You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by David Ramirez <da...@gmail.com> on 2023/03/13 23:10:47 UTC
HELP NEEDED: Cannot connect to Win10 over Guacamole with DB Authentication enabled.
Good evening/night/morning to you all!
Following up the environment explained earlier, I am now trying to connect
to a Windows 10 connection created by the Guacadmin User and assigned to a
user. The connection fails before showing the logs, here is a quick
overview of the environment:
Internet -- NGNIX Reverse Proxy --- Guacamole Server --- Win 10 connection.
Guacamole 1.5.0 running on ubuntu 20.04 and Tomcat 9.
The Guacamole Server IP is 10.X.14.254. <-- I change the second octet on
the IP to "X"
Tomcat running on port 8080.
Guacamole server is running over port 4822.
This environment was operating when I was not using database authentication.
In order to find the error I am running Guacamole Server in DEBUG mode and
I can see several obvious errors which I may know the answer to but I
really need the group's assistance on this.
Errors found:
- To simplify reading this email, the logs are at the bottom of it.
- As I am running Guacamole as the daemon user, its home directory is
/usr/sbin which obviously the guacamole daemon does not have permissions to
write to.
- Please refer to the logs marked below in *BOLD*.
- After several messages on the log, the error now changes to: unable to
read file "/" which I believe has to do with the files and certificates the
daemon was unable to write.
- Please refer a little bit below to the final section of logs marked
as *BOLD*.
What I have looked for so far:
- I believe my problem is that the daemon user cannot write on the path
so I won't be able to connect.
- This should be fixed by running guacamole with another user.
- I did try to find some instructions on this list on how to
configure the daemon to run as a different user but I could not find the
instructions I believe I saw a few weeks ago on this list.
- Looking around past posts, I found this from @ivanmarcus on the list:
- https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0
- On his instructions, he adds a step to set the location of the
freedrp shared objects to what I think is a world writable
directory but I
may be wrong:
-
ln -s /usr/share/java/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/
mkdir -p /usr/lib/$(dpkg-architecture -qDEB_BUILD_GNU_TYPE)/freerdp
ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/$(dpkg-architecture
-qDEB_BUILD_GNU_TYPE)/freerdp/
-
ldconfig
- Problem is that when I try to replicate his instructions, I cannot
find any freerdp shared objects on my Guacamole installation, only
reference to some "rdp" files and directories but not any reference to
"freerdp"
- This makes me think I may be looking at the wrong side of things.
HELP NEEDED:
- How would you solve this?
- Do you have any instructions on how to install and run guacamole not
as root/daemon?
Thanks a lot for the help!
Below are the log entries for the above comments.
Thanks again for the help.
David.
*Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: WARNING:#011FreeRDP
initialization may fail: The current user's home directory ("/usr/sbin") is
not writable, but FreeRDP generally requires a writable home directory for
storage of configuration files and certificates.*Mar 9 22:54:06 devpod-1
guacd[2754]: guacd[2754]: INFO:#011No security mode specified. Defaulting
to security mode negotiation with server.
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Resize method:
none
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011No clipboard
line-ending normalization specified. Defaulting to preserving the format of
all line endings.
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011User
"@d7306d3b-6613-4500-b22c-c40d54f8389d" joined connection
"$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" (1 users now present)
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Loading keymap
"base"
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Loading keymap
"en-us-qwerty"
*Mar 9 22:54:06 devpod-1 guacd[2754]: FreeRDP initialization may fail: The
current user's home directory ("/usr/sbin") is not writable, but FreeRDP
generally requires a writable home directory for storage of configuration
files and certificates.*
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public
org.apache.guacamole.net.GuacamoleTunnel
org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser,org.apache.guacamole.auth.jdbc.connection.ModeledConnection,org.apache.guacamole.protocol.GuacamoleClientInformation,java.util.Map<java.lang.String,
java.lang.String>) throws org.apache.guacamole.GuacamoleException] -
SqlSession not set for thread: 23, creating a new one
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1225840338
from pool.
