I manually populated the $remote_user variable with an existing account in my LDAP, I can automatically connect to Guacamole but I can't find any connection already configured. If I try a classic LDAP connection, I see my connections.
Isn't it possible to use Auth-Header and LDAP at the same time ?
Isn't it possible to use Auth-Header and LDAP at the same time ?
Thanks
Stephan
Envoyé: mardi 1 août 2023 à 23:52
De: "Stephan" <[email protected]>
À: [email protected]
Objet: Re: Guacamole Auth Header
De: "Stephan" <[email protected]>
À: [email protected]
Objet: Re: Guacamole Auth Header
Seems loaded properly :
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - Multiple extensions are installed and will be loaded in order of decreasing priority:
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - - [tempnamespace] "Tempname" (/etc/guacamole/extensions/branding.jar)
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - - [header] "HTTP Header Authentication Extension" (/etc/guacamole/extensions/guacamole-auth-header-1.5.1.jar)
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - - [mysql] "MySQL Authentication" (/etc/guacamole/extensions/guacamole-auth-jdbc-mysql-1.5.1.jar)
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - - [ldap] "LDAP Authentication" (/etc/guacamole/extensions/guacamole-auth-ldap-1.5.1.jar)
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - To change this order, set the "extension-priority" property or rename the extension files. The default priority of extensions is dictated by the sort order of their filenames.
23:49:54.390 [main] INFO o.a.g.extension.ExtensionModule - Extension "Tempname" (tempnamespace) loaded.
23:49:54.490 [main] INFO o.a.g.extension.ExtensionModule - Extension "HTTP Header Authentication Extension" (header) loaded.
23:49:54.501 [main] INFO o.a.g.a.mysql.conf.MySQLEnvironment - Installed JDBC driver for MySQL/MariaDB detected as "MySQL Connector/J".
23:49:55.121 [main] INFO o.a.g.extension.ExtensionModule - Extension "MySQL Authentication" (mysql) loaded.
23:49:55.240 [main] WARN o.a.g.e.LanguageResourceService - Overlay language resource "de" does not exist.
23:49:55.242 [main] INFO o.a.g.extension.ExtensionModule - Extension "LDAP Authentication" (ldap) loaded.
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - - [tempnamespace] "Tempname" (/etc/guacamole/extensions/branding.jar)
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - - [header] "HTTP Header Authentication Extension" (/etc/guacamole/extensions/guacamole-auth-header-1.5.1.jar)
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - - [mysql] "MySQL Authentication" (/etc/guacamole/extensions/guacamole-auth-jdbc-mysql-1.5.1.jar)
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - - [ldap] "LDAP Authentication" (/etc/guacamole/extensions/guacamole-auth-ldap-1.5.1.jar)
23:49:54.356 [main] INFO o.a.g.extension.ExtensionModule - To change this order, set the "extension-priority" property or rename the extension files. The default priority of extensions is dictated by the sort order of their filenames.
23:49:54.390 [main] INFO o.a.g.extension.ExtensionModule - Extension "Tempname" (tempnamespace) loaded.
23:49:54.490 [main] INFO o.a.g.extension.ExtensionModule - Extension "HTTP Header Authentication Extension" (header) loaded.
23:49:54.501 [main] INFO o.a.g.a.mysql.conf.MySQLEnvironment - Installed JDBC driver for MySQL/MariaDB detected as "MySQL Connector/J".
23:49:55.121 [main] INFO o.a.g.extension.ExtensionModule - Extension "MySQL Authentication" (mysql) loaded.
23:49:55.240 [main] WARN o.a.g.e.LanguageResourceService - Overlay language resource "de" does not exist.
23:49:55.242 [main] INFO o.a.g.extension.ExtensionModule - Extension "LDAP Authentication" (ldap) loaded.
I'm not a Nginx expert, how can I verify that the $remote_user variable is populated ?
Thanks
Stephan
Envoyé: mardi 1 août 2023 à 23:35
De: "Nick Couchman" <[email protected]>
À: [email protected]
Objet: Re: Guacamole Auth Header
De: "Nick Couchman" <[email protected]>
À: [email protected]
Objet: Re: Guacamole Auth Header
On Tue, Aug 1, 2023 at 5:23 PM Stephan <[email protected]> wrote:
>
> Hi Nick,
>
> Many thanks for your help
>
> Here the interesting part from the Nginx configuration file :
>
> location /guacamole/ {
> proxy_pass http://172.16.1.58:8080/guacamole/;
> proxy_buffering off;
> proxy_http_version 1.1;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection $http_connection;
> proxy_set_header Authorization "";
> proxy_set_header X-Guacamole-User $remote_user;
> proxy_cookie_path /guacamole/ "/guacamole/; HTTPOnly; Secure; SameSite";
> access_log /var/log/nginx/guac_access.log;
> error_log /var/log/nginx/guac_error.log;
> }
>
> From guacamole.properties files :
> http-auth-header: X-Guacamole-User
Looks pretty good, like it should be working. Can you verify in the
Tomcat logs that the Guacamole Header authentication extension is
being loaded correctly? And can you verify that the $remote_user
variable that you've specified in the Nginx configuration is actually
populated?
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
>
> Hi Nick,
>
> Many thanks for your help
>
> Here the interesting part from the Nginx configuration file :
>
> location /guacamole/ {
> proxy_pass http://172.16.1.58:8080/guacamole/;
> proxy_buffering off;
> proxy_http_version 1.1;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection $http_connection;
> proxy_set_header Authorization "";
> proxy_set_header X-Guacamole-User $remote_user;
> proxy_cookie_path /guacamole/ "/guacamole/; HTTPOnly; Secure; SameSite";
> access_log /var/log/nginx/guac_access.log;
> error_log /var/log/nginx/guac_error.log;
> }
>
> From guacamole.properties files :
> http-auth-header: X-Guacamole-User
Looks pretty good, like it should be working. Can you verify in the
Tomcat logs that the Guacamole Header authentication extension is
being loaded correctly? And can you verify that the $remote_user
variable that you've specified in the Nginx configuration is actually
populated?
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
