You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by Tezarin <te...@yahoo.com.INVALID> on 2018/04/03 19:24:50 UTC
Setting up Guacamole inside Docker containers
Hi all,
I am new to Guacamole and decided to set that up inside Docker. I followed a couple of instructions, i.e. https://guacamole.apache.org/doc/gug/guacamole-docker.html
And
https://www.cb-net.co.uk/linux/running-guacamole-from-a-docker-container-on-ubuntu-16-04-lts-16-10/
And now have three docker container: guacamole, guacd and mysql. I was able to locate the guacamole.properties file but there is no user-mapping.xml file.
I have to set up a SSH tunnel to be able to access the GUI, and the remote hosts (one centos and one windows vms) are in different subnets.
I can access the Guacamole web GUI, create users, connections but none of my connections work properly. By looking at the docker logs, I see errors such as:
guacd[1026]: INFO: User "@23ef4d06-022e-4ed7-ac8c-2b088a36ac57" joined connection "$471279da-debb-495f-965d-31d43e0d1075" (1 users now present)guacd[1026]: ERROR: SSH handshake failed.
And
connected to server:3389WARNING: CERTIFICATE NAME MISMATCH!
This is my guacamole.properties
cat /root/.guacamole/guacamole.properties# guacamole.properties - generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port: 4822
#user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname: 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username: guacamolemysql-password: [password]
Any idea how I can fix that?
Thanks in advance
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
Thank you Mike, I will ask the network manager to take a look.
Regards
Sent from my iPad
> On Apr 25, 2018, at 5:07 PM, Mike Jumper <mi...@guac-dev.org> wrote:
>
>> On Wed, Apr 25, 2018 at 2:03 PM, Tezarin <te...@yahoo.com.invalid> wrote:
>>
>> Hi all,
>> I noticed I am not able to connect to any of my CentOS remote devices but
>> Windows are find. The log shows:
>>
>> "o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not
>> WebSocket). Performance may be sub-optimal."
>> And the GUI shows: "The connection has been closed because the server is
>> taking too long to respond. This is usually caused by network problems,
>> such as a spotty wireless signal, or slow network speeds. Please check your
>> network connection and try again or contact your system administrator."
>>
>> How can I fix that?
>>
>
> If you are serving Guacamole behind a reverse proxy like Apache or Nginx,
> make sure you have configured things properly such that WebSocket will work
> and HTTP requests/responses are not buffered:
>
> http://guacamole.apache.org/doc/gug/proxying-guacamole.html
>
> If not, check your network setup. There is likely a proxy or similar
> software between the browser and the Guacamole server which is both
> preventing use of WebSocket and buffering HTTP connections, effectively
> blocking Guacamole communication until the connection closes.
>
> - Mike
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
Perfect, thank you. I will search this forum.
Regards On Wednesday, May 30, 2018, 1:11:05 PM EDT, Nick Couchman <vn...@apache.org> wrote:
On Wed, May 2, 2018 at 11:22 AM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi,
> Do you guys have a scrip that can do some group search and implementation?
>
> # enumerate the (already existing) LDAP group "VPN Users"## get all user
> "samaccountname" (e.g. joe.smith, etc.)# enumerate all the (already
> existing) LDAP groups that match the pattern "*-OS-Admin"# for each LDAP
> group:## ensure there is a guacamole group with this name# for each user:
> ## if they are in an LDAP group "FOO-OS-Admin", add them to the guac group
> "FOO-OS-Admin"
> Thanks
>
>
There aren't any official scripts for this, but I think it's something that
others on the lists have done in the past - it is something that has been
asked before, and I'm fairly certain I've seen people post their
solutions. In any case, it should be pretty easy - use ldapsearch (or your
favorite LDAP searching tool) to search the tree for specific users and get
whatever attributes you want, parse that out, then convert it to a SQL
script and insert the data.
-Nick
Re: Setting up Guacamole inside Docker containers
Posted by Nick Couchman <vn...@apache.org>.
On Wed, May 2, 2018 at 11:22 AM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi,
> Do you guys have a scrip that can do some group search and implementation?
>
> # enumerate the (already existing) LDAP group "VPN Users"## get all user
> "samaccountname" (e.g. joe.smith, etc.)# enumerate all the (already
> existing) LDAP groups that match the pattern "*-OS-Admin"# for each LDAP
> group:## ensure there is a guacamole group with this name# for each user:
> ## if they are in an LDAP group "FOO-OS-Admin", add them to the guac group
> "FOO-OS-Admin"
> Thanks
>
>
There aren't any official scripts for this, but I think it's something that
others on the lists have done in the past - it is something that has been
asked before, and I'm fairly certain I've seen people post their
solutions. In any case, it should be pretty easy - use ldapsearch (or your
favorite LDAP searching tool) to search the tree for specific users and get
whatever attributes you want, parse that out, then convert it to a SQL
script and insert the data.
