I can't coax those error messages out of 1.4.0 by removing the LDAP module or making it unreadable with chmod. The latter *does* give a couple of messages at tomcat startup time in catalina.out, but not what you are seeing. I'd check and make sure nothing has changed on the system. Look back in the catalina.out file until the last successful LDAP authentication and see if tomcat has been restarted since then. My hunch is this one is the relevant one:
Feb 24 14:46:40 sds server: 14:46:40.042 [http-bio-8080-exec-4] WARN o.a.g.e.AuthenticationProviderFacade - The "ldap" authentication provider has e*ncountered an internal error* which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: ldap" within your guacamole.properties. You can configure logback.xml to turn up the debugging level (1.4.0 docs, should still apply for you): https://guacamole.apache.org/doc/gug/configuring-guacamole.html#logging-within-the-web-application Make sure no disks are full, no I/O errors in dmesg, server hasn't rebooted unexpectedly, etc. On Thu, Feb 24, 2022 at 2:00 PM Devine, Harry (FAA) <harry.dev...@faa.gov.invalid> wrote: > Today, one of our Guacamole servers started to not allow LDAP logins. We > are running version 1.2.0 and have 3 or 4 other 1.2.0 servers running > without any issues. I’ve even put SELinux into Permissive just in case. > > > > Any ideas on the log info below: > > > > Feb 24 14:46:40 sds server: 14:46:40.040 [http-bio-8080-exec-4] WARN > o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored > because the relevant authentication provider could not be loaded. Please > check for errors earlier in the logs. > > Feb 24 14:46:40 sds server: 14:46:40.042 [http-bio-8080-exec-4] WARN > o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored > because the relevant authentication provider could not be loaded. Please > check for errors earlier in the logs. > > Feb 24 14:46:40 sds server: 14:46:40.042 [http-bio-8080-exec-4] WARN > o.a.g.e.AuthenticationProviderFacade - The "ldap" authentication provider > has encountered an internal error which will halt the authentication > process. If this is unexpected or you are the developer of this > authentication provider, you may wish to enable debug-level logging. If > this is expected and you wish to ignore such failures in the future, please > set "skip-if-unavailable: ldap" within your guacamole.properties. > > Feb 24 14:46:40 sds server: 14:46:40.042 [http-bio-8080-exec-4] WARN > o.a.g.r.auth.AuthenticationService - Authentication attempt from > [10.143.33.164, 127.0.0.1] for user "harry.devine" failed. > > Feb 24 14:46:43 sds server: 14:46:43.311 [http-bio-8080-exec-6] WARN > o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored > because the relevant authentication provider could not be loaded. Please > check for errors earlier in the logs. > > Feb 24 14:46:43 sds server: 14:46:43.311 [http-bio-8080-exec-6] WARN > o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored > because the relevant authentication provider could not be loaded. Please > check for errors earlier in the logs. > > > > Thanks, > > Harry > > > > Harry Devine > > Secure-OSE System Administrator > > Red Hat Certified System Administrator (RHCSA) > > Work: (609) 485-4218 > > FAA Cell: (609) 612-7274 > > > -- Jonathan Hankins Homewood City Schools W: 205-877-4548 -- This e-mail is intended only for the recipient and may contain confidential or proprietary information. If you are not the intended recipient, the review, distribution, duplication or retention of this message and its attachments are prohibited. Please notify the sender of this error immediately by reply e-mail, and permanently delete this message and its attachments in any form in which they may have been preserved.