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1225840338 ...
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1225840338 is GOOD!
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC
Connection [com.mysql.cj.jdbc.ConnectionImpl@4910d6d2]
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.950 [http-nio-8080-exec-3]
DEBUG o.a.g.a.j.c.C.insert - ==> Preparing: INSERT INTO
guacamole_connection_history ( connection_id, connection_name, remote_host,
sharing_profile_id, sharing_profile_name, user_id, username, start_date,
end_date ) VALUES ( ?, ?, ?, ?, ?, (SELECT user_id FROM guacamole_user JOIN
guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name = ? AND guacamole_entity.type = 'USER'), ?, ?,
? )
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.950 [http-nio-8080-exec-3]
DEBUG o.a.g.a.j.c.C.insert - ==> Parameters: 1(String), Win10(String), 10.
*X*.14.254(String), null, null, Threatwise(String), Threatwise(String),
2023-03-09 22:54:05.949(Timestamp), null
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.951 [http-nio-8080-exec-3]
DEBUG o.a.g.a.j.c.C.insert - <== Updates: 1
Mar 9 22:54:06 devpod-1 guacd[2754]: No security mode specified.
Defaulting to security mode negotiation with server.
[...]
*Mar 9 22:54:06 devpod-1 guacd[2754]: Unable to read file "/"Mar 9
22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Unable to read file
"/"Mar 9 22:54:06 devpod-1 guacd[2754]: RDP server closed/refused
connection: Security negotiation failed (wrong security type?)Mar 9
22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011RDP server
closed/refused connection: Security negotiation failed (wrong security
type?)*Mar 9 22:54:06 devpod-1 guacd[2754]: User
"@d7306d3b-6613-4500-b22c-c40d54f8389d" disconnected (0 users remain)
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011User
"@d7306d3b-6613-4500-b22c-c40d54f8389d" disconnected (0 users remain)
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Last user of
connection "$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" disconnected
Mar 9 22:54:06 devpod-1 guacd[2754]: Last user of connection
"$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" disconnected
Mar 9 22:54:06 devpod-1 guacd[2568]: Connection
"$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" removed.
Mar 9 22:54:06 devpod-1 guacd[2568]: guacd[2568]: INFO:#011Connection
"$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" removed.
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.507 [http-nio-8080-exec-8]
INFO o.a.g.tunnel.TunnelRequestService - User "myusername" disconnected
from connection "1". Duration: 490 milliseconds
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.508 [http-nio-8080-exec-8]
DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.508 [Thread-8] DEBUG
o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Connection to guacd closed.
Mar 9 22:54:06 devpod-1 tomcat9[643]:
org.apache.guacamole.GuacamoleConnectionClosedException: Connection to
guacd is closed.
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:183)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.io.ReaderGuacamoleReader.readInstruction(ReaderGuacamoleReader.java:195)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:80)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:80)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.protocol.FilteredGuacamoleReader.read(FilteredGuacamoleReader.java:63)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:246)
Mar 9 22:54:06 devpod-1 tomcat9[643]: Caused by: java.net.SocketException:
Socket closed
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/java.net.SocketInputStream.read(SocketInputStream.java:183)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/java.io.InputStreamReader.read(InputStreamReader.java:181)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:169)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011... 5 common frames omitted
Re: HELP NEEDED: Cannot connect to Win10 over Guacamole with DB Authentication enabled.
Posted by Ivanmarcus <iv...@yahoo.com.INVALID>.
David,
Good that it sorted your problem.
Re documentation; it does seem to be an oft-repeated issue, so a note to
assist people during installation could well be worthwhile.
If you look at the present native installation instructions here:
https://guacamole.apache.org/doc/gug/installing-guacamole.html
and the source here:
https://guacamole.apache.org/doc/gug/_sources/installing-guacamole.md.txt
You will get an idea of the form of the documentation and perhaps from
that how best to contribute an addition.
In my view keeping it short and to the point would be best, bearing in
mind it is really a freerdp issue, and more of a sysadmin task as you say.
From there you could submit your work to Jira (I think you have an
account?) for inclusion in the official guide.
Note I've said the above not being sure whether there is any protocol
around the documentation, or submissions on it! I seem to recollect some
discussion on this a while ago, but it may have been more to do with
content delivery rather than the content itself. In any event I expect
if I'm wildly wrong a gentle pointer in the right direction will ensue :)
Otherwise thanks for taking the time to pursue this.
On 14/03/23 18:36, David Ramirez wrote:
> Well, that was that! Unwritable directory it was indeed.
> What worked better for me was the following answer by Nick:
> https://lists.apache.org/list?user@guacamole.apache.org:2022-10:freerdp%20home%20directory <https://lists.apache.org/list?user@guacamole.apache.org:2022-10:freerdp%20home%20directory>
> That said, I do believe we should document this somewhere. I can send an
> email here with all the related instructions or better yet, add a small
> section on the documentation, if this is even allowed to do over it as
> these are pure Linux sysadmin tasks.
> What do the Gurus recommend:
> 1. Create a bug to add it to the documentation.
> 1.a. I may even try to learn how to document it myself if that is even
> possible.
> 2. Send here an email with the step by step instructions for posterity
> and easy to search.
>
> Thanks again @ivanmarcus for the instructions!
> Have a good one you all!
> David.
>
> On Mon, Mar 13, 2023 at 5:41 PM David Ramirez <davidrmz@gmail.com
> <ma...@gmail.com>> wrote:
>
> Thanks a lot for the quick answer @ivanmarcus. I will take care of
> the permissions/daemon issues and get back to the group.
> Regards,
> David.
>
> On Mon, Mar 13, 2023 at 5:31 PM Ivanmarcus
> <iv...@yahoo.com.invalid> wrote:
>
> David,
>
> With respect to the error you're seeing, these links should give
> you
> some assistance (you probably only need to look at one, they mostly
> reiterate the same thing):
>
> https://lists.apache.org/thread/64x199p7kj6j1ct36z0hzgqy6l0x5yzx
> <https://lists.apache.org/thread/64x199p7kj6j1ct36z0hzgqy6l0x5yzx>
>
> https://lists.apache.org/list?user@guacamole.apache.org:2022-8:freerdp%20home%20directory <https://lists.apache.org/list?user@guacamole.apache.org:2022-8:freerdp%20home%20directory>
>
> https://lists.apache.org/list?user@guacamole.apache.org:2022-10:freerdp%20home%20directory <https://lists.apache.org/list?user@guacamole.apache.org:2022-10:freerdp%20home%20directory>
>
> As for my set of notes; the installation was indeed carried out
> as root,
> but before going too far with further suggestions perhaps you could
> respond back after dealing with your user/directory parms etc?
>
>
> On 14/03/23 12:10, David Ramirez wrote:
> > Good evening/night/morning to you all!
> > Following up the environment explained earlier, I am now
> trying to
> > connect to a Windows 10 connection created by the Guacadmin
> User and
> > assigned to a user. The connection fails before showing the
> logs, here
> > is a quick overview of the environment:
> >
> > Internet -- NGNIX Reverse Proxy --- Guacamole Server --- Win
> 10 connection.
> > Guacamole 1.5.0 running on ubuntu 20.04 and Tomcat 9.
> > The Guacamole Server IP is 10.X.14.254. <-- I change the
> second octet on
> > the IP to "X"
> > Tomcat running on port 8080.
> > Guacamole server is running over port 4822.
> > This environment was operating when I was not using database
> authentication.
> >
> > In order to find the error I am running Guacamole Server in
> DEBUG mode
> > and I can see several obvious errors which I may know the
> answer to but
> > I really need the group's assistance on this.
> > Errors found:
> >
> > * To simplify reading this email, the logs are at the
> bottom of it.
> > * As I am running Guacamole as the daemon user, its home
> directory is
> > /usr/sbin which obviously the guacamole daemon does not have
> > permissions to write to.
> > o Please refer to the logs marked below in *BOLD*.
> > * After several messages on the log, the error now changes
> to: unable
> > to read file "/" which I believe has to do with the files and
> > certificates the daemon was unable to write.
> > o Please refer a little bit below to the final section
> of logs
> > marked as *BOLD*.
> >
> > What I have looked for so far:
> >
> > * I believe my problem is that the daemon user cannot write
> on the
> > path so I won't be able to connect.
> > o This should be fixed by running guacamole with
> another user.
> > o I did try to find some instructions on this list on
> how to
> > configure the daemon to run as a different user but I
> could not
> > find the instructions I believe I saw a few weeks ago
> on this list.
> > * Looking around past posts, I found this from @ivanmarcus
> on the list:
> > o
> https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0
> <https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0>
> >
> <https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0 <https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0>>
> > o On his instructions, he adds a step to set the
> location of the
> > freedrp shared objects to what I think is a world
> writable
> > directory but I may be wrong:
> > o
> >
> > ln -s /usr/share/java/mysql-connector-java-8.0.28.jar
> > /etc/guacamole/lib/ mkdir -p /usr/lib/$(dpkg-architecture
> > -qDEB_BUILD_GNU_TYPE)/freerdp ln -s
> > /usr/local/lib/freerdp/guac*.so
> /usr/lib/$(dpkg-architecture
> > -qDEB_BUILD_GNU_TYPE)/freerdp/
> >
> > o
> >
> > ldconfig
> >
> > * Problem is that when I try to replicate his instructions,
> I cannot
> > find any freerdp shared objects on my Guacamole
> installation, only
> > reference to some "rdp" files and directories but not any
> reference
> > to "freerdp"
> > o This makes me think I may be looking at the wrong
> side of things.
> >
> >
> > HELP NEEDED:
> >
> > * How would you solve this?
> > * Do you have any instructions on how to install and run
> guacamole not
> > as root/daemon?
> >
> > Thanks a lot for the help!
> >
> > Below are the log entries for the above comments.
> >
> > Thanks again for the help.
> > David.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> <ma...@guacamole.apache.org>
> For additional commands, e-mail: user-help@guacamole.apache.org
> <ma...@guacamole.apache.org>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: HELP NEEDED: Cannot connect to Win10 over Guacamole with DB Authentication enabled.
Posted by David Ramirez <da...@gmail.com>.
Well, that was that! Unwritable directory it was indeed.
What worked better for me was the following answer by Nick:
https://lists.apache.org/list?user@guacamole.apache.org:2022-10:freerdp%20home%20directory
That said, I do believe we should document this somewhere. I can send an
email here with all the related instructions or better yet, add a small
section on the documentation, if this is even allowed to do over it as
these are pure Linux sysadmin tasks.
What do the Gurus recommend:
1. Create a bug to add it to the documentation.
1.a. I may even try to learn how to document it myself if that is even
possible.
2. Send here an email with the step by step instructions for posterity and
easy to search.
Thanks again @ivanmarcus for the instructions!
Have a good one you all!
David.
On Mon, Mar 13, 2023 at 5:41 PM David Ramirez <da...@gmail.com> wrote:
> Thanks a lot for the quick answer @ivanmarcus. I will take care of the
> permissions/daemon issues and get back to the group.
> Regards,
> David.
>
> On Mon, Mar 13, 2023 at 5:31 PM Ivanmarcus <iv...@yahoo.com.invalid>
> wrote:
>
>> David,
>>
>> With respect to the error you're seeing, these links should give you
>> some assistance (you probably only need to look at one, they mostly
>> reiterate the same thing):
>>
>> https://lists.apache.org/thread/64x199p7kj6j1ct36z0hzgqy6l0x5yzx
>>
>>
>> https://lists.apache.org/list?user@guacamole.apache.org:2022-8:freerdp%20home%20directory
>>
>>
>> https://lists.apache.org/list?user@guacamole.apache.org:2022-10:freerdp%20home%20directory
>>
>> As for my set of notes; the installation was indeed carried out as root,
>> but before going too far with further suggestions perhaps you could
>> respond back after dealing with your user/directory parms etc?
>>
>>
>> On 14/03/23 12:10, David Ramirez wrote:
>> > Good evening/night/morning to you all!
>> > Following up the environment explained earlier, I am now trying to
>> > connect to a Windows 10 connection created by the Guacadmin User and
>> > assigned to a user. The connection fails before showing the logs, here
>> > is a quick overview of the environment:
>> >
>> > Internet -- NGNIX Reverse Proxy --- Guacamole Server --- Win 10
>> connection.
>> > Guacamole 1.5.0 running on ubuntu 20.04 and Tomcat 9.
>> > The Guacamole Server IP is 10.X.14.254. <-- I change the second octet
>> on
>> > the IP to "X"
>> > Tomcat running on port 8080.
>> > Guacamole server is running over port 4822.
>> > This environment was operating when I was not using database
>> authentication.
>> >
>> > In order to find the error I am running Guacamole Server in DEBUG mode
>> > and I can see several obvious errors which I may know the answer to but
>> > I really need the group's assistance on this.
>> > Errors found:
>> >
>> > * To simplify reading this email, the logs are at the bottom of it.
>> > * As I am running Guacamole as the daemon user, its home directory is
>> > /usr/sbin which obviously the guacamole daemon does not have
>> > permissions to write to.
>> > o Please refer to the logs marked below in *BOLD*.
>> > * After several messages on the log, the error now changes to: unable
>> > to read file "/" which I believe has to do with the files and
>> > certificates the daemon was unable to write.
>> > o Please refer a little bit below to the final section of logs
>> > marked as *BOLD*.
>> >
>> > What I have looked for so far:
>> >
>> > * I believe my problem is that the daemon user cannot write on the
>> > path so I won't be able to connect.
>> > o This should be fixed by running guacamole with another user.
>> > o I did try to find some instructions on this list on how to
>> > configure the daemon to run as a different user but I could not
>> > find the instructions I believe I saw a few weeks ago on this
>> list.
>> > * Looking around past posts, I found this from @ivanmarcus on the
>> list:
>> > o
>> https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0
>> > <
>> https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0>
>> > o On his instructions, he adds a step to set the location of the
>> > freedrp shared objects to what I think is a world writable
>> > directory but I may be wrong:
>> > o
>> >
>> > ln -s /usr/share/java/mysql-connector-java-8.0.28.jar
>> > /etc/guacamole/lib/ mkdir -p /usr/lib/$(dpkg-architecture
>> > -qDEB_BUILD_GNU_TYPE)/freerdp ln -s
>> > /usr/local/lib/freerdp/guac*.so /usr/lib/$(dpkg-architecture
>> > -qDEB_BUILD_GNU_TYPE)/freerdp/
>> >
>> > o
>> >
>> > ldconfig
>> >
>> > * Problem is that when I try to replicate his instructions, I cannot
>> > find any freerdp shared objects on my Guacamole installation, only
>> > reference to some "rdp" files and directories but not any reference
>> > to "freerdp"
>> > o This makes me think I may be looking at the wrong side of
>> things.
>> >
>> >
>> > HELP NEEDED:
>> >
>> > * How would you solve this?
>> > * Do you have any instructions on how to install and run guacamole not
>> > as root/daemon?
>> >
>> > Thanks a lot for the help!
>> >
>> > Below are the log entries for the above comments.
>> >
>> > Thanks again for the help.
>> > David.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
>> For additional commands, e-mail: user-help@guacamole.apache.org
>>
>>
Re: HELP NEEDED: Cannot connect to Win10 over Guacamole with DB Authentication enabled.
Posted by David Ramirez <da...@gmail.com>.
Thanks a lot for the quick answer @ivanmarcus. I will take care of the
permissions/daemon issues and get back to the group.
Regards,
David.
On Mon, Mar 13, 2023 at 5:31 PM Ivanmarcus <iv...@yahoo.com.invalid>
wrote:
> David,
>
> With respect to the error you're seeing, these links should give you
> some assistance (you probably only need to look at one, they mostly
> reiterate the same thing):
>
> https://lists.apache.org/thread/64x199p7kj6j1ct36z0hzgqy6l0x5yzx
>
>
> https://lists.apache.org/list?user@guacamole.apache.org:2022-8:freerdp%20home%20directory
>
>
> https://lists.apache.org/list?user@guacamole.apache.org:2022-10:freerdp%20home%20directory
>
> As for my set of notes; the installation was indeed carried out as root,
> but before going too far with further suggestions perhaps you could
> respond back after dealing with your user/directory parms etc?
>
>
> On 14/03/23 12:10, David Ramirez wrote:
> > Good evening/night/morning to you all!
> > Following up the environment explained earlier, I am now trying to
> > connect to a Windows 10 connection created by the Guacadmin User and
> > assigned to a user. The connection fails before showing the logs, here
> > is a quick overview of the environment:
> >
> > Internet -- NGNIX Reverse Proxy --- Guacamole Server --- Win 10
> connection.
> > Guacamole 1.5.0 running on ubuntu 20.04 and Tomcat 9.
> > The Guacamole Server IP is 10.X.14.254. <-- I change the second octet on
> > the IP to "X"
> > Tomcat running on port 8080.
> > Guacamole server is running over port 4822.
> > This environment was operating when I was not using database
> authentication.
> >
> > In order to find the error I am running Guacamole Server in DEBUG mode
> > and I can see several obvious errors which I may know the answer to but
> > I really need the group's assistance on this.
> > Errors found:
> >
> > * To simplify reading this email, the logs are at the bottom of it.
> > * As I am running Guacamole as the daemon user, its home directory is
> > /usr/sbin which obviously the guacamole daemon does not have
> > permissions to write to.
> > o Please refer to the logs marked below in *BOLD*.
> > * After several messages on the log, the error now changes to: unable
> > to read file "/" which I believe has to do with the files and
> > certificates the daemon was unable to write.
> > o Please refer a little bit below to the final section of logs
> > marked as *BOLD*.
> >
> > What I have looked for so far:
> >
> > * I believe my problem is that the daemon user cannot write on the
> > path so I won't be able to connect.
> > o This should be fixed by running guacamole with another user.
> > o I did try to find some instructions on this list on how to
> > configure the daemon to run as a different user but I could not
> > find the instructions I believe I saw a few weeks ago on this
> list.
> > * Looking around past posts, I found this from @ivanmarcus on the list:
> > o https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0
> > <
> https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0>
> > o On his instructions, he adds a step to set the location of the
> > freedrp shared objects to what I think is a world writable
> > directory but I may be wrong:
> > o
> >
> > ln -s /usr/share/java/mysql-connector-java-8.0.28.jar
> > /etc/guacamole/lib/ mkdir -p /usr/lib/$(dpkg-architecture
> > -qDEB_BUILD_GNU_TYPE)/freerdp ln -s
> > /usr/local/lib/freerdp/guac*.so /usr/lib/$(dpkg-architecture
> > -qDEB_BUILD_GNU_TYPE)/freerdp/
> >
> > o
> >
> > ldconfig
> >
> > * Problem is that when I try to replicate his instructions, I cannot
> > find any freerdp shared objects on my Guacamole installation, only
> > reference to some "rdp" files and directories but not any reference
> > to "freerdp"
> > o This makes me think I may be looking at the wrong side of things.
> >
> >
> > HELP NEEDED:
> >
> > * How would you solve this?
> > * Do you have any instructions on how to install and run guacamole not
> > as root/daemon?
> >
> > Thanks a lot for the help!
> >
> > Below are the log entries for the above comments.
> >
> > Thanks again for the help.
> > David.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>
Re: HELP NEEDED: Cannot connect to Win10 over Guacamole with DB Authentication enabled.
Posted by Ivanmarcus <iv...@yahoo.com.INVALID>.
David,
With respect to the error you're seeing, these links should give you
some assistance (you probably only need to look at one, they mostly
reiterate the same thing):
https://lists.apache.org/thread/64x199p7kj6j1ct36z0hzgqy6l0x5yzx
https://lists.apache.org/list?user@guacamole.apache.org:2022-8:freerdp%20home%20directory
https://lists.apache.org/list?user@guacamole.apache.org:2022-10:freerdp%20home%20directory
As for my set of notes; the installation was indeed carried out as root,
but before going too far with further suggestions perhaps you could
respond back after dealing with your user/directory parms etc?
On 14/03/23 12:10, David Ramirez wrote:
> Good evening/night/morning to you all!
> Following up the environment explained earlier, I am now trying to
> connect to a Windows 10 connection created by the Guacadmin User and
> assigned to a user. The connection fails before showing the logs, here
> is a quick overview of the environment:
>
> Internet -- NGNIX Reverse Proxy --- Guacamole Server --- Win 10 connection.
> Guacamole 1.5.0 running on ubuntu 20.04 and Tomcat 9.
> The Guacamole Server IP is 10.X.14.254. <-- I change the second octet on
> the IP to "X"
> Tomcat running on port 8080.
> Guacamole server is running over port 4822.
> This environment was operating when I was not using database authentication.
>
> In order to find the error I am running Guacamole Server in DEBUG mode
> and I can see several obvious errors which I may know the answer to but
> I really need the group's assistance on this.
> Errors found:
>
> * To simplify reading this email, the logs are at the bottom of it.
> * As I am running Guacamole as the daemon user, its home directory is
> /usr/sbin which obviously the guacamole daemon does not have
> permissions to write to.
> o Please refer to the logs marked below in *BOLD*.
> * After several messages on the log, the error now changes to: unable
> to read file "/" which I believe has to do with the files and
> certificates the daemon was unable to write.
> o Please refer a little bit below to the final section of logs
> marked as *BOLD*.
>
> What I have looked for so far:
>
> * I believe my problem is that the daemon user cannot write on the
> path so I won't be able to connect.
> o This should be fixed by running guacamole with another user.
> o I did try to find some instructions on this list on how to
> configure the daemon to run as a different user but I could not
> find the instructions I believe I saw a few weeks ago on this list.
> * Looking around past posts, I found this from @ivanmarcus on the list:
> o https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0
> <https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0>
> o On his instructions, he adds a step to set the location of the
> freedrp shared objects to what I think is a world writable
> directory but I may be wrong:
> o
>
> ln -s /usr/share/java/mysql-connector-java-8.0.28.jar
> /etc/guacamole/lib/ mkdir -p /usr/lib/$(dpkg-architecture
> -qDEB_BUILD_GNU_TYPE)/freerdp ln -s
> /usr/local/lib/freerdp/guac*.so /usr/lib/$(dpkg-architecture
> -qDEB_BUILD_GNU_TYPE)/freerdp/
>
> o
>
> ldconfig
>
> * Problem is that when I try to replicate his instructions, I cannot
> find any freerdp shared objects on my Guacamole installation, only
> reference to some "rdp" files and directories but not any reference
> to "freerdp"
> o This makes me think I may be looking at the wrong side of things.
>
>
> HELP NEEDED:
>
> * How would you solve this?
> * Do you have any instructions on how to install and run guacamole not
> as root/daemon?
>
> Thanks a lot for the help!
>
> Below are the log entries for the above comments.
>
> Thanks again for the help.
> David.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org