Closed ghost closed 9 months ago
Can you check that the volume for database persistence is still populated and mounted to the container correctly?
It is, has not changed. I can log in as her, but not myself.
hmmm, I do see the TOTP extension is loaded not sure that would be it. Have you tried changing the problem accounts password from the new account or does the new account not have sufficient privilege. I just tested on my own instance of 1.5.3 and no issue creating multiple users and logging in as all of them.
New user is not admin, it's only got access to one vm, so when you log in and put in TOTP, it auto launches the rdp session. I tried looking at guac docs but couldn't find a good way to reset password of main account. I tried the insert user command here, but the included psql doesn't like the @ sign.
You could potentially try copying the salt/hash/date columns from the known working user to the "broken" user. Or querying the tables to make sure that the other user is still present and table columns look sane
Could you hit me with some commands? I'm not very experienced with psql.
I would have to go exploring through the database, which might have to wait until morning. Calculting the needed values to insert into gaucamole_entity shouldn't be bad. My go to site for weird calculation things like this is [CyberChef](https://cyberchef.io/#recipe=Generate_UUID()SHA2('256',64,160)) which seems to have all the necessary function (SHA, UUID, etc.) that would be needed here.
I tried my hand at it but it doesn't look like the included postgres has anything for handling sha/hex.
Using: SELECT decode(encode(digest(gen_random_uuid()::text, 'sha256'), 'hex'), 'hex') AS salt
function gen_random_uuid() does not exist
Using: WITH salt AS (
guacamole_db(# SELECT decode(encode(digest(uuid_generate_v4()::text, 'sha256'), 'hex'), 'hex') AS salt
guacamole_db(# )
ERROR: function digest(text, unknown) does not exist
LINE 2: SELECT decode(encode(digest(uuid_generate_v4()::text, 's...
^
HINT: No function matches the given name and argument types. You might need to add explicit type casts.
Right which is why I said one would have to "hand generate" the hex strings using a site like I linked.
I did that, I tried putting it in manually for the MySql that was on the site, then went to ChatGPT to give me postgres equivalent and it gave me this:
-- Ensure the uuid-ossp extension is available for UUID generation
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-- Create base entity entry for user
INSERT INTO guacamole_entity (name, type)
VALUES ('myuser', 'USER');
-- Create user and hash password with salt
WITH salt AS (
SELECT decode(encode(digest(uuid_generate_v4()::text, 'sha256'), 'hex'), 'hex') AS salt
)
INSERT INTO guacamole_user (
entity_id,
password_salt,
password_hash,
password_date
)
SELECT
e.entity_id,
s.salt,
decode(encode(digest(CONCAT('mypassword', encode(s.salt, 'hex')), 'sha256'), 'hex'), 'hex'),
CURRENT_TIMESTAMP
FROM
guacamole_entity e,
salt s
WHERE
e.name = 'myuser'
AND e.type = 'USER';
But I replaced the decode stuff with the hash that was generated. Still gave me errors. At this point I'm not sure which errors go with which attempts because I've been shotgunning combinations.
If you manually generated the password_salt and password_hash (not using postgres functions just regular SHA256 generation) and inserting those into the table I'm not sure where else to go. Like I suggested before you could copy the password_salt and password_hash from the known working user to a new user or you could give the working account admin permissions using the guacamole_system_permission
table as a way back in.
I think at this point it's just faster to delete my config directory and re-create the container. I'll do that. Thanks for the help though!
No problem, can't say I've run into this been creating/deleting users for a while but I'll poke a little more to see if there is something strange going on.
Describe Your Problem:
I've been using this container successfully for the past year or so, I created my wife as a second user, now my user says "Invalid Login"
Logs:
Screenshots:
Environment: