Hi, Tried with a Windows VM with NLA turned off; so simple RDP connection works with security=rdp . So the issue is that guacd cannot communicate with TLS and NLA security servers. If i set f guacd-ssl to false, even the guacd reports an internal error. : "2024-01-24T20:44:51.893769+01:00 homeserver guacd[3114807]: Guacamole protocol violation. Perhaps the version of guacamole-client is incompatible with this version of guacd?"
Sadly the gnome-remote-desktop cannot be forced to RDP security (this would be acceptable). (Or at least i don't know how.) Log of the successful connection : 2024-01-24T21:33:55.591413+01:00 homeserver guacd[3163019]: Creating new client for protocol "rdp" 2024-01-24T21:33:55.592757+01:00 homeserver guacd[3163019]: Connection ID is "$6d49a235-5e2e-43ff-9271-99daecac8655" 2024-01-24T21:33:55.731513+01:00 homeserver guacd[3166048]: Security mode: RDP 2024-01-24T21:33:55.731893+01:00 homeserver guacd[3166048]: Resize method: none 2024-01-24T21:33:55.732513+01:00 homeserver guacd[3166048]: User "@3c0da858-d9d1-47f1-bc1f-b92598a72381" joined connection "$6d49a235-5e2e-43ff-9271-99daecac8655" (1 users now present) 2024-01-24T21:33:55.743179+01:00 homeserver guacd[3166048]: Loading keymap "base" 2024-01-24T21:33:55.743528+01:00 homeserver guacd[3166048]: Loading keymap "en-us-qwerty" 2024-01-24T21:33:57.116241+01:00 homeserver guacd[3166048]: Connected to RDPDR 1.6 as client 0xefb4 2024-01-24T21:34:35.232036+01:00 homeserver guacd[3166048]: Connected to RDPDR 1.6 as client 0xdbe3 2024-01-24T21:34:35.400752+01:00 homeserver guacd[3166048]: Accepted format: 16-bit PCM with 2 channels at 22050 Hz 2024-01-24T21:34:35.510675+01:00 homeserver guacd[3166048]: RDPDR user logged on 2024-01-24T21:34:55.084015+01:00 homeserver guacd[3166048]: User "@3c0da858-d9d1-47f1-bc1f-b92598a72381" disconnected (0 users remain) 2024-01-24T21:34:55.084394+01:00 homeserver guacd[3166048]: Last user of connection "$6d49a235-5e2e-43ff-9271-99daecac8655" disconnected 2024-01-24T21:34:55.252160+01:00 homeserver guacd[3166048]: Internal RDP client disconnected 2024-01-24T21:34:55.265855+01:00 homeserver guacd[3163019]: Connection "$6d49a235-5e2e-43ff-9271-99daecac8655" removed. Cs. David Ramirez <david...@gmail.com> ezt írta (időpont: 2024. jan. 24., Sze, 20:38): > > Maybe your problem is something else altogether. > Looking at your log: > 2024-01-24T20:11:37.072480+01:00 homeserver guacd[3080072]: Unable to > read file "/" > 2024-01-24T20:11:37.403365+01:00 homeserver guacd[3080072]: RDP server > closed/refused connection: Security negotiation failed (wrong security > type?) 2024-01-24T20:11:37.072480+01:00 homeserver guacd[3080072]: Unable to > read file "/" > 2024-01-24T20:11:37.403365+01:00 homeserver guacd[3080072]: RDP server > closed/refused connection: Security negotiation failed (wrong security > type?) > > This is a problem that I believe I have seen in the past where freerdp > requires to write something on the guacd server filesystem. Without this, > freerdp cannot properly connect to any server. > This is an issue I have seen before on the list and the archive should have > detailed instructions. > If my memory serves me correctly, what you have to do is be sure that the > user that is running guacd on the server has write permissions on the root > filesystem of the guacamole installation. If you are running it as a "root" > which you should not, you will have to figure out what is that runtime > location. > What I do remember is that if you run guacd as a NON ROOT user, the directory > you set as the home directory of the guacamole user is used to run the daemon. > Hopefully this *may* solve your issue. > Regards, > David. > > On Wed, Jan 24, 2024 at 1:26 PM Horváth Csaba <horvathcsabalas...