You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Kelvin Middleton <ke...@gmail.com> on 2020/01/02 16:30:34 UTC
### Error querying database. Cause: java.sql.SQLException: Access
denied for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
Hi, I'm new to gaucamole so trying to setup my first working conf to test
and am having new user *issues*.
I'm using docker with linux containers on a Windows host and have guacd,
mysql and guacamole all up and running. However when I attempt to load the
web interface at http://localhost/guacamole/ I get a blank webpage and the
docker logs on the guacamole server show...
13:55:54.844 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper -
Unexpected internal error:
### Error querying database. Cause: java.sql.SQLException: Access denied
for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
### The error may exist in
org/apache/guacamole/auth/jdbc/user/UserMapper.xml
### The error may involve
org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
### The error occurred while executing a query
### Cause: java.sql.SQLException: Access denied for user
'guacamole_user'@'xxx.xx.x.x'
(using password: YES)
I've validated the guacamole_user account is working and accepting both
local and remote connections and the grants on the database match all
documentation I've seen.
Am i correct in my interpretation of the docs that when using the docker
images there is no need to manually place the mysql authenication extension
and JDBC drivers as this is taken care of?
Would welcome any suggested reading material or troubleshoot tips.
Thanks,
Kelvin
Re: ### Error querying database. Cause: java.sql.SQLException: Access
denied for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
Posted by Kelvin Middleton <ke...@gmail.com>.
Okay so schoolboy error here, at least I spotted my own mistake, some
saving grace in that at least...
When I sent in my last reply showing the environment variables inside the
guacamole container I noted the variables I was passing were encased in '
marks whereas the variables docker passed resulting from the --link
parameters were not...removing my ' marks solved the problem.
Sorry for wasting your time.
Kelvin
On Fri, 3 Jan 2020 at 10:28, Kelvin Middleton <ke...@gmail.com>
wrote:
> Thanks for the help Nick.
>
> I rechecked the username/password config between the guacamole and mysql
> containers and they both matched but to be double sure I changed the
> password for the guacamole_user account to be very simple but still I get
> the same error.
>
> I believe the below shows a correctly configured mysql account which is
> not limited to subnet, host or otherwise?
>
> bash-4.2# mysql -u root -p
> Enter password:
> Welcome to the MySQL monitor. Commands end with ; or \g.
> Your MySQL connection id is 17
> Server version: 8.0.18 MySQL Community Server - GPL
>
> Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights
> reserved.
>
> Oracle is a registered trademark of Oracle Corporation and/or its
> affiliates. Other names may be trademarks of their respective
> owners.
>
> Type 'help;' or '\h' for help. Type '\c' to clear the current input
> statement.
>
> mysql> select user,host from mysql.user;
> +------------------+-----------+
> | user | host |
> +------------------+-----------+
> | guacamole_user | % |
> | healthchecker | localhost |
> | mysql.infoschema | localhost |
> | mysql.session | localhost |
> | mysql.sys | localhost |
> | root | localhost |
> +------------------+-----------+
> 6 rows in set (0.00 sec)
>
> mysql> show grants for guacamole_user
> -> ;
>
> +----------------------------------------------------------------------------------+
> | Grants for guacamole_user@%
> |
>
> +----------------------------------------------------------------------------------+
> | GRANT USAGE ON *.* TO `guacamole_user`@`%`
> |
> | GRANT SELECT, INSERT, UPDATE, DELETE ON `guacamole_db`.* TO
> `guacamole_user`@`%` |
>
> +----------------------------------------------------------------------------------+
> 2 rows in set (0.01 sec)
>
> Okay so this last part is the bit I'm getting a little confused over, your
> reference to a guacamole.properties file...I have done a lot of reading as
> best I could locate documentation and articles other than @
> https://guacamole.apache.org/doc/gug/ and my current understanding is
> that when using docker containers best practice is to avoid directly
> editing configuration files via a shell and instead pass environment
> variables in the 'docker run' command to supply the necessary credentials,
> at least to get this part of the build working. Am I mistaken?
>
> My comment to creating the guacamole container is as follows..
>
> docker run --name guacamole --link guacd:guacd --link mysql:mysql -e
> MYSQL_DATABASE='guacamole_db' -e MYSQL_USER='guacamole_user' -e
> MYSQL_PASSWORD='password' -d -p 8080:8080 guacamole/guacamole
>
> The below is from a shell on the guacamole container showing the
> environment variables present, I'm leaving the IP's visible as I'm just
> using internal networking for now whilst I get this working...
>
> root@4ad292480b37:/etc# printenv | grep -i mysql
> MYSQL_PASSWORD='password'
> MYSQL_ENV_MYSQL_ROOT_PASSWORD=xxxxxxxxx
> MYSQL_PORT_3306_TCP_PROTO=tcp
> MYSQL_PORT_33060_TCP_PORT=33060
> MYSQL_DATABASE='guacamole_db'
> MYSQL_NAME=/guacamole/mysql
> MYSQL_PORT=tcp://172.17.0.2:3306
> MYSQL_PORT_3306_TCP=tcp://172.17.0.2:3306
> MYSQL_USER='guacamole_user'
> MYSQL_PORT_3306_TCP_PORT=3306
> MYSQL_PORT_3306_TCP_ADDR=172.17.0.2
> MYSQL_PORT_33060_TCP_ADDR=172.17.0.2
> MYSQL_PORT_33060_TCP_PROTO=tcp
> MYSQL_PORT_33060_TCP=tcp://172.17.0.2:33060
>
> Thanks,
>
> Kelvin
>
> On Thu, 2 Jan 2020 at 19:15, Nick Couchman <vn...@apache.org> wrote:
>
>> On Thu, Jan 2, 2020 at 11:30 AM Kelvin Middleton <
>> kelvin.middleton@gmail.com> wrote:
>>
>>> Hi, I'm new to gaucamole so trying to setup my first working conf to
>>> test and am having new user *issues*.
>>>
>>> I'm using docker with linux containers on a Windows host and have guacd,
>>> mysql and guacamole all up and running. However when I attempt to load the
>>> web interface at http://localhost/guacamole/ I get a blank webpage and
>>> the docker logs on the guacamole server show...
>>>
>>> 13:55:54.844 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper
>>> - Unexpected internal error:
>>> ### Error querying database. Cause: java.sql.SQLException: Access
>>> denied for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
>>> ### The error may exist in
>>> org/apache/guacamole/auth/jdbc/user/UserMapper.xml
>>> ### The error may involve
>>> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
>>> ### The error occurred while executing a query
>>> ### Cause: java.sql.SQLException: Access denied for user
>>> 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
>>>
>>> I've validated the guacamole_user account is working and accepting both
>>> local and remote connections and the grants on the database match all
>>> documentation I've seen.
>>>
>>
>> This indicates the following items:
>> 1) The MySQL extension is correctly installed within the Docker image.
>> 2) The MySQL server is up and running and responding.
>> 3) The username or password is incorrectly configured. Since it looks
>> like the account name is correct, I suspect that the password is
>> misconfigured somewhere - either mis-matched between the server and the
>> Guacamole configuration, or not being correctly passed through to the
>> Docker container.
>>
>> I'd suggest that you get a shell going in the Guacamole Client Docker
>> container and look at the guacamole.properties file and make sure that the
>> password for the MySQL extension is present in the file, and the value is
>> what you expect. It's also possible, depending on how you've configured
>> that user account in MySQL, that the IP address being used to access it is
>> not the same as the one you configured when you issued the GRANT statement
>> for the guacamole_user account. Make sure that matches up.
>>
>> -Nick
>>
>>>
Re: ### Error querying database. Cause: java.sql.SQLException: Access
denied for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
Posted by Kelvin Middleton <ke...@gmail.com>.
Thanks for the help Nick.
I rechecked the username/password config between the guacamole and mysql
containers and they both matched but to be double sure I changed the
password for the guacamole_user account to be very simple but still I get
the same error.
I believe the below shows a correctly configured mysql account which is not
limited to subnet, host or otherwise?
bash-4.2# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 8.0.18 MySQL Community Server - GPL
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
mysql> select user,host from mysql.user;
+------------------+-----------+
| user | host |
+------------------+-----------+
| guacamole_user | % |
| healthchecker | localhost |
| mysql.infoschema | localhost |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+------------------+-----------+
6 rows in set (0.00 sec)
mysql> show grants for guacamole_user
-> ;
+----------------------------------------------------------------------------------+
| Grants for guacamole_user@%
|
+----------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `guacamole_user`@`%`
|
| GRANT SELECT, INSERT, UPDATE, DELETE ON `guacamole_db`.* TO
`guacamole_user`@`%` |
+----------------------------------------------------------------------------------+
2 rows in set (0.01 sec)
Okay so this last part is the bit I'm getting a little confused over, your
reference to a guacamole.properties file...I have done a lot of reading as
best I could locate documentation and articles other than @
https://guacamole.apache.org/doc/gug/ and my current understanding is that
when using docker containers best practice is to avoid directly editing
configuration files via a shell and instead pass environment variables in
the 'docker run' command to supply the necessary credentials, at least to
get this part of the build working. Am I mistaken?
My comment to creating the guacamole container is as follows..
docker run --name guacamole --link guacd:guacd --link mysql:mysql -e
MYSQL_DATABASE='guacamole_db' -e MYSQL_USER='guacamole_user' -e
MYSQL_PASSWORD='password' -d -p 8080:8080 guacamole/guacamole
The below is from a shell on the guacamole container showing the
environment variables present, I'm leaving the IP's visible as I'm just
using internal networking for now whilst I get this working...
root@4ad292480b37:/etc# printenv | grep -i mysql
MYSQL_PASSWORD='password'
MYSQL_ENV_MYSQL_ROOT_PASSWORD=xxxxxxxxx
MYSQL_PORT_3306_TCP_PROTO=tcp
MYSQL_PORT_33060_TCP_PORT=33060
MYSQL_DATABASE='guacamole_db'
MYSQL_NAME=/guacamole/mysql
MYSQL_PORT=tcp://172.17.0.2:3306
MYSQL_PORT_3306_TCP=tcp://172.17.0.2:3306
MYSQL_USER='guacamole_user'
MYSQL_PORT_3306_TCP_PORT=3306
MYSQL_PORT_3306_TCP_ADDR=172.17.0.2
MYSQL_PORT_33060_TCP_ADDR=172.17.0.2
MYSQL_PORT_33060_TCP_PROTO=tcp
MYSQL_PORT_33060_TCP=tcp://172.17.0.2:33060
Thanks,
Kelvin
On Thu, 2 Jan 2020 at 19:15, Nick Couchman <vn...@apache.org> wrote:
> On Thu, Jan 2, 2020 at 11:30 AM Kelvin Middleton <
> kelvin.middleton@gmail.com> wrote:
>
>> Hi, I'm new to gaucamole so trying to setup my first working conf to test
>> and am having new user *issues*.
>>
>> I'm using docker with linux containers on a Windows host and have guacd,
>> mysql and guacamole all up and running. However when I attempt to load the
>> web interface at http://localhost/guacamole/ I get a blank webpage and
>> the docker logs on the guacamole server show...
>>
>> 13:55:54.844 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper
>> - Unexpected internal error:
>> ### Error querying database. Cause: java.sql.SQLException: Access denied
>> for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
>> ### The error may exist in
>> org/apache/guacamole/auth/jdbc/user/UserMapper.xml
>> ### The error may involve
>> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
>> ### The error occurred while executing a query
>> ### Cause: java.sql.SQLException: Access denied for user 'guacamole_user'@'xxx.xx.x.x'
>> (using password: YES)
>>
>> I've validated the guacamole_user account is working and accepting both
>> local and remote connections and the grants on the database match all
>> documentation I've seen.
>>
>
> This indicates the following items:
> 1) The MySQL extension is correctly installed within the Docker image.
> 2) The MySQL server is up and running and responding.
> 3) The username or password is incorrectly configured. Since it looks
> like the account name is correct, I suspect that the password is
> misconfigured somewhere - either mis-matched between the server and the
> Guacamole configuration, or not being correctly passed through to the
> Docker container.
>
> I'd suggest that you get a shell going in the Guacamole Client Docker
> container and look at the guacamole.properties file and make sure that the
> password for the MySQL extension is present in the file, and the value is
> what you expect. It's also possible, depending on how you've configured
> that user account in MySQL, that the IP address being used to access it is
> not the same as the one you configured when you issued the GRANT statement
> for the guacamole_user account. Make sure that matches up.
>
> -Nick
>
>>
Re: ### Error querying database. Cause: java.sql.SQLException: Access
denied for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Jan 2, 2020 at 11:30 AM Kelvin Middleton <ke...@gmail.com>
wrote:
> Hi, I'm new to gaucamole so trying to setup my first working conf to test
> and am having new user *issues*.
>
> I'm using docker with linux containers on a Windows host and have guacd,
> mysql and guacamole all up and running. However when I attempt to load the
> web interface at http://localhost/guacamole/ I get a blank webpage and
> the docker logs on the guacamole server show...
>
> 13:55:54.844 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper -
> Unexpected internal error:
> ### Error querying database. Cause: java.sql.SQLException: Access denied
> for user 'guacamole_user'@'xxx.xx.x.x' (using password: YES)
> ### The error may exist in
> org/apache/guacamole/auth/jdbc/user/UserMapper.xml
> ### The error may involve
> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
> ### The error occurred while executing a query
> ### Cause: java.sql.SQLException: Access denied for user 'guacamole_user'@'xxx.xx.x.x'
> (using password: YES)
>
> I've validated the guacamole_user account is working and accepting both
> local and remote connections and the grants on the database match all
> documentation I've seen.
>
This indicates the following items:
1) The MySQL extension is correctly installed within the Docker image.
2) The MySQL server is up and running and responding.
3) The username or password is incorrectly configured. Since it looks like
the account name is correct, I suspect that the password is misconfigured
somewhere - either mis-matched between the server and the Guacamole
configuration, or not being correctly passed through to the Docker
container.
I'd suggest that you get a shell going in the Guacamole Client Docker
container and look at the guacamole.properties file and make sure that the
password for the MySQL extension is present in the file, and the value is
what you expect. It's also possible, depending on how you've configured
that user account in MySQL, that the IP address being used to access it is
not the same as the one you configured when you issued the GRANT statement
for the guacamole_user account. Make sure that matches up.
-Nick
>