And here is the output for the CentOS machine:
wget -O - https://<centos_fqdn>:22 --2018-04-05
16:22:57-- https://<centos_fqdn>:22/Resolving <centos_fqdn> (<centos_fqdn>)...
<IP>Connecting to <centos_fqdn> (<centos_fqdn>)|<IP>|:22... connected.GnuTLS:
An unexpected TLS packet was received.Unable to establish SSL connection.
Thank you
On Thursday, April 5, 2018, 12:17:16 PM EDT, Tezarin
<[email protected]> wrote:
Thanks much for your reply, here are the outputs:
Thanks in advance
>From inside the dockerhost:
$wget -O - https://<windows_fqdn>:3389
--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed:
Name or service not known.wget: unable to resolve host address
‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o
(xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host
address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving –
(xn--7ug)... failed: Name or service not known.wget: unable to resolve host
address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving –
(xn--7ug)... failed: Name or service not known.wget: unable to resolve host
address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving
<windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn>
(<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s
certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the
issuer's authority.To connect to <windows_fqdn> insecurely, use
`--no-check-certificate'.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate
--2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to
<windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify
<windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to
locally verify the issuer's authority.HTTP request sent, awaiting response...
No data received.Retrying.
---------------From inside the Guacamole docker congtainer:
$wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20--
https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)...
<IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389...
connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The
certificate of '<windows_fqdn>' hasn't got a known issuer.
$wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05
16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn>
(<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of
'<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>'
hasn't got a known issuer.HTTP request sent, awaiting response... No data
received.Retrying.
On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller
<[email protected]> wrote:
Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you
wish to connect to?
On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if
you have connectivity you should see a certificate error where the CN= the
hostname you are trying to connect to. If you can’t then you need to fix your
network routing.
If you can then can you attach to the guacd docker container and run the same
command? (you may have to temporarily install wget inside the container)
sudo docker exec –it <container name/id> /bin/bash
root@lkjljjl> wget –O – https://<windows_fqdn>:3389
that is where I would start. If you prefer other tools over wget, that is fine
too. The point being to test that you have network connectivity between the
host/container and the target. Use whatever tool you are comfortable with.
-Kris
On 4/5/18, 10:32 AM, "Tezarin" <[email protected]> wrote:
Hi,
I sent my complete setup, can someone who has Guacamole working inside the
Docker container please reply to my email?
Thanks
On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin
<[email protected]> wrote:
Hi,
Thank you for your reply. I thought the user-mapping should exist and now I
understand it doesn't have to, since you installation doesn't have it. Thanks.
Here's my scurrent setup:
1) I have a VM called dockerhost (x.x.2.x) which has docker installed on
it.
2) I can access this VM only through our proxy server.
3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward
the port 8080
My local machine's ssh config file for this VM:
Host dockerhost HostName x.domain.com ProxyCommand ssh
user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080
I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have
setup my connections and created a user.
But when I try to connet to my two remote hosts (one CentOS and one Windows
and on another network VPC) it doesn't connect and I can't seem to figure out
why.
----------
My CentOS connection settings:
Name: CentOSLocation: ROOTProtocol: SSH
NetworkHostname: x.x.88.1Port: 22
And left the rest of the fields blank.
------------
My Windows connection settings:
Name: WindowsLocation: ROOTProtocol: RDP
NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest
of the options but no luck with those either)Ignore server certificate: Checked
And left the rest of the fields blank.
------------
There are three docker containers running, some of the logs for each
container are as follows.
Docker logs after I attempt to connect to the CentOS machine:
guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined
connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now
present)guacd[1164]: ERROR: SSH handshake failed.
-------------
Docker logs after I attempt to connect to the Windows machine:
guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method:
noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined
connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now
present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading
keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username
or password not givenguacd[1180]: ERROR: Error connecting to RDP
serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a"
disconnected (0 users remain)guacd[1180]: INFO: Last user of connection
"$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to
x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication
failure, check credentials.If credentials are valid, the NTLMSSP implementation
may be to blame.guacd[1]: INFO: Connection
"$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed.
Could you please help me figure out what the issue is?
Thanks in advance
On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper
<[email protected]> wrote:
On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <[email protected]> wrote:
> Hi all,
> I am new to Guacamole and decided to set that up inside Docker. I followed
> a couple of instructions, i.e. https://guacamole.apache.
> org/doc/gug/guacamole-docker.html
> And
>
> https://www.cb-net.co.uk/linux/running-guacamole-from-
> a-docker-container-on-ubuntu-16-04-lts-16-10/
>
> And now have three docker container: guacamole, guacd and mysql.
OK.
I was able to locate the guacamole.properties file but there is no
> user-mapping.xml file.
>
>
Why are you trying to use user-mapping.xml?
...
> This is my guacamole.properties
>
> cat /root/.guacamole/guacamole.properties# guacamole.properties -
> generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname:
172.17.0.3guacd-port:
> 4822
> #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname:
> 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username:
> guacamolemysql-password: [password]
>
>
Does this mean you have manually edited guacamole.properties after the
container started?
- Mike