-Nick
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
Hi,
Do you guys have a scrip that can do some group search and implementation?
# enumerate the (already existing) LDAP group "VPN Users"## get all user "samaccountname" (e.g. joe.smith, etc.)# enumerate all the (already existing) LDAP groups that match the pattern "*-OS-Admin"# for each LDAP group:## ensure there is a guacamole group with this name# for each user:
## if they are in an LDAP group "FOO-OS-Admin", add them to the guac group "FOO-OS-Admin"
Thanks
On Wednesday, April 25, 2018, 5:07:59 PM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Wed, Apr 25, 2018 at 2:03 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I noticed I am not able to connect to any of my CentOS remote devices but
> Windows are find. The log shows:
>
> "o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not
> WebSocket). Performance may be sub-optimal."
> And the GUI shows: "The connection has been closed because the server is
> taking too long to respond. This is usually caused by network problems,
> such as a spotty wireless signal, or slow network speeds. Please check your
> network connection and try again or contact your system administrator."
>
> How can I fix that?
>
If you are serving Guacamole behind a reverse proxy like Apache or Nginx,
make sure you have configured things properly such that WebSocket will work
and HTTP requests/responses are not buffered:
http://guacamole.apache.org/doc/gug/proxying-guacamole.html
If not, check your network setup. There is likely a proxy or similar
software between the browser and the Guacamole server which is both
preventing use of WebSocket and buffering HTTP connections, effectively
blocking Guacamole communication until the connection closes.
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Mike Jumper <mi...@guac-dev.org>.
On Wed, Apr 25, 2018 at 2:03 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I noticed I am not able to connect to any of my CentOS remote devices but
> Windows are find. The log shows:
>
> "o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not
> WebSocket). Performance may be sub-optimal."
> And the GUI shows: "The connection has been closed because the server is
> taking too long to respond. This is usually caused by network problems,
> such as a spotty wireless signal, or slow network speeds. Please check your
> network connection and try again or contact your system administrator."
>
> How can I fix that?
>
If you are serving Guacamole behind a reverse proxy like Apache or Nginx,
make sure you have configured things properly such that WebSocket will work
and HTTP requests/responses are not buffered:
http://guacamole.apache.org/doc/gug/proxying-guacamole.html
If not, check your network setup. There is likely a proxy or similar
software between the browser and the Guacamole server which is both
preventing use of WebSocket and buffering HTTP connections, effectively
blocking Guacamole communication until the connection closes.
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
Hi all,
I noticed I am not able to connect to any of my CentOS remote devices but Windows are find. The log shows:
"o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal."
And the GUI shows: "The connection has been closed because the server is taking too long to respond. This is usually caused by network problems, such as a spotty wireless signal, or slow network speeds. Please check your network connection and try again or contact your system administrator."
How can I fix that?
Thanks in advance On Thursday, April 5, 2018, 1:20:03 PM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Yes, that's exactly what I did:
sudo docker exec -it guacamole /bin/bash
root@1d3fd8272f23:/opt/guacamole# wget -O - https:// ...........:22
Resolving <centos_fqdn> ( <centos_fqdn>)... <IP>Connecting to <centos_fqdn> ( <centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
On Thursday, April 5, 2018, 1:14:25 PM EDT, Kris Keller <kr...@overwatchid.com> wrote:
No, I mean from within the docker container. NOT on the host.
User docker ps to get the name or id of your guacd container. Then use docker exec –it <name|id> /bin/bash to get access to the containers shell where you can issue the same commands.
On 4/5/18, 12:12 PM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
You mean for the SSH? Yes, same result, it resolved the host and got connected with some SSL errors:
GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
I had another windows host which I was able to connect to just now, so there might be something wrong with this other windows VM (the password is not what I thought it was)
Can you please help me with the CentOS one first? :)
Thank you
On Thursday, April 5, 2018, 1:04:05 PM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Yeah, can’t use the wget trick with ssh. What about from within the container? Did you try that? It was hard to tell from your reply.
On 4/5/18, 11:26 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
And here is the output for the CentOS machine:
wget -O - https://<centos_fqdn>:22 --2018-04-05 16:22:57-- https://<centos_fqdn>:22/Resolving <centos_fqdn> (<centos_fqdn>)... <IP>Connecting to <centos_fqdn> (<centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
Thank you
On Thursday, April 5, 2018, 12:17:16 PM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Thanks much for your reply, here are the outputs:
Thanks in advance
From inside the dockerhost:
$wget -O - https://<windows_fqdn>:3389
--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.To connect to <windows_fqdn> insecurely, use `--no-check-certificate'.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate
--2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.HTTP request sent, awaiting response... No data received.Retrying.
---------------From inside the Guacamole docker congtainer:
$wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The certificate of '<windows_fqdn>' hasn't got a known issuer.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05 16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of '<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>' hasn't got a known issuer.HTTP request sent, awaiting response... No data received.Retrying.
On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing.
If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
Yes, that's exactly what I did:
sudo docker exec -it guacamole /bin/bash
root@1d3fd8272f23:/opt/guacamole# wget -O - https:// ...........:22
Resolving <centos_fqdn> ( <centos_fqdn>)... <IP>Connecting to <centos_fqdn> ( <centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
On Thursday, April 5, 2018, 1:14:25 PM EDT, Kris Keller <kr...@overwatchid.com> wrote:
No, I mean from within the docker container. NOT on the host.
User docker ps to get the name or id of your guacd container. Then use docker exec –it <name|id> /bin/bash to get access to the containers shell where you can issue the same commands.
On 4/5/18, 12:12 PM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
You mean for the SSH? Yes, same result, it resolved the host and got connected with some SSL errors:
GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
I had another windows host which I was able to connect to just now, so there might be something wrong with this other windows VM (the password is not what I thought it was)
Can you please help me with the CentOS one first? :)
Thank you
On Thursday, April 5, 2018, 1:04:05 PM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Yeah, can’t use the wget trick with ssh. What about from within the container? Did you try that? It was hard to tell from your reply.
On 4/5/18, 11:26 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
And here is the output for the CentOS machine:
wget -O - https://<centos_fqdn>:22 --2018-04-05 16:22:57-- https://<centos_fqdn>:22/Resolving <centos_fqdn> (<centos_fqdn>)... <IP>Connecting to <centos_fqdn> (<centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
Thank you
On Thursday, April 5, 2018, 12:17:16 PM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Thanks much for your reply, here are the outputs:
Thanks in advance
From inside the dockerhost:
$wget -O - https://<windows_fqdn>:3389
--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.To connect to <windows_fqdn> insecurely, use `--no-check-certificate'.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate
--2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.HTTP request sent, awaiting response... No data received.Retrying.
---------------From inside the Guacamole docker congtainer:
$wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The certificate of '<windows_fqdn>' hasn't got a known issuer.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05 16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of '<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>' hasn't got a known issuer.HTTP request sent, awaiting response... No data received.Retrying.
On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing.
If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Kris Keller <kr...@overwatchid.com>.
No, I mean from within the docker container. NOT on the host.
User docker ps to get the name or id of your guacd container. Then use docker exec –it <name|id> /bin/bash to get access to the containers shell where you can issue the same commands.
On 4/5/18, 12:12 PM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
You mean for the SSH? Yes, same result, it resolved the host and got connected with some SSL errors:
GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
I had another windows host which I was able to connect to just now, so there might be something wrong with this other windows VM (the password is not what I thought it was)
Can you please help me with the CentOS one first? :)
Thank you
On Thursday, April 5, 2018, 1:04:05 PM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Yeah, can’t use the wget trick with ssh. What about from within the container? Did you try that? It was hard to tell from your reply.
On 4/5/18, 11:26 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
And here is the output for the CentOS machine:
wget -O - https://<centos_fqdn>:22 --2018-04-05 16:22:57-- https://<centos_fqdn>:22/Resolving <centos_fqdn> (<centos_fqdn>)... <IP>Connecting to <centos_fqdn> (<centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
Thank you
On Thursday, April 5, 2018, 12:17:16 PM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Thanks much for your reply, here are the outputs:
Thanks in advance
From inside the dockerhost:
$wget -O - https://<windows_fqdn>:3389
--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.To connect to <windows_fqdn> insecurely, use `--no-check-certificate'.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate
--2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.HTTP request sent, awaiting response... No data received.Retrying.
---------------From inside the Guacamole docker congtainer:
$wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The certificate of '<windows_fqdn>' hasn't got a known issuer.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05 16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of '<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>' hasn't got a known issuer.HTTP request sent, awaiting response... No data received.Retrying.
On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing.