@gmail.com> > wrote: >> >> Hi, >> >> Thanks for the suggestion, but no success. :( >> >> I added guacd-ssl:true to guacd properties. Nothing changed; i used >> the ad-hoc connect extension to test, but the user-mapping configured >> entry gives the same. At least i get a "Logon failed" so it can reach >> the target machine. >> >> 2024-01-24T20:10:59.160196+01:00 homeserver guacd[3077373]: Creating >> new client for protocol "rdp" >> 2024-01-24T20:10:59.160657+01:00 homeserver guacd[3077373]: Connection >> ID is "$5d3a761f-7756-43e0-9e43-4b49005710cc" >> 2024-01-24T20:10:59.306310+01:00 homeserver guacd[3079440]: Security mode: >> TLS >> 2024-01-24T20:10:59.306694+01:00 homeserver guacd[3079440]: Resize method: >> none >> 2024-01-24T20:10:59.306901+01:00 homeserver guacd[3079440]: User >> "@597545e7-c80d-418a-b860-2e3604a2c911" joined connection >> "$5d3a761f-7756-43e0-9e43-4b49005710cc" (1 users now present) >> 2024-01-24T20:10:59.323096+01:00 homeserver guacd[3079440]: Loading >> keymap "base" >> 2024-01-24T20:10:59.323458+01:00 homeserver guacd[3079440]: Loading >> keymap "en-us-qwerty" >> 2024-01-24T20:10:59.709497+01:00 homeserver guacd[3079440]: RDP server >> closed/refused connection: Security negotiation failed (wrong security >> type?) >> 2024-01-24T20:10:59.725779+01:00 homeserver guacd[3079440]: User >> "@597545e7-c80d-418a-b860-2e3604a2c911" disconnected (0 users remain) >> 2024-01-24T20:10:59.726118+01:00 homeserver guacd[3079440]: Last user >> of connection "$5d3a761f-7756-43e0-9e43-4b49005710cc" disconnected >> 2024-01-24T20:10:59.741852+01:00 homeserver guacd[3077373]: Connection >> "$5d3a761f-7756-43e0-9e43-4b49005710cc" removed. >> 2024-01-24T20:11:36.856060+01:00 homeserver guacd[3077373]: Creating >> new client for protocol "rdp" >> 2024-01-24T20:11:36.856562+01:00 homeserver guacd[3077373]: Connection >> ID is "$cf1be3df-ebcf-4464-b657-46b0e7fa908e" >> 2024-01-24T20:11:36.997831+01:00 homeserver guacd[3080072]: Security mode: >> RDP >> 2024-01-24T20:11:36.998197+01:00 homeserver guacd[3080072]: Resize method: >> none >> 2024-01-24T20:11:36.998876+01:00 homeserver guacd[3080072]: User >> "@b0dbc479-3c17-40a8-8421-5d08678257d3" joined connection >> "$cf1be3df-ebcf-4464-b657-46b0e7fa908e" (1 users now present) >> 2024-01-24T20:11:37.012685+01:00 homeserver guacd[3080072]: Loading >> keymap "base" >> 2024-01-24T20:11:37.013044+01:00 homeserver guacd[3080072]: Loading >> keymap "en-us-qwerty" >> 2024-01-24T20:11:37.072480+01:00 homeserver guacd[3080072]: Unable to >> read file "/" >> 2024-01-24T20:11:37.403365+01:00 homeserver guacd[3080072]: RDP server >> closed/refused connection: Security negotiation failed (wrong security >> type?) >> 2024-01-24T20:11:37.417159+01:00 homeserver guacd[3080072]: User >> "@b0dbc479-3c17-40a8-8421-5d08678257d3" disconnected (0 users remain) >> 2024-01-24T20:11:37.417489+01:00 homeserver guacd[3080072]: Last user >> of connection "$cf1be3df-ebcf-4464-b657-46b0e7fa908e" disconnected >> 2024-01-24T20:11:37.433479+01:00 homeserver guacd[3077373]: Connection >> "$cf1be3df-ebcf-4464-b657-46b0e7fa908e" removed. >> 2024-01-24T20:11:44.487691+01:00 homeserver guacd[3077373]: Creating >> new client for protocol "rdp" >> 2024-01-24T20:11:44.488106+01:00 homeserver guacd[3077373]: Connection >> ID is "$52d96daa-4011-41b5-8451-aa50dbecb4a1" >> 2024-01-24T20:11:44.629855+01:00 homeserver guacd[3080237]: Security mode: >> TLS >> 2024-01-24T20:11:44.630207+01:00 homeserver guacd[3080237]: Resize method: >> none >> 2024-01-24T20:11:44.630953+01:00 homeserver guacd[3080237]: User >> "@2e2a9ed2-486b-4dbc-ba0c-59b21debcdc7" joined connection >> "$52d96daa-4011-41b5-8451-aa50dbecb4a1" (1 users now present) >> 2024-01-24T20:11:44.643049+01:00 homeserver guacd[3080237]: Loading >> keymap "base" >> 2024-01-24T20:11:44.643421+01:00 homeserver guacd[3080237]: Loading >> keymap "en-us-qwerty" >> 2024-01-24T20:11:44.694343+01:00 homeserver guacd[3080237]: Unable to >> read file "/" >> 2024-01-24T20:11:45.013416+01:00 homeserver guacd[3080237]: RDP server >> closed/refused connection: Security negotiation failed (wrong security >> type?) >> 2024-01-24T20:11:45.028627+01:00 homeserver guacd[3080237]: User >> "@2e2a9ed2-486b-4dbc-ba0c-59b21debcdc7" disconnected (0 users remain) >> 2024-01-24T20:11:45.029026+01:00 homeserver guacd[3080237]: Last user >> of connection "$52d96daa-4011-41b5-8451-aa50dbecb4a >> >> Cs. >> >> David Barber <md...@aol.com.invalid> ezt írta (időpont: 2024. jan. >> 24., Sze, 19:06): >> > >> > Not ideal but, if compatible with your network config, try forcing the >> > connection to tls in the guac connection properties, looking at log it >> > is the security type negotiation that is failing >> > >> > Horváth Csaba wrote: >> > > Hi, >> > > >> > > At least not only Gnome Shell related problem. >> > > I tried to log in to a Win10 VM which i created for testing. Remmina >> > > works, but i get the same issue with Guacamole in the logs. >> > > >> > > I used the ad-hoc connection string : >> > > rdp://myuser@192.168.1.146/?security=rdp&ignore-cert=true >> > > >> > > Guessing that Guacamole ignores the ignore-cert option? >> > > >> > > 2024-01-24T18:41:40.780347+01:00 homeserver guacd[257623]: Creating >> > > new client for protocol "rdp" >> > > 2024-01-24T18:41:40.781719+01:00 homeserver guacd[257623]: Connection >> > > ID is "$e73fa88a-7707-4f18-8209-3ee766f87d82" >> > > 2024-01-24T18:41:40.924834+01:00 homeserver guacd[2987651]: No >> > > security mode specified. Defaulting to security mode negotiation with >> > > server. >> > > 2024-01-24T18:41:40.925192+01:00 homeserver guacd[2987651]: Resize >> > > method: none >> > > 2024-01-24T18:41:40.926115+01:00 homeserver guacd[2987651]: User >> > > "@f13bfc35-7c25-4268-850f-c504a54d1676" joined connection >> > > "$e73fa88a-7707-4f18-8209-3ee766f87d82" (1 users now present) >> > > 2024-01-24T18:41:40.935773+01:00 homeserver guacd[2987651]: Loading >> > > keymap "base" >> > > 2024-01-24T18:41:40.936026+01:00 homeserver guacd[2987651]: Loading >> > > keymap "en-us-qwerty" >> > > 2024-01-24T18:41:41.436923+01:00 homeserver guacd[2987651]: >> > > Certificate validation failed >> > > 2024-01-24T18:41:41.440079+01:00 homeserver guacd[2987651]: RDP server >> > > closed/refused connection: SSL/TLS connection failed >> > > (untrusted/self-signed certificate?) >> > > 2024-01-24T18:41:41.446761+01:00 homeserver guacd[2987651]: User >> > > "@f13bfc35-7c25-4268-850f-c504a54d1676" disconnected (0 users remain) >> > > 2024-01-24T18:41:41.447198+01:00 homeserver guacd[2987651]: Last user >> > > of connection "$e73fa88a-7707-4f18-8209-3ee766f87d82" disconnected >> > > 2024-01-24T18:41:41.460660+01:00 homeserver guacd[257623]: Connection >> > > "$e73fa88a-7707-4f18-8209-3ee766f87d82" removed. >> > > 2024-01-24T18:42:16.479436+01:00 homeserver guacd[257623]: Creating >> > > new client for protocol "rdp" >> > > 2024-01-24T18:42:16.479757+01:00 homeserver guacd[257623]: Connection >> > > ID is "$975ac828-47e4-4fba-8bb7-c92ad661c5ad" >> > > 2024-01-24T18:42:16.624905+01:00 homeserver guacd[2988305]: Security >> > > mode: RDP >> > > 2024-01-24T18:42:16.625256+01:00 homeserver guacd[2988305]: Resize >> > > method: none >> > > 2024-01-24T18:42:16.626253+01:00 homeserver guacd[2988305]: User >> > > "@bac1a634-ab13-4618-9322-037912ea98c9" joined connection >> > > "$975ac828-47e4-4fba-8bb7-c92ad661c5ad" (1 users now present) >> > > 2024-01-24T18:42:16.636862+01:00 homeserver guacd[2988305]: Loading >> > > keymap "base" >> > > 2024-01-24T18:42:16.637155+01:00 homeserver guacd[2988305]: Loading >> > > keymap "en-us-qwerty" >> > > 2024-01-24T18:42:17.031774+01:00 homeserver guacd[2988305]: RDP server >> > > closed/refused connection: Server refused connection (wrong security >> > > type?) >> > > 2024-01-24T18:42:17.053627+01:00 homeserver guacd[2988305]: User >> > > "@bac1a634-ab13-4618-9322-037912ea98c9" disconnected (0 users remain) >> > > 2024-01-24T18:42:17.053968+01:00 homeserver guacd[2988305]: Last user >> > > of connection "$975ac828-47e4-4fba-8bb7-c92ad661c5ad" disconnected >> > > 2024-01-24T18:42:17.068018+01:00 homeserver guacd[257623]: Connection >> > > "$975ac828-47e4-4fba-8bb7-c92ad661c5ad" removed. >> > > >> > > >> > > Cs. >> > > >> > > Leslie Mann <lm...@linuxolutions.com> ezt írta (időpont: 2024. jan. >> > > 24., Sze, 0:32): >> > >> I've had success connecting with setting security mode to 'Any' and >> > >> checking the 'Ignore server certificate' box. >> > >> >> > >> Note that the Gnome user has to be logged on in an active session on >> > >> the Linux box (I'm using Fedora) before connecting otherwise you get a >> > >> 'the remote desktop server has forcibly closed the connection'... I >> > >> believe there are changes coming that will allow a connection at any >> > >> time but for now an RDP connection requires the user to have an active >> > >> session not locked. >> > >> >> > >> Les >> > >> >> > >> On Tue, 2024-01-23 at 23:33 +0100, Horváth Csaba wrote: >> > >> >> > >> Hi, >> > >> >> > >> Of course i tested the security options, and none succeeded. >> > >> >> > >> In the meantime i checked with Windows RDP client, and it worked. >> > >> Something special needed for Guacamole, but what...? I suspect TLS >> > >> certs, which is provided by Gnome's RDP Server, but don't know how to >> > >> use with Guacamole. >> > >> >> > >> Cs. >> > >> >> > >> Toine <guacamole.to...@placi.de> ezt írta (időpont: 2024. jan. 23., K >> > >> 22:28): >> > >> >> > >> Le 23/01/2024 à 21:38, Horváth Csaba - horvathcsabalas...@gmail.com a >> > >> écrit : >> > >>> 2024-01-23T21:30:20.148883+01:00 homeserver guacd[1689041]: RDP server >> > >>> closed/refused connection: Server refused connection (wrong security >> > >>> type?) >> > >> Have you tried playing with the security type, for instance with the >> > >> param "security" set to "rdp"? >> > >> >> > >> https://guacamole.apache.org/doc/gug/configuring-guacamole.html#authentication-and-security >> > >> >> > >> Toine >> > >> >> > >> --------------------------------------------------------------------- >> > >> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org >> > >> For additional commands, e-mail: user-h...@guacamole.apache.org >> > >> >> > >> >> > > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org >> > > For additional commands, e-mail: user-h...@guacamole.apache.org >> > > >> > >> > >> > -- >> > Regards >> > David Barber >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org >> > For additional commands, e-mail: user-h...@guacamole.apache.org >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org >> For additional commands, e-mail: user-h...@guacamole.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
