"Need guidance with suspected auto-reconnect bug

"

I noticed that this patch hits the same code I identified as causing the
0x5 not to reach the client, and the auto-reconnect to ping-pong back and
forth reconnecting after the 15s countdown. This patch fixes my issue. I am
on Server 2012 r2.

-Jonathan Hankins

On Mon, Nov 13, 2017 at 10:27 AM Frode Langelo  wrote:

> I am seeing the same behavior as Kevin; Windows 2008 does not give
> this error, while both 2012 and 2016 do. I found the easiest way to
> reproduce this is to connect to the box but not do anything in the
> Windows logon screen. The RDP server will disconnect the session and
> the referenced error is produced. The freerdp version I am using is
> 1.1.0~git20140921.
>
> Kevin; try adding this to src/protocols/rdp/rdp.c for remedy:
>
> diff --git a/src/protocols/rdp/rdp.c b/src/protocols/rdp/rdp.c
> index 0b15d055..d35c663c 100644
> --- a/src/protocols/rdp/rdp.c
> +++ b/src/protocols/rdp/rdp.c
> @@ -764,9 +764,16 @@ static int
> guac_rdp_handle_connection(guac_client* client) {
>
>  /* Check the libfreerdp fds */
>  if (!freerdp_check_fds(rdp_inst)) {
> -guac_client_abort(client,
> -GUAC_PROTOCOL_STATUS_UPSTREAM_UNAVAILABLE,
> -"Error handling RDP file descriptors");
> +/* Handle RDP disconnect */
> +if (freerdp_shall_disconnect(rdp_inst)) {
> +guac_rdp_client_abort(client);
> +}
> +/* Handle FD error */
> +else {
> +guac_client_abort(client,
> +GUAC_PROTOCOL_STATUS_UPSTREAM_UNAVAILABLE,
> +"Error handling RDP file descriptors");
> +}
>  pthread_mutex_unlock(&(rdp_client->rdp_lock));
>  return 1;
>  }
>
> Kind regards,
> Frode
>
> On Mon, Oct 9, 2017 at 9:08 AM, Nick Couchman  wrote:
> > On Mon, Oct 9, 2017 at 6:09 AM, Kevin Rivrain 
> > wrote:
> >>
> >> Hello,
> >>
> >>
> >>
> >> For information I quickly tested Guacamole installation on Centos 7 (my
> >> previous installations were on Debian 8) and I don’t have the problem
> when I
> >> logout from Windows now…
> >
> >
> > Interesting.
> >
> >>
> >>
> >>
> >> On Debian, the version of freerdp is 1.1.0 and on Centos 1.0.2. And, I
> do
> >> not have some libraries on Centos (libavcodec, libavutil, libswscale,
> >> libtelnet), I'll look for why. I do not know why it's OK on Centos and
> not
> >> on Debian.
> >
> >
> > I'm using FreeRDP 1.1.0 on CentOS 7 that I compiled from git, and I do
> not
> > see the issue.  I also have another CentOS system with FreeRDP 1.0.x that
> > does not exhibit the problem.  I wonder if the Debian package has some
> other
> > patch applied to it that is causing this behavior...
> >
> > -Nick
>

-- 
This e-mail is intended only for the recipient and may contain confidential 
or proprietary information. If you are not the intended recipient, the 
review, distribution, duplication or retention of this message and its 
attachments is prohibited. Please notify the sender of this error 
immediately by reply e-mail, and permanently delete this message and its 
attachments in any form in which they may have been preserved.

