Hello, all.
I've setup Guacamole with database authentication & got it working. Then I
followed the instructions from Chapter 8 of the Guacamole manual
<https://guacamole.apache.org/doc/gug/duo-auth.html> . However, nothing has
changed. I still log into my account just fine without any sort of 2FA
prompt. Is it a problem that I'm trying to do this with the admin account in
Guacamole?
Some info:
- I'm using Guacamole 0.9.13
- Running on a Raspberry Pi 3b
- Using Jetty8 as my servlet
- MariaDB for my database
- Signed up for a free account in Duo
- Added a user that matched my username in Guacamole & registered a
device
- Searching my logs for anything duo related reveals nothing (grep -i duo
/var/log/jetty8/*)
- I have the "guacamole-auth-jdbc-mysql-0.9.13-incubating.jar" file in
/etc/guacamole/extensions/
- my guacamole.properties file looks like this (with some values change of
course):
guacd-hostname: localhost
guacd-port: 4822
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: xxxxxxxxxxxx
mysql-password: xxxxxxxxxx
duo-api-hostname: xxxxxxxx.duosecurity.com
duo-integration-key: xxxxxxxxxxxxxxxxxxx
duo-secret-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
duo-application-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- I'm using Apache as a web server with LetsEncrypt certs on the same device
that hosts another site. It's acting as a reverse proxy. The relevant
configuration under the <VirtualHost *:443> section:
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
Any help would be greatly appreciated!
--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
