Hello Nick, thank you for your quick reply! Your first tip was the right one. I actually had the version 0.9.9 mixed with the extension for Duo 0.9.14. The cause was my mistake to install guacamole from the repository Raspbian for convenience, and later the duo extension via the download from the project page, but without paying attention to the version.
Thanks to our help, I have now undone the installation from the repository and made the installation of the sources taking into account your instructions to get a clean status. It was good that I previously backed up the configuration files of Apache2 …. because I also had to uninstall tomcat8, which had changed the Apache2 configuration .. Now everything works as desired! A big thank you to you! greetings > Am 22.03.2018 um 10:31 schrieb Nick Couchman <[email protected]>: > > On Thu, Mar 22, 2018 at 5:03 AM, Magnus Lobenhofer > <[email protected] <mailto:[email protected]>> wrote: > Hello everybody, > > I am thrilled that the guacamole project exists and was able to successfully > install Raspbian guacamole with tomcat8 on my Raspberry Pi. > Login and remote control work perfectly. > > Now I want to use the extension for two-factor authentication (see chapter 8 > of the documentation = https://guacamole.apache.org/doc/gug/duo-auth.html > <https://guacamole.apache.org/doc/gug/duo-auth.html> ). As far as I can tell, > I have strictly followed the instructions. Even so, the tomcat server seems > to take no notice of the JAR file guacamole-auth-duo-0.9.14.jar. After the > basic login, you will not get the two-factor mask as expected. > > Can you confirm what the base version of Guacamole you're running is? It > looks like you're using 0.9.14 for the Duo module, but is that what you're > using for Guacamole itself (the WAR file you deployed)? > > Note: originally the owner of the directory was / etc / guacamole root, in my > troubleshooting I set the owner on tomcat8 because I suspected access > problems. > Without effect - neither negative nor positive. > > > Permissions look okay based on what you posted below. > > catalina.out also does not report any reference to the named JAR file. > > > Can you post the output of your catalina.out file, if not directly on here, > then on a PasteBin and link to it? If no output at all is showing up in > catalina.out, then check for Tomcat messages in /var/log/messages or > journalctl, or wherever syslog is pointed on your RPi. I suspect that Tomcat > is logging *something* of use. > > > Here comes the file structure with permissions, and afterwards the content of > guacamole.properties: > > root@raspberrypi:/etc/guacamole# ls -l > -rw-r--r-- 1 tomcat8 root 381 Nov 29 2016 apache.conf > drwxr-xr-x 2 tomcat8 root 4096 M?r 21 12:22 extensions > -rw-r--r-- 1 tomcat8 root 2743 M?r 21 13:20 guacamole.properties > drwxr-xr-x 2 tomcat8 root 4096 M?r 21 14:38 lib > -rw-r--r-- 1 tomcat8 root 115 Nov 26 2016 tomcat.xml > -rw-r----- 1 tomcat8 root 1660 M?r 21 11:41 user-mapping.xml > > root@raspberrypi:/etc/guacamole/extensions# ls -l > insgesamt 768 > -rw-rw-r-- 1 tomcat8 root 784055 Jan 9 04:19 guacamole-auth-duo-0.9.14.jar > > root@raspberrypi:/usr/share/tomcat8# ls -la > drwxr-xr-x 10 root root 4096 M?r 20 17:17 . > drwxr-xr-x 209 root root 4096 M?r 20 21:31 .. > drwxr-xr-x 2 root root 4096 M?r 20 13:52 bin > drwxr-xr-x 3 root root 4096 M?r 20 16:52 commmon > drwxr-xr-x 3 root root 4096 M?r 20 16:53 common > drwxr-xr-x 2 root root 4096 M?r 20 16:56 conf > -rw-r--r-- 1 root root 39 Sep 3 2017 defaults.md5sum > -rw-r--r-- 1 root root 1911 Sep 3 2017 defaults.template > lrwxrwxrwx 1 root root 15 M?r 20 17:17 .guacamole -> /etc/guacamole/ > drwxr-xr-x 2 root root 4096 M?r 20 13:52 lib > -rw-r--r-- 1 root root 53 Sep 3 2017 logrotate.md5sum > -rw-r--r-- 1 root root 134 Sep 3 2017 logrotate.template > drwxr-xr-x 3 root root 4096 M?r 20 16:53 server > drwxr-xr-x 3 root root 4096 M?r 20 16:51 shared > drwxr-xr-x 2 root root 4096 M?r 20 16:51 temp > > The symlink of .guacamole to /etc/guacamole should not be necessary if you're > running 0.9.14. A change was introduced in 0.9.14 that looks for .guacamole > in the home directory, first (e.g. tomcat user home directory) and then moves > on to /etc/guacamole all by itself. > > > Content of guacamole.properties: > > guacd-hostname: localhost > guacd-port: 4822 > > auth-provider: net.sourceforge.guacamole.net > <http://net.sourceforge.guacamole.net/>.basic.BasicFileAuthenticationProvider > basic-user-mapping: /etc/guacamole/user-mapping.xml > > duo-api-hostname: api-(from duo com).duosecurity.com > <http://duosecurity.com/> > duo-integration-key: (key from duo.com <http://duo.com/>) > duo-secret-key: (key from due.com <http://due.com/>) > duo-application-key: (key with 40 Characters) > > > > A couple of things I notice here: > - The auth-provider property has absolutely no effect - it was deprecated a > long time ago and doesn't do anything. > - You're using the basic file authentication module, and I'm not sure that > that stacks at all with other authentication modules. I could be wrong about > this, as I rarely ever use the basic file authentication module and so I tend > to forget how it behaves, but that might be one of your issues and you might > have to switch to something like the JDBC module to use it with Duo. Again, > I'm not certain about that... > > -Nick