Re: Intermittent VNC connectivity to IP KVM

[kpham]

 

Just want to show you the log



--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Re: Intermittent VNC connectivity to IP KVM

[Nick Couchman]

On Mon, Nov 13, 2017 at 12:47 PM, kpham  wrote:

> This is a weird issue.
>
> I use Adderlink IP KVM which uses VNC protocol. When I connect to the IPKVM
> from Guacamole v0.9.1.3, the connection drops every time something changes
> significant on the client's monitor (Ex. Maximize a screen, close a
> windows...etc). If I connect to the IPKVM and do nothing, the connection
> stays on.
>
>
> I have tried with multiple units and has the same issue. I checked syslog
> and got this message everytime it happens
>
> kernel: [20018.150998] traps: guacd[2185] trap divide error ip :
> 7f493214dbcd sp:7f4932d70b80 error:0 in
> libvncclient.so.1.0.0[7f493213d+1e]
>
> Do you think it's a bug in vncclient module? Any suggestion for me on how
> to
> fix it ?
>
>
Can you put guacd into debug logging  (-L debug) and see if you get any
additional output during the disconnects?  guacd logs to /var/log/messages
(or wherever the default syslog destination is), so check those logs for
guacd entries.

-Nick

Intermittent VNC connectivity to IP KVM

[kpham]

This is a weird issue.

I use Adderlink IP KVM which uses VNC protocol. When I connect to the IPKVM
from Guacamole v0.9.1.3, the connection drops every time something changes
significant on the client's monitor (Ex. Maximize a screen, close a
windows...etc). If I connect to the IPKVM and do nothing, the connection
stays on.


I have tried with multiple units and has the same issue. I checked syslog
and got this message everytime it happens

kernel: [20018.150998] traps: guacd[2185] trap divide error ip :
7f493214dbcd sp:7f4932d70b80 error:0 in
libvncclient.so.1.0.0[7f493213d+1e]

Do you think it's a bug in vncclient module? Any suggestion for me on how to
fix it ?




--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Re: Error message when disconnecting a Windows Server 2012

[Frode Langelo]

I am seeing the same behavior as Kevin; Windows 2008 does not give
this error, while both 2012 and 2016 do. I found the easiest way to
reproduce this is to connect to the box but not do anything in the
Windows logon screen. The RDP server will disconnect the session and
the referenced error is produced. The freerdp version I am using is
1.1.0~git20140921.

Kevin; try adding this to src/protocols/rdp/rdp.c for remedy:

diff --git a/src/protocols/rdp/rdp.c b/src/protocols/rdp/rdp.c
index 0b15d055..d35c663c 100644
--- a/src/protocols/rdp/rdp.c
+++ b/src/protocols/rdp/rdp.c
@@ -764,9 +764,16 @@ static int
guac_rdp_handle_connection(guac_client* client) {

 /* Check the libfreerdp fds */
 if (!freerdp_check_fds(rdp_inst)) {
-guac_client_abort(client,
-GUAC_PROTOCOL_STATUS_UPSTREAM_UNAVAILABLE,
-"Error handling RDP file descriptors");
+/* Handle RDP disconnect */
+if (freerdp_shall_disconnect(rdp_inst)) {
+guac_rdp_client_abort(client);
+}
+/* Handle FD error */
+else {
+guac_client_abort(client,
+GUAC_PROTOCOL_STATUS_UPSTREAM_UNAVAILABLE,
+"Error handling RDP file descriptors");
+}
 pthread_mutex_unlock(&(rdp_client->rdp_lock));
 return 1;
 }

Kind regards,
Frode

On Mon, Oct 9, 2017 at 9:08 AM, Nick Couchman  wrote:
> On Mon, Oct 9, 2017 at 6:09 AM, Kevin Rivrain 
> wrote:
>>
>> Hello,
>>
>>
>>
>> For information I quickly tested Guacamole installation on Centos 7 (my
>> previous installations were on Debian 8) and I don’t have the problem when I
>> logout from Windows now…
>
>
> Interesting.
>
>>
>>
>>
>> On Debian, the version of freerdp is 1.1.0 and on Centos 1.0.2. And, I do
>> not have some libraries on Centos (libavcodec, libavutil, libswscale,
>> libtelnet), I'll look for why. I do not know why it's OK on Centos and not
>> on Debian.
>
>
> I'm using FreeRDP 1.1.0 on CentOS 7 that I compiled from git, and I do not
> see the issue.  I also have another CentOS system with FreeRDP 1.0.x that
> does not exhibit the problem.  I wonder if the Debian package has some other
> patch applied to it that is causing this behavior...
>
> -Nick

RE: SFTP problems

[Lars van Ruiten]

Thank you for your quick reply.

