Hi Nick,
We have already configured Debug in logback.xml as below
<configuration>
<!-- Default appender -->
<appender name="GUAC-DEFAULT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} -
%msg%n</pattern>
</encoder>
</appender>
<!-- Log at DEBUG level -->
<root level="debug">
<appender-ref ref="GUAC-DEBUG" />
</root>
</configuration>
Also we are using /usr/share/tomcat/.guacamole/guacamole.properties as the
guacamole directory and below is a Snap of Gucamole Properties file
guacd-hostname: localhost
guacd-port: 4822
auth-provider:
net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
auth-provider:
net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider
mysql-hostname: 10.19.1.25
mysql-port: 3306
mysql-database: guacamole
mysql-username: guacadmin
mysql-password: ***********************
mysql-default-max-connections-per-user: 5
mysql-default-max-group-connections-per-user: 5
# LDAP properties
ldap-hostname: ldaps.glbl.bnv.com
ldap-port: 636
ldap-encryption-method: ssl
ldap-search-bind-dn: CN=User,OU=“Service
Accounts”,OU=Security,DC=glbl,DC=bnv,DC=com
ldap-search-bind-password: ********************
ldap-user-base-dn: DC=glbl,DC=bnv,DC=com
ldap-username-attribute: sAMAccountName
ldap-user-search-filter: (memberOf=CN=GLBL PROCESS
MODELLING,OU=Common,OU=Groups,DC=glbl,DC=bnv,DC=com)
there is a space between service and accounts so used double quotes.
Thanks
Santhosh
From: Nick Couchman <[email protected]>
Reply to: "[email protected]" <[email protected]>
Date: Wednesday, 21 April 2021 at 8:33 PM
To: "[email protected]" <[email protected]>
Subject: Re: Apache Guacamole [Invalid Login] using AD LDAP
GUcamole version : guacamole-server-1.2.0
Apache Tomcat/7.0.76
Red Hat Enterprise Linux Server release 7.9 (Maipo)
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 8.0.6.25 -
pxa6480sr6fp25-20210115_01(SR6 FP25))
IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References
20201218_462060 (JIT enabled, AOT enabled)
OpenJ9 - 4c03b71
OMR - 86a8e1a
IBM - 8c30c56)
JCL - 20210108_01 based on Oracle jdk8u281-b09
Also I have checked the logs it is logging info messages but no login failure
messages. Also checked the catlina.out as well no logs.
Checked in all possible locations but there are no authentication/failure logs.
Next step would be to enable debug logging in Guacamole:
http://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging
It's also important to know where your configuration is actually stored - you
mentioned ".guacamole"; however, the default location has been /etc/guacamole
for a couple of versions, so make sure you're aware of what location is
actually in use. This could also contribute to errors - if the configuration is
not in the correct location, it may not be reading the configuration at all.
-Nick
"This e-mail and any attachments to it (the "Communication") is, unless
otherwise stated, confidential, may contain copyright material and is for the
use only of the intended recipient. If you receive the Communication in error,
please notify the sender immediately by return e-mail, delete the Communication
and the return e-mail, and do not read, copy, retransmit or otherwise deal with
it. Any views expressed in the Communication are those of the individual sender
only, unless expressly stated to be those of Australia and New Zealand Banking
Group Limited ABN 11 005 357 522, or any of its related entities including ANZ
Bank New Zealand Limited (together "ANZ"). ANZ does not accept liability in
connection with the integrity of or errors in the Communication, computer
virus, data corruption, interference or delay arising from or in respect of the
Communication."
