Hello everyone,
I've been struggling on an odd issue since yesterday morning.
A little context :
* We have a Guacamole on premise server installed with docker and ldap
extension for user authentication
* We have some admins accounts under the Admins group which possess all the
priviledges
* MFA is enabled for everyone
Yesterday one admin mistakenly click on the < Disabled > checkbox of the Admins
group and saved the updates.
Therefore none of the admins could connect on the Guacamole web UI so the
impact was limited.
To solve the problem :
* We connected directly on the postgres container and manually modify the
disabled flag of the Admins group to 'f'
That worked just fine, we could reconnect on the Web UI again and on all our
connections except the two Domain controllers...
We tried several things :
* Cloning one of the DC connection and try to reach it -> Failed
* Removing one of the DC connection, recreating it and try to reach it ->
Failed
* Removing one of the admins from the Admins group and giving him the
permission directly on the DC connection -> Failed
* Creating a new Admin Account on the DC with permission to connect on the
Web UI and on the DC connection -> Failed
* Updating the DC connection to use the password directly (Without using
${GUAC_PASSWORD}) -> Failed
* Updating the DC connection to use a local account from the DC -> Failed
* Restarting Guacamole and the DCs -> Not better
Everyting we tried generates the same logs on the guacamole containers :
Log output from the Guacamole service :
08:33:37.339 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" connected to connection "118".
08:33:37.787 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" disconnected from connection "118". Duration: 448 milliseconds
08:37:23.299 [http-nio-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" connected to connection "118".
08:37:23.732 [http-nio-8080-exec-5] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" disconnected from connection "118". Duration: 432 milliseconds
08:37:25.311 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" connected to connection "118".
08:37:25.758 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" disconnected from connection "118". Duration: 447 milliseconds
08:37:59.987 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" connected to connection "118".
08:38:00.437 [http-nio-8080-exec-6] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" disconnected from connection "118". Duration: 450 milliseconds
08:40:15.335 [http-nio-8080-exec-5] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" connected to connection "118".
08:40:15.785 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" disconnected from connection "118". Duration: 450 milliseconds
08:41:46.979 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" connected to connection "118".
08:41:47.415 [http-nio-8080-exec-7] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" disconnected from connection "118". Duration: 436 milliseconds
08:42:44.979 [http-nio-8080-exec-6] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-test" connected to connection "118".
08:42:45.428 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-test" disconnected from connection "118". Duration: 449 milliseconds
08:45:03.739 [http-nio-8080-exec-2] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" connected to connection "118".
08:45:04.200 [http-nio-8080-exec-2] INFO o.a.g.tunnel.TunnelRequestService -
User "admin-ale" disconnected from connection "118". Duration: 461 milliseconds
Log output from the Guad service :
guacd[1]: INFO: Connection "$50207ab8-e395-4f49-a43f-f76f8ff6ae6a" removed.
guacd[1]: INFO: Creating new client for protocol "rdp"
guacd[1]: INFO: Connection ID is "$ba112f6d-0256-4204-b707-3290f047d008"
guacd[4350]: INFO: No security mode specified. Defaulting to security mode
negotiation with server.
guacd[4350]: INFO: Resize method: none
guacd[4350]: INFO: Clipboard line ending normalization: Windows (CRLF)
guacd[4350]: INFO: User "@91d9cb6f-1f21-4536-b696-eb9fd3722d69" joined
connection "$ba112f6d-0256-4204-b707-3290f047d008" (1 users now present)
guacd[4350]: INFO: Loading keymap "base"
guacd[4350]: INFO: Loading keymap "en-us-qwerty"
guacd[4350]: INFO: RDP server closed/refused connection: Authentication
failure (invalid credentials?)
guacd[4350]: INFO: User "@91d9cb6f-1f21-4536-b696-eb9fd3722d69"
disconnected (0 users remain)
guacd[4350]: INFO: Last user of connection
"$ba112f6d-0256-4204-b707-3290f047d008" disconnected
guacd[1]: INFO: Connection "$ba112f6d-0256-4204-b707-3290f047d008" removed.
guacd[1]: INFO: Creating new client for protocol "rdp"
guacd[1]: INFO: Connection ID is "$18b89baa-e7b8-4176-96f0-a926ebfb3f18"
guacd[4376]: INFO: No security mode specified. Defaulting to security mode
negotiation with server.
guacd[4376]: INFO: Resize method: none
guacd[4376]: INFO: Clipboard line ending normalization: Windows (CRLF)
guacd[4376]: INFO: User "@4c4c600a-c239-4523-9b78-7301d47cc100" joined
connection "$18b89baa-e7b8-4176-96f0-a926ebfb3f18" (1 users now present)
guacd[4376]: INFO: Loading keymap "base"
guacd[4376]: INFO: Loading keymap "en-us-qwerty"
guacd[4376]: INFO: RDP server closed/refused connection: Authentication
failure (invalid credentials?)
guacd[4376]: INFO: User "@4c4c600a-c239-4523-9b78-7301d47cc100"
disconnected (0 users remain)
guacd[4376]: INFO: Last user of connection
"$18b89baa-e7b8-4176-96f0-a926ebfb3f18" disconnected
guacd[1]: INFO: Connection "$18b89baa-e7b8-4176-96f0-a926ebfb3f18" removed.
Everytime, the same logs are generated whatever the test scenario...
We've running out of ideas and would appreciate some helps.
Thank you.
Regards