If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
You mean for the SSH? Yes, same result, it resolved the host and got connected with some SSL errors:
GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
I had another windows host which I was able to connect to just now, so there might be something wrong with this other windows VM (the password is not what I thought it was)
Can you please help me with the CentOS one first? :)
Thank you
On Thursday, April 5, 2018, 1:04:05 PM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Yeah, can’t use the wget trick with ssh. What about from within the container? Did you try that? It was hard to tell from your reply.
On 4/5/18, 11:26 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
And here is the output for the CentOS machine:
wget -O - https://<centos_fqdn>:22 --2018-04-05 16:22:57-- https://<centos_fqdn>:22/Resolving <centos_fqdn> (<centos_fqdn>)... <IP>Connecting to <centos_fqdn> (<centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
Thank you
On Thursday, April 5, 2018, 12:17:16 PM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Thanks much for your reply, here are the outputs:
Thanks in advance
From inside the dockerhost:
$wget -O - https://<windows_fqdn>:3389
--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.To connect to <windows_fqdn> insecurely, use `--no-check-certificate'.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate
--2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.HTTP request sent, awaiting response... No data received.Retrying.
---------------From inside the Guacamole docker congtainer:
$wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The certificate of '<windows_fqdn>' hasn't got a known issuer.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05 16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of '<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>' hasn't got a known issuer.HTTP request sent, awaiting response... No data received.Retrying.
On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing.
If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Kris Keller <kr...@overwatchid.com>.
Yeah, can’t use the wget trick with ssh. What about from within the container? Did you try that? It was hard to tell from your reply.
On 4/5/18, 11:26 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
And here is the output for the CentOS machine:
wget -O - https://<centos_fqdn>:22 --2018-04-05 16:22:57-- https://<centos_fqdn>:22/Resolving <centos_fqdn> (<centos_fqdn>)... <IP>Connecting to <centos_fqdn> (<centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
Thank you
On Thursday, April 5, 2018, 12:17:16 PM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Thanks much for your reply, here are the outputs:
Thanks in advance
From inside the dockerhost:
$wget -O - https://<windows_fqdn>:3389
--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.To connect to <windows_fqdn> insecurely, use `--no-check-certificate'.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate
--2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.HTTP request sent, awaiting response... No data received.Retrying.
---------------From inside the Guacamole docker congtainer:
$wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The certificate of '<windows_fqdn>' hasn't got a known issuer.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05 16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of '<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>' hasn't got a known issuer.HTTP request sent, awaiting response... No data received.Retrying.
On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing.
If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
And here is the output for the CentOS machine:
wget -O - https://<centos_fqdn>:22 --2018-04-05 16:22:57-- https://<centos_fqdn>:22/Resolving <centos_fqdn> (<centos_fqdn>)... <IP>Connecting to <centos_fqdn> (<centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection.
Thank you
On Thursday, April 5, 2018, 12:17:16 PM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Thanks much for your reply, here are the outputs:
Thanks in advance
From inside the dockerhost:
$wget -O - https://<windows_fqdn>:3389
--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.To connect to <windows_fqdn> insecurely, use `--no-check-certificate'.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate
--2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.HTTP request sent, awaiting response... No data received.Retrying.
---------------From inside the Guacamole docker congtainer:
$wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The certificate of '<windows_fqdn>' hasn't got a known issuer.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05 16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of '<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>' hasn't got a known issuer.HTTP request sent, awaiting response... No data received.Retrying.
On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing.
If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
Thanks much for your reply, here are the outputs:
Thanks in advance
From inside the dockerhost:
$wget -O - https://<windows_fqdn>:3389
--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.To connect to <windows_fqdn> insecurely, use `--no-check-certificate'.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate
--2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.HTTP request sent, awaiting response... No data received.Retrying.
---------------From inside the Guacamole docker congtainer:
$wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The certificate of '<windows_fqdn>' hasn't got a known issuer.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05 16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of '<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>' hasn't got a known issuer.HTTP request sent, awaiting response... No data received.Retrying.
On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller <kr...@overwatchid.com> wrote:
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing.
If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Kris Keller <kr...@overwatchid.com>.
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing.
If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <te...@yahoo.com.INVALID> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
Hi,
I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <te...@yahoo.com.INVALID> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Tezarin <te...@yahoo.com.INVALID>.
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <mi...@guac-dev.org> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
Re: Setting up Guacamole inside Docker containers
Posted by Mike Jumper <mi...@guac-dev.org>.
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <te...@yahoo.com.invalid> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike