You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Neumen - Juan Prigoshin <jp...@autoneumen.com> on 2020/06/03 14:24:18 UTC
Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Both jar files and guacamole.properties, are they in the Server with Guacamole Client? The client it’s the one connecting to database.
I think MariaDB it’s only necesary for Client not guacd server.
A imaginary installation :
· Server 1 : guacd service
· Server 2 : Tomcat + Guacamole client WAR + guacamole.properties + MariaDB
You installation is :
· Server 1 : guacd service + MariaDB
· Server 2 : Tomcat + Guacamole client WAR + guacamole.properties
?
If you cannot connect from de Guacamole client server with
mysql –user=guacamole_user –-password guacamole_db –h <ip Guacamole DB>
Maybe then MariaDB don’t allow connections from outside localhost??
De: MARTINEZ, ARIEL [mailto:AMARTINEZ@hostos.cuny.edu]
Enviado el: miércoles, 03 de junio de 2020 11:13 a.m.
Para: user@guacamole.apache.org
Asunto: RE: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
I have both .jar files in their respective locations in the extensions and lib directories.
My DB is mariadb and I have added the authentication settings to guacamole.properties. I’m able to connect to the Guacamole database running the command mysql –user=guacamole_user –-password guacamole_db –h localhost on the database server, but not from the Guacamole Client server.
Since the database is on another server, other than firewall rules to allow communication over port 3306, is anything else required on the Guacamole Client server to connect to the remote database?
From: Neumen - Juan Prigoshin <jp...@autoneumen.com>
Sent: Tuesday, June 2, 2020 8:06 PM
To: user@guacamole.apache.org
Subject: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Importance: Low
Have you copy guacamole-auth-jdbc-mysql-1.1.0.jar to extensions directory? And mysql-connector-java-8.0.20.jar to lib directory?
In the guacamole.properties you add the auth for the database??
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: <password>
In the terminal, using this parameters, work the conection?
mysql –user=guacamole_user –-password guacamole_db –h localhost
Sorry if my questions are simple, sometimes happines it’s in simple things
Juan
De: MARTINEZ, ARIEL [mailto:AMARTINEZ@hostos.cuny.edu]
Enviado el: martes, 02 de junio de 2020 08:46 p.m.
Para: user@guacamole.apache.org
Asunto: RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
In configuring the database authentication after going through all the steps I am now getting an error in the guacamole login page. Disabling the database connection info in the guacamole.properties file removes the error, so I know it is a db issue.
I tried looking at the catalina.out file to see what the issue is but nothing is being logged. Is logging enabled by default or do I need to add something somewhere to get the debug logging?
Thanks again.
From: Nick Couchman <vn...@apache.org>
Sent: Tuesday, June 2, 2020 4:54 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu> wrote:
Thanks. I am making progress and have moved on to the database authentication extension. I want to be sure I am configuring things in the right place. The instructions outlined in Chapter 6 of the instructions, all of this is happening on the server with tomcat or is it happening on the server with guacd?
The authentication is done by the Guacamole Client piece, which runs in Tomcat or a comparable Java container. So, all of the configuration related to database and authentication will be done on the server running Guacamole Client (Tomcat).
-nick
RE: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with
separate servers for DMZ and Internal Setup
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
That was spot on. Thanks so much.
From: Charaoui, Jérôme <jc...@cmaisonneuve.qc.ca>
Sent: Wednesday, June 3, 2020 1:55 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Hello,
Le 20-06-03 à 13 h 52, MARTINEZ, ARIEL a écrit :
I got to Chapter 7 for the LDAP configuration after configuring the DB authentication and am having issues logging in with Active Directory accounts. I looked at the logs and the LDAP binding is working properly because it finds the user. But when I try to log in, nothing happens. I will not be extending the schema on our LDAP server, so is it a requirement that a matching
user in the Guacamole database be created for LDAP to work?
I noticed this happening when I had debugging enabled.
The LDAP plugin seems to generate so much debugging data that it significantly slows down the client.
Solution was to disable debugging, and LDAP logins started to work.
-- Jerome
Re: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with
separate servers for DMZ and Internal Setup
Posted by Charaoui,
Jérôme <jc...@cmaisonneuve.qc.ca>.
Hello,
Le 20-06-03 à 13 h 52, MARTINEZ, ARIEL a écrit :
I got to Chapter 7 for the LDAP configuration after configuring the DB authentication and am having issues logging in with Active Directory accounts. I looked at the logs and the LDAP binding is working properly because it finds the user. But when I try to log in, nothing happens. I will not be extending the schema on our LDAP server, so is it a requirement that a matching
user in the Guacamole database be created for LDAP to work?
I noticed this happening when I had debugging enabled.
The LDAP plugin seems to generate so much debugging data that it significantly slows down the client.
Solution was to disable debugging, and LDAP logins started to work.
-- Jerome
RE: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with
separate servers for DMZ and Internal Setup
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
I got to Chapter 7 for the LDAP configuration after configuring the DB authentication and am having issues logging in with Active Directory accounts. I looked at the logs and the LDAP binding is working properly because it finds the user. But when I try to log in, nothing happens. I will not be extending the schema on our LDAP server, so is it a requirement that a matching
user in the Guacamole database be created for LDAP to work?
From: Nick Couchman <vn...@apache.org>
Sent: Wednesday, June 3, 2020 11:40 AM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
On Wed, Jun 3, 2020 at 11:34 AM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
In case someone else has this issue, using the mysql Connector/J 5.1.49 worked. It does not work with the latest GA release and mariadb 5.5.65.
This is slated to be fixed in 1.2.0:
https://issues.apache.org/jira/browse/GUACAMOLE-852
-Nick
Re: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with
separate servers for DMZ and Internal Setup
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Jun 3, 2020 at 11:34 AM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>
wrote:
> In case someone else has this issue, using the mysql Connector/J 5.1.49
> worked. It does not work with the latest GA release and mariadb 5.5.65.
>
>
>
This is slated to be fixed in 1.2.0:
https://issues.apache.org/jira/browse/GUACAMOLE-852
-Nick
RE: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with
separate servers for DMZ and Internal Setup
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
In case someone else has this issue, using the mysql Connector/J 5.1.49 worked. It does not work with the latest GA release and mariadb 5.5.65.
From: MARTINEZ, ARIEL
Sent: Wednesday, June 3, 2020 11:01 AM
To: 'user@guacamole.apache.org' <us...@guacamole.apache.org>
Subject: RE: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
My setup is
Server 1: guacd service
Server 2: Tomcat + Guacamole client WAR (guacamole.properties)
Server 3: MariaDB
I tried disabling SELINUX and it had no effect.
From: MARTINEZ, ARIEL
Sent: Wednesday, June 3, 2020 10:29 AM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: RE: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
I have an entry that allows any host for testing. Also I confirmed that the Client server can get to the database server over 3306. I saw another thread in the mailing list about SELINUX possibly needing to be disabled. I am going to try that.
Other than that, I’m wondering if I need to use an older version of the mysql java connector. I’m on CentOS 7 and mariadb 5.5.65
From: Neumen - Juan Prigoshin <jp...@autoneumen.com>>
Sent: Wednesday, June 3, 2020 10:24 AM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Importance: Low
WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: reportspam@hostos.cuny.edu<ma...@hostos.cuny.edu>
Both jar files and guacamole.properties, are they in the Server with Guacamole Client? The client it’s the one connecting to database.
I think MariaDB it’s only necesary for Client not guacd server.
A imaginary installation :
* Server 1 : guacd service
* Server 2 : Tomcat + Guacamole client WAR + guacamole.properties + MariaDB
You installation is :
* Server 1 : guacd service + MariaDB
* Server 2 : Tomcat + Guacamole client WAR + guacamole.properties
?
If you cannot connect from de Guacamole client server with
mysql –user=guacamole_user –-password guacamole_db –h <ip Guacamole DB>
Maybe then MariaDB don’t allow connections from outside localhost??
De: MARTINEZ, ARIEL [mailto:AMARTINEZ@hostos.cuny.edu]
Enviado el: miércoles, 03 de junio de 2020 11:13 a.m.
Para: user@guacamole.apache.org<ma...@guacamole.apache.org>
Asunto: RE: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
I have both .jar files in their respective locations in the extensions and lib directories.
My DB is mariadb and I have added the authentication settings to guacamole.properties. I’m able to connect to the Guacamole database running the command mysql –user=guacamole_user –-password guacamole_db –h localhost on the database server, but not from the Guacamole Client server.
Since the database is on another server, other than firewall rules to allow communication over port 3306, is anything else required on the Guacamole Client server to connect to the remote database?
From: Neumen - Juan Prigoshin <jp...@autoneumen.com>>
Sent: Tuesday, June 2, 2020 8:06 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Importance: Low
Have you copy guacamole-auth-jdbc-mysql-1.1.0.jar to extensions directory? And mysql-connector-java-8.0.20.jar to lib directory?
In the guacamole.properties you add the auth for the database??
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: <password>
In the terminal, using this parameters, work the conection?
mysql –user=guacamole_user –-password guacamole_db –h localhost
Sorry if my questions are simple, sometimes happines it’s in simple things
Juan
De: MARTINEZ, ARIEL [mailto:AMARTINEZ@hostos.cuny.edu]
Enviado el: martes, 02 de junio de 2020 08:46 p.m.
Para: user@guacamole.apache.org<ma...@guacamole.apache.org>
Asunto: RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
In configuring the database authentication after going through all the steps I am now getting an error in the guacamole login page. Disabling the database connection info in the guacamole.properties file removes the error, so I know it is a db issue.
I tried looking at the catalina.out file to see what the issue is but nothing is being logged. Is logging enabled by default or do I need to add something somewhere to get the debug logging?
Thanks again.
From: Nick Couchman <vn...@apache.org>>
Sent: Tuesday, June 2, 2020 4:54 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks. I am making progress and have moved on to the database authentication extension. I want to be sure I am configuring things in the right place. The instructions outlined in Chapter 6 of the instructions, all of this is happening on the server with tomcat or is it happening on the server with guacd?
The authentication is done by the Guacamole Client piece, which runs in Tomcat or a comparable Java container. So, all of the configuration related to database and authentication will be done on the server running Guacamole Client (Tomcat).
-nick
RE: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with
separate servers for DMZ and Internal Setup
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
My setup is
Server 1: guacd service
Server 2: Tomcat + Guacamole client WAR (guacamole.properties)
Server 3: MariaDB
I tried disabling SELINUX and it had no effect.
From: MARTINEZ, ARIEL
Sent: Wednesday, June 3, 2020 10:29 AM
To: user@guacamole.apache.org
Subject: RE: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
I have an entry that allows any host for testing. Also I confirmed that the Client server can get to the database server over 3306. I saw another thread in the mailing list about SELINUX possibly needing to be disabled. I am going to try that.
Other than that, I’m wondering if I need to use an older version of the mysql java connector. I’m on CentOS 7 and mariadb 5.5.65
From: Neumen - Juan Prigoshin <jp...@autoneumen.com>>
Sent: Wednesday, June 3, 2020 10:24 AM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Importance: Low
WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: reportspam@hostos.cuny.edu<ma...@hostos.cuny.edu>
Both jar files and guacamole.properties, are they in the Server with Guacamole Client? The client it’s the one connecting to database.
I think MariaDB it’s only necesary for Client not guacd server.
A imaginary installation :
* Server 1 : guacd service
* Server 2 : Tomcat + Guacamole client WAR + guacamole.properties + MariaDB
You installation is :
* Server 1 : guacd service + MariaDB
* Server 2 : Tomcat + Guacamole client WAR + guacamole.properties
?
If you cannot connect from de Guacamole client server with
mysql –user=guacamole_user –-password guacamole_db –h <ip Guacamole DB>
Maybe then MariaDB don’t allow connections from outside localhost??
De: MARTINEZ, ARIEL [mailto:AMARTINEZ@hostos.cuny.edu]
Enviado el: miércoles, 03 de junio de 2020 11:13 a.m.
Para: user@guacamole.apache.org<ma...@guacamole.apache.org>
Asunto: RE: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
I have both .jar files in their respective locations in the extensions and lib directories.
My DB is mariadb and I have added the authentication settings to guacamole.properties. I’m able to connect to the Guacamole database running the command mysql –user=guacamole_user –-password guacamole_db –h localhost on the database server, but not from the Guacamole Client server.
Since the database is on another server, other than firewall rules to allow communication over port 3306, is anything else required on the Guacamole Client server to connect to the remote database?
From: Neumen - Juan Prigoshin <jp...@autoneumen.com>>
Sent: Tuesday, June 2, 2020 8:06 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Importance: Low
Have you copy guacamole-auth-jdbc-mysql-1.1.0.jar to extensions directory? And mysql-connector-java-8.0.20.jar to lib directory?
In the guacamole.properties you add the auth for the database??
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: <password>
In the terminal, using this parameters, work the conection?
mysql –user=guacamole_user –-password guacamole_db –h localhost
Sorry if my questions are simple, sometimes happines it’s in simple things
Juan
De: MARTINEZ, ARIEL [mailto:AMARTINEZ@hostos.cuny.edu]
Enviado el: martes, 02 de junio de 2020 08:46 p.m.
Para: user@guacamole.apache.org<ma...@guacamole.apache.org>
Asunto: RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
In configuring the database authentication after going through all the steps I am now getting an error in the guacamole login page. Disabling the database connection info in the guacamole.properties file removes the error, so I know it is a db issue.
I tried looking at the catalina.out file to see what the issue is but nothing is being logged. Is logging enabled by default or do I need to add something somewhere to get the debug logging?
Thanks again.
From: Nick Couchman <vn...@apache.org>>
Sent: Tuesday, June 2, 2020 4:54 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks. I am making progress and have moved on to the database authentication extension. I want to be sure I am configuring things in the right place. The instructions outlined in Chapter 6 of the instructions, all of this is happening on the server with tomcat or is it happening on the server with guacd?
The authentication is done by the Guacamole Client piece, which runs in Tomcat or a comparable Java container. So, all of the configuration related to database and authentication will be done on the server running Guacamole Client (Tomcat).
-nick
RE: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with
separate servers for DMZ and Internal Setup
Posted by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu>.
I have an entry that allows any host for testing. Also I confirmed that the Client server can get to the database server over 3306. I saw another thread in the mailing list about SELINUX possibly needing to be disabled. I am going to try that.
Other than that, I’m wondering if I need to use an older version of the mysql java connector. I’m on CentOS 7 and mariadb 5.5.65
From: Neumen - Juan Prigoshin <jp...@autoneumen.com>
Sent: Wednesday, June 3, 2020 10:24 AM
To: user@guacamole.apache.org
Subject: [EXTERNAL] [Suspected SPAM] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Importance: Low
WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: reportspam@hostos.cuny.edu<ma...@hostos.cuny.edu>
Both jar files and guacamole.properties, are they in the Server with Guacamole Client? The client it’s the one connecting to database.
I think MariaDB it’s only necesary for Client not guacd server.
A imaginary installation :
* Server 1 : guacd service
* Server 2 : Tomcat + Guacamole client WAR + guacamole.properties + MariaDB
You installation is :
* Server 1 : guacd service + MariaDB
* Server 2 : Tomcat + Guacamole client WAR + guacamole.properties
?
If you cannot connect from de Guacamole client server with
mysql –user=guacamole_user –-password guacamole_db –h <ip Guacamole DB>
Maybe then MariaDB don’t allow connections from outside localhost??
De: MARTINEZ, ARIEL [mailto:AMARTINEZ@hostos.cuny.edu]
Enviado el: miércoles, 03 de junio de 2020 11:13 a.m.
Para: user@guacamole.apache.org<ma...@guacamole.apache.org>
Asunto: RE: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
I have both .jar files in their respective locations in the extensions and lib directories.
My DB is mariadb and I have added the authentication settings to guacamole.properties. I’m able to connect to the Guacamole database running the command mysql –user=guacamole_user –-password guacamole_db –h localhost on the database server, but not from the Guacamole Client server.
Since the database is on another server, other than firewall rules to allow communication over port 3306, is anything else required on the Guacamole Client server to connect to the remote database?
From: Neumen - Juan Prigoshin <jp...@autoneumen.com>>
Sent: Tuesday, June 2, 2020 8:06 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
Importance: Low
Have you copy guacamole-auth-jdbc-mysql-1.1.0.jar to extensions directory? And mysql-connector-java-8.0.20.jar to lib directory?
In the guacamole.properties you add the auth for the database??
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: <password>
In the terminal, using this parameters, work the conection?
mysql –user=guacamole_user –-password guacamole_db –h localhost
Sorry if my questions are simple, sometimes happines it’s in simple things
Juan
De: MARTINEZ, ARIEL [mailto:AMARTINEZ@hostos.cuny.edu]
Enviado el: martes, 02 de junio de 2020 08:46 p.m.
Para: user@guacamole.apache.org<ma...@guacamole.apache.org>
Asunto: RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
In configuring the database authentication after going through all the steps I am now getting an error in the guacamole login page. Disabling the database connection info in the guacamole.properties file removes the error, so I know it is a db issue.
I tried looking at the catalina.out file to see what the issue is but nothing is being logged. Is logging enabled by default or do I need to add something somewhere to get the debug logging?
Thanks again.
From: Nick Couchman <vn...@apache.org>>
Sent: Tuesday, June 2, 2020 4:54 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL <AM...@hostos.cuny.edu>> wrote:
Thanks. I am making progress and have moved on to the database authentication extension. I want to be sure I am configuring things in the right place. The instructions outlined in Chapter 6 of the instructions, all of this is happening on the server with tomcat or is it happening on the server with guacd?
The authentication is done by the Guacamole Client piece, which runs in Tomcat or a comparable Java container. So, all of the configuration related to database and authentication will be done on the server running Guacamole Client (Tomcat).
-nick