You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by EricSten <ia...@gmail.com> on 2017/09/20 00:11:57 UTC
Issues with mysql/mariadb authentication
I'm having difficulties getting mysql/mariadb authentication to work with
0.9.13 on CentOS 7.
Environment:
CentOS 7
Tomcat 7.0.76
Guacamole 0.9.13 client and server, both compiled on the server
Mysql ver 15.1 distrib 5.5.56-MariaDB
mysql-connector-java-5.1.44-bin
OpenJDK version 1.8.0_144
So Guacamole is working perfectly fine using the user-mapping.xml
configuration. SSH and RDP sessions open beautifully. When I configure it
to use database authentication I run into issues.
The database has been created and populated via the scripts provided, I have
confirmed that the guacamole user can log into the database.
Guacamole.properties is configured properly to use mysql authentication.
When I try to connect when mysql authentication is turned on I just get a
blank screen. Debug logging results in /### Cause:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link
failure/ messages and j/ava.net.SocketException: Permission denied (connect
failed)/ messages plus a lot of other java information.
Searching the web I found lots of suggestions, which I tried with no change.
Tried the following:
Setting a specific bind-address="0.0.0.0" or "127.0.0.1" in /etc/my.cnf
_JAVA_OPTIONS="-Djava.net.preferIPv4Stack=true" in environment variables
to force IPV4 only
Made sure no firewall running
Set wait-timeout to 500
Suggestions from -->
https://stackoverflow.com/questions/6865538/solving-a-communications-link-failure-with-jdbc-and-mysql
I can telnet to port 3306 on the server verifying that mysql is running.
Snippet of error messages -
### Error querying database. Cause:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link
failure
Sep 19 15:27:48 centos server: The last packet sent successfully to the
server was 0 milliseconds ago. The driver has not received any packets from
the server.
Sep 19 15:27:48 centos server: ### The error may exist in
org/apache/guacamole/auth/jdbc/user/UserMapper.xml
Sep 19 15:27:48 centos server: ### The error may involve
org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
Sep 19 15:27:48 centos server: ### The error occurred while executing a
query
Sep 19 15:27:48 centos server: ### Cause:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link
failure
Sep 19 15:27:48 centos server: The last packet sent successfully to the
server was 0 milliseconds ago. The driver has not received any packets from
the server.
Sep 19 15:27:48 centos server: 15:27:48.205 [http-bio-8080-exec-3] DEBUG
o.a.g.rest.RESTExceptionWrapper - Unexpected error in REST endpoint.
Sep 19 15:27:48 centos server:
org.apache.ibatis.exceptions.PersistenceException:
Sep 19 15:27:48 centos server: ### Error querying database. Cause:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link
failure
Sep 19 15:27:48 centos server: The last packet sent successfully to the
server was 0 milliseconds ago. The driver has not received any packets from
the server.
Sep 19 15:27:48 centos server: ### The error may exist in
org/apache/guacamole/auth/jdbc/user/UserMapper.xml
Sep 19 15:27:48 centos server: ### The error may involve
org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
Sep 19 15:27:48 centos server: ### The error occurred while executing a
query
Sep 19 15:27:48 centos server: ### Cause:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link
failure
Sep 19 15:27:48 centos server: The last packet sent successfully to the
server was 0 milliseconds ago. The driver has not received any packets from
the server.
Anybody else have this experience/suggestions on how to resolve?
Thanks
Eric Sten
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: Issues with mysql/mariadb authentication
Posted by Der PCFreak <ma...@pcfreak.de>.
more details here:
https://linux.die.net/man/8/mysqld_selinux
On 21.09.2017 15:35, Nick Couchman wrote:
> On Wed, Sep 20, 2017 at 9:03 PM, Eric Sten <iam.ericsten@gmail.com
> <ma...@gmail.com>> wrote:
>
> Mike, Nick.
> After turning SELinux back on I found that the mysql_connect_any
> setting is OFF when I ran a getsebool -a | grep mysql. After
> setting it to be on with the /setsebool mysql_connect_any 1 /I am
> able to authenticate into Guacamole using mysql without errors and
> with SELinux enabled.
>
> In case it helps the CentOS I installed is from the
> CentOS-7-x86_64-Minimal-1708.iso. I downloaded it on 9/16.
>
> Thanks again for the assistance from both of you.
>
> Eric Sten
>
>
> Good to know, thanks! Still curious that neither Mike or I has hit
> that issue, but you did. Maybe something changed in the most recent
> CentOS.
>
> -Nick
Re: Issues with mysql/mariadb authentication
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Sep 20, 2017 at 9:03 PM, Eric Sten <ia...@gmail.com> wrote:
> Mike, Nick.
>
> After turning SELinux back on I found that the mysql_connect_any setting
> is OFF when I ran a getsebool -a | grep mysql. After setting it to be on
> with the *setsebool mysql_connect_any 1 *I am able to authenticate into
> Guacamole using mysql without errors and with SELinux enabled.
>
> In case it helps the CentOS I installed is from the
> CentOS-7-x86_64-Minimal-1708.iso. I downloaded it on 9/16.
>
> Thanks again for the assistance from both of you.
>
> Eric Sten
>
>
Good to know, thanks! Still curious that neither Mike or I has hit that
issue, but you did. Maybe something changed in the most recent CentOS.
-Nick
Re: Issues with mysql/mariadb authentication
Posted by Eric Sten <ia...@gmail.com>.
Mike, Nick.
After turning SELinux back on I found that the mysql_connect_any setting
is OFF when I ran a getsebool -a | grep mysql. After setting it to be on
with the *setsebool mysql_connect_any 1 *I am able to authenticate into
Guacamole using mysql without errors and with SELinux enabled.
In case it helps the CentOS I installed is from the
CentOS-7-x86_64-Minimal-1708.iso. I downloaded it on 9/16.
Thanks again for the assistance from both of you.
Eric Sten
--
Eric Sten
Visit Trixies Tales, adventures of a domestic dog. — www.trixiestales.com
On September 19, 2017 at 10:34:04 PM, Mike Jumper (mike.jumper@guac-dev.org)
wrote:
On Tue, Sep 19, 2017 at 7:29 PM, Eric Sten <ia...@gmail.com> wrote:
> Nick,
>
> That was exactly the issue! Once I disabled SELinux and rebooted the
> database authentication worked like a charm!
>
Interesting - I've never encountered this on all the CentOS + SELinux
deployments I've dealt with thus far. Mind reporting back when you
determine what setsebool, etc. is necessary to allow things to work
properly with SELinux enabled?
Thanks,
- Mike
Re: Issues with mysql/mariadb authentication
Posted by vnick <vn...@apache.org>.
Mike Jumper wrote
> On Tue, Sep 19, 2017 at 7:29 PM, Eric Sten <
> iam.ericsten@
> > wrote:
>
>> Nick,
>>
>> That was exactly the issue! Once I disabled SELinux and rebooted the
>> database authentication worked like a charm!
>>
>
> Interesting - I've never encountered this on all the CentOS + SELinux
> deployments I've dealt with thus far. Mind reporting back when you
> determine what setsebool, etc. is necessary to allow things to work
> properly with SELinux enabled?
>
> Thanks,
>
> - Mike
Yeah, Eric,
I would not leave it disabled - now that you've figured out SELinux was
causing the issue, figure out how to fix it rather than just turning it off
:-). I also have not encountered this with CentOS or RHEL and Postgres, so
interesting that you're hitting this issue.
-Nick
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: Issues with mysql/mariadb authentication
Posted by Mike Jumper <mi...@guac-dev.org>.
On Tue, Sep 19, 2017 at 7:29 PM, Eric Sten <ia...@gmail.com> wrote:
> Nick,
>
> That was exactly the issue! Once I disabled SELinux and rebooted the
> database authentication worked like a charm!
>
Interesting - I've never encountered this on all the CentOS + SELinux
deployments I've dealt with thus far. Mind reporting back when you
determine what setsebool, etc. is necessary to allow things to work
properly with SELinux enabled?
Thanks,
- Mike
Re: Issues with mysql/mariadb authentication
Posted by Eric Sten <ia...@gmail.com>.
Nick,
That was exactly the issue! Once I disabled SELinux and rebooted the
database authentication worked like a charm! Thank you again for all your
help.
Eric
--
Eric Sten
Visit Trixies Tales, adventures of a domestic dog. — www.trixiestales.com
On September 19, 2017 at 8:36:22 PM, vnick (vnick@apache.org) wrote:
> EricSten wrote
>
> When I try to connect when mysql authentication is turned on I just get a
> blank screen. Debug logging results in /### Cause:
> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications
> link
> failure/ messages and j/ava.net.SocketException: Permission denied
> (connect
> failed)/ messages plus a lot of other java information.
>
>
> Eric,
> Is SELinux enabled on the system (output of "getenforce" command)?
>
> Also, when you created the MySQL user account, what did you use for the
> host? I'm wondering if it's set up to use a specific host (127.0.0.1 or
> maybe the IPv4 Ethernet address) but Guacamole is trying to communicate
> via
> the socket or some other IP? Can you post the guacamole.properties file,
> minus the actual password?
>
> -Nick
>
>
>
> --
> Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
>
Re: Issues with mysql/mariadb authentication
Posted by vnick <vn...@apache.org>.
EricSten wrote
> When I try to connect when mysql authentication is turned on I just get a
> blank screen. Debug logging results in /### Cause:
> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications
> link
> failure/ messages and j/ava.net.SocketException: Permission denied
> (connect
> failed)/ messages plus a lot of other java information.
Eric,
Is SELinux enabled on the system (output of "getenforce" command)?
Also, when you created the MySQL user account, what did you use for the
host? I'm wondering if it's set up to use a specific host (127.0.0.1 or
maybe the IPv4 Ethernet address) but Guacamole is trying to communicate via
the socket or some other IP? Can you post the guacamole.properties file,
minus the actual password?
-Nick
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/