 

Both guacamole webapp and guacd are 0.9.12-incubating. (Just confirmed with 
syslog)

No, I have not tried 0.9.13-incubating, and I would prefer not to do the 
upgrade at this moment.

 

Also I am not entirely sure when the problems started, I have updated to 0.9.12 
5 months ago, and although most of the files that are uploaded to the remote 
stations are under 10kb, it seems unlikely that no one ever uploaded something 
bigger before today.

 

The webapp shows the error as you can see in my original mail, but both syslog 
and Catalina.out don’t show any errors related to SFTP stuff.

 

Kind regards,

Lars van Ruiten

 

From: Nick Couchman [mailto:vn...@apache.org] 
Sent: Monday, November 13, 2017 2:07 PM
To: user@guacamole.incubator.apache.org
Subject: Re: SFTP problems

 

On Mon, Nov 13, 2017 at 7:51 AM, Lars van Ruiten 
 > 
wrote:

Hello all,

 

Since upgrading Guacamole to 0.9.12-incubating (from 0.9.8), users have 
reported issues uploading files over SFTP connections (Added to a VNC 
connection).

It appears that any file larger than ~1MB will not upload, but give a 
permission related error. (See screenshot)

Uploading the file to the SFTP server directly with Bitvise SFTP client works 
fine.

 

To me it sounds like if a file is larger than a certain size, guacd will buffer 
it on the disk on the server and it does not have the permission to do that. 
(The disk is not full)

It happens to all connections, and I am sure that with some connections it has 
worked before, and the only thing that changed is the newer version of 
guacamole.

 

If someone has any idea how I can fix this, please let me know. 
Uploading/downloading files is one of the most used features in our case.

 

Kind regards

L van Ruiten

 

A couple of quick questions:

- Did you upgrade both the client and the server components of Guacamole to 
0.9.12-incubating?

- Have you tried 0.9.13-incubating?

 

-Nick

RE: Configuring LDAP

[harry.devine]

Well, I tried moving the extensions to /etc/guacamole and restarting Tomcat and 
guacamole, and I still don’t see LDAP referenced in the logs.  Where do I set 
that in catalina.properties?  That’s my next step.  Also, when I try to log in, 
I do see the following error in the log (I masked out the IP and the user name):

Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN  
o.a.g.r.auth.AuthenticationService - Authentication attempt from 
xxx.xxx.xxx.xxx for user "user" failed.

Thanks,
Harry

From: Nick Couchman [mailto:vn...@apache.org]
Sent: Monday, November 13, 2017 8:05 AM
To: user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

On Mon, Nov 13, 2017 at 7:55 AM, 
> wrote:
I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP 
loading.  I have the 0.9.13 LDAP extension at 
/usr/share/tomcat/.guacamole/extensions.  Is that the proper directory for it?  
I’m pretty sure that’s where the user guide said to put it.  I also have the 
pertinent LDAP parameters set in the guacamole.properties file at 
/etc/guacamole.

In 0.9.13-incubating, if you downloaded the release from the website, then the 
default GUACAMOLE_HOME will be the $HOME/.guacamole directory.  Double-check 
and make sure that's the Tomcat user's home directory.  You can also change the 
GUACAMOLE_HOME via either the guacamole.home property in Tomcat's 
catalina.properties file, or by setting the GUACAMOLE_HOME environment variable 
before starting Tomcat.  This changes slightly in 0.9.14-incubating (git repo), 
with /etc/guacamole becoming the fallback-default location.

If you have guacamole.properties in /etc/guacamole, and you can successfully 
change other items in that file and see the changes take effect, then I believe 
your GUACAMOLE_HOME is probably configured for /etc/guacamole, in which case 
your extensions should be in /etc/guacamole/extensions.  So, you might try 
creating that directory, placing the LDAP extension there, and then restarting 
Tomcat.

-Nick

Re: SFTP problems

[Nick Couchman]

On Mon, Nov 13, 2017 at 7:51 AM, Lars van Ruiten <
l.van.rui...@praxis-automation.nl> wrote:

> Hello all,
>
>
>
> Since upgrading Guacamole to 0.9.12-incubating (from 0.9.8), users have
> reported issues uploading files over SFTP connections (Added to a VNC
> connection).
>
> It appears that any file larger than ~1MB will not upload, but give a
> permission related error. (See screenshot)
>
> Uploading the file to the SFTP server directly with Bitvise SFTP client
> works fine.
>
>
>
> To me it sounds like if a file is larger than a certain size, guacd will
> buffer it on the disk on the server and it does not have the permission to
> do that. (The disk is not full)
>
> It happens to all connections, and I am sure that with some connections it
> has worked before, and the only thing that changed is the newer version of
> guacamole.
>
>
>
> If someone has any idea how I can fix this, please let me know.
> Uploading/downloading files is one of the most used features in our case.
>
>
>
> Kind regards
>
> L van Ruiten
>

A couple of quick questions:
- Did you upgrade both the client and the server components of Guacamole to
0.9.12-incubating?
- Have you tried 0.9.13-incubating?

-Nick

Re: Configuring LDAP

[Nick Couchman]

On Mon, Nov 13, 2017 at 7:55 AM,  wrote:

> I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP
> loading.  I have the 0.9.13 LDAP extension at 
> /usr/share/tomcat/.guacamole/extensions.
> Is that the proper directory for it?  I’m pretty sure that’s where the user
> guide said to put it.  I also have the pertinent LDAP parameters set in the
> guacamole.properties file at /etc/guacamole.
>

In 0.9.13-incubating, if you downloaded the release from the website, then
the default GUACAMOLE_HOME will be the $HOME/.guacamole directory.
Double-check and make sure that's the Tomcat user's home directory.  You
can also change the GUACAMOLE_HOME via either the guacamole.home property
in Tomcat's catalina.properties file, or by setting the GUACAMOLE_HOME
environment variable before starting Tomcat.  This changes slightly in
0.9.14-incubating (git repo), with /etc/guacamole becoming the
fallback-default location.

If you have guacamole.properties in /etc/guacamole, and you can
successfully change other items in that file and see the changes take
effect, then I believe your GUACAMOLE_HOME is probably configured for
/etc/guacamole, in which case your extensions should be in
/etc/guacamole/extensions.  So, you might try creating that directory,
placing the LDAP extension there, and then restarting Tomcat.

-Nick

RE: Configuring LDAP

[harry.devine]

I just restarted Guacamole and Tomcat, and I don't see anything about LDAP 
loading.  I have the 0.9.13 LDAP extension at 
/usr/share/tomcat/.guacamole/extensions.  Is that the proper directory for it?  
I'm pretty sure that's where the user guide said to put it.  I also have the 
pertinent LDAP parameters set in the guacamole.properties file at 
/etc/guacamole.

Thanks,
Harry

From: Devine, Harry (FAA)
Sent: Thursday, November 09, 2017 8:37 PM
To: user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP


I won't be back in the office until Monday so I'll look and provide that then, 
if that's OK.



Thanks,

Harry


From: Mike Jumper >
Sent: Thursday, November 9, 2017 8:21:44 PM
To: 
user@guacamole.incubator.apache.org
Subject: Re: Configuring LDAP

On Thu, Nov 9, 2017 at 12:45 PM, 
> wrote:
I'm trying to configure LDAP to work on our new Guacamole installation.  I 
followed Chapter 7 in the user guide, but I still can't get it to work.  When I 
enter a user name and the password that I know exists in our LDAP (which is 
running on RHEL 7 using IDM), and click the Login button, nothing happens.  No 
errors, no visual clues, nothing.  I look at the logs on the server and get 
zero errors or indications that it even attempted it.

There will not be visual clues, as such details are not exposed at the 
user-visible level. There should be log messages, however, including messages 
indicating that the LDAP authentication extension was loaded. Can you post what 
you see in the Tomcat logs from the point that Guacamole is starting up until 
the first pair of login failures (there should be at least two: the first 
resulting from the default anonymous auth attempt which caused the login dialog 
to display, and the second from using that login dialog)?

- Mike