One of the other admins were helping me debug and I saw a “Permission Denied” error on the guacamole.war file, so I double checked the ownership and permissions, and somehow that file and guacamole.properties got changed to root:root, so I changed them back to tomcat:tomcat and restarted guacd and tomcat, and everything started working again. Very odd, but we’re back in business.
Thanks, Harry From: Hankins, Jonathan <jhank...@homewood.k12.al.us> Sent: Thursday, February 24, 2022 3:36 PM To: user@guacamole.apache.org Subject: Re: Sudden issues with LDAP logins I can't coax those error messages out of 1.4.0 by removing the LDAP module or making it unreadable with chmod. The latter *does* give a couple of messages at tomcat startup time in catalina.out, but not what you are seeing. I'd check and make sure nothing has changed on the system. Look back in the catalina.out file until the last successful LDAP authentication and see if tomcat has been restarted since then. My hunch is this one is the relevant one: Feb 24 14:46:40 sds server: 14:46:40.042 [http-bio-8080-exec-4] WARN o.a.g.e.AuthenticationProviderFacade - The "ldap" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: ldap" within your guacamole.properties. You can configure logback.xml to turn up the debugging level (1.4.0 docs, should still apply for you): https://guacamole.apache.org/doc/gug/configuring-guacamole.html#logging-within-the-web-application Make sure no disks are full, no I/O errors in dmesg, server hasn't rebooted unexpectedly, etc. On Thu, Feb 24, 2022 at 2:00 PM Devine, Harry (FAA) <harry.dev...@faa.gov.invalid<mailto:harry.dev...@faa.gov.invalid>> wrote: Today, one of our Guacamole servers started to not allow LDAP logins. We are running version 1.2.0 and have 3 or 4 other 1.2.0 servers running without any issues. I’ve even put SELinux into Permissive just in case. Any ideas on the log info below: Feb 24 14:46:40 sds server: 14:46:40.040 [http-bio-8080-exec-4] WARN o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored because the relevant authentication provider could not be loaded. Please check for errors earlier in the logs. Feb 24 14:46:40 sds server: 14:46:40.042 [http-bio-8080-exec-4] WARN o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored because the relevant authentication provider could not be loaded. Please check for errors earlier in the logs. Feb 24 14:46:40 sds server: 14:46:40.042 [http-bio-8080-exec-4] WARN o.a.g.e.AuthenticationProviderFacade - The "ldap" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: ldap" within your guacamole.properties. Feb 24 14:46:40 sds server: 14:46:40.042 [http-bio-8080-exec-4] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [10.143.33.164, 127.0.0.1] for user "harry.devine" failed. Feb 24 14:46:43 sds server: 14:46:43.311 [http-bio-8080-exec-6] WARN o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored because the relevant authentication provider could not be loaded. Please check for errors earlier in the logs. Feb 24 14:46:43 sds server: 14:46:43.311 [http-bio-8080-exec-6] WARN o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored because the relevant authentication provider could not be loaded. Please check for errors earlier in the logs. Thanks, Harry Harry Devine Secure-OSE System Administrator Red Hat Certified System Administrator (RHCSA) Work: (609) 485-4218 FAA Cell: (609) 612-7274 -- Jonathan Hankins Homewood City Schools W: 205-877-4548 This e-mail is intended only for the recipient and may contain confidential or proprietary information. If you are not the intended recipient, the review, distribution, duplication or retention of this message and its attachments are prohibited. Please notify the sender of this error immediately by reply e-mail, and permanently delete this message and its attachments in any form in which they may have been preserved.
