On Thu, Oct 31, 2024 at 5:01 AM Fabien Bellay <fabien.bel...@meteodyn.com.invalid> wrote:
> Hello everyone, > > > > I’ve been struggling on an odd issue since yesterday morning. > > *A little context* : > > - We have a Guacamole on premise server installed with docker and ldap > extension for user authentication > - We have some admins accounts under the Admins group which possess > all the priviledges > - MFA is enabled for everyone > > > > Yesterday one admin mistakenly click on the « Disabled » checkbox of the > Admins group and saved the updates. > > Therefore none of the admins could connect on the Guacamole web UI so the > impact was limited. > > > > *To solve the problem* : > > - We connected directly on the postgres container and manually modify > the disabled flag of the Admins group to ‘f’ > > > > That worked just fine, we could reconnect on the Web UI again and on all > our connections except the two Domain controllers… > > > I seem to remember that recent versions of Windows have a group policy for the domain controllers that enables an extra security requirement that is (currently) incompatible with Guacamole. I'm having trouble remembering exactly what that setting is, but someone on the list at some point in the past year or so tracked it down and figured out what was going on and why the DCs were rejecting the connections. If I stumble across that list entry I'll reply with it - or maybe someone else on the list will respond in the meantime with the information. -Nick >
