Hi all, I noticed I am not able to connect to any of my CentOS remote devices but Windows are find. The log shows:
"o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal." And the GUI shows: "The connection has been closed because the server is taking too long to respond. This is usually caused by network problems, such as a spotty wireless signal, or slow network speeds. Please check your network connection and try again or contact your system administrator." How can I fix that? Thanks in advance On Thursday, April 5, 2018, 1:20:03 PM EDT, Tezarin <[email protected]> wrote: Yes, that's exactly what I did: sudo docker exec -it guacamole /bin/bash root@1d3fd8272f23:/opt/guacamole# wget -O - https:// ...........:22 Resolving <centos_fqdn> ( <centos_fqdn>)... <IP>Connecting to <centos_fqdn> ( <centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection. On Thursday, April 5, 2018, 1:14:25 PM EDT, Kris Keller <[email protected]> wrote: No, I mean from within the docker container. NOT on the host. User docker ps to get the name or id of your guacd container. Then use docker exec –it <name|id> /bin/bash to get access to the containers shell where you can issue the same commands. On 4/5/18, 12:12 PM, "Tezarin" <[email protected]> wrote: You mean for the SSH? Yes, same result, it resolved the host and got connected with some SSL errors: GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection. I had another windows host which I was able to connect to just now, so there might be something wrong with this other windows VM (the password is not what I thought it was) Can you please help me with the CentOS one first? :) Thank you On Thursday, April 5, 2018, 1:04:05 PM EDT, Kris Keller <[email protected]> wrote: Yeah, can’t use the wget trick with ssh. What about from within the container? Did you try that? It was hard to tell from your reply. On 4/5/18, 11:26 AM, "Tezarin" <[email protected]> wrote: And here is the output for the CentOS machine: wget -O - https://<centos_fqdn>:22 --2018-04-05 16:22:57-- https://<centos_fqdn>:22/Resolving <centos_fqdn> (<centos_fqdn>)... <IP>Connecting to <centos_fqdn> (<centos_fqdn>)|<IP>|:22... connected.GnuTLS: An unexpected TLS packet was received.Unable to establish SSL connection. Thank you On Thursday, April 5, 2018, 12:17:16 PM EDT, Tezarin <[email protected]> wrote: Thanks much for your reply, here are the outputs: Thanks in advance From inside the dockerhost: $wget -O - https://<windows_fqdn>:3389 --2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--o-5gn/Resolving –o (xn--o-5gn)... failed: Name or service not known.wget: unable to resolve host address ‘xn--o-5gn’--2018-04-05 16:01:03-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- http://xn--7ug/Resolving – (xn--7ug)... failed: Name or service not known.wget: unable to resolve host address ‘xn--7ug’--2018-04-05 16:01:08-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected. ERROR: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.To connect to <windows_fqdn> insecurely, use `--no-check-certificate'. $wget -O - https://<windows_fqdn>:3389 --no-check-certificate --2018-04-05 16:04:49-- (try:12) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: cannot verify <windows_fqdn>'s certificate, issued by ‘/CN=<windows_fqdn>’: Unable to locally verify the issuer's authority.HTTP request sent, awaiting response... No data received.Retrying. ---------------From inside the Guacamole docker congtainer: $wget -O - https://<windows_fqdn>:3389--2018-04-05 16:09:20-- https://<windows_fqdn>:3389/Resolving <windows_fqdn> (<windows_fqdn>)... <IP>Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.ERROR: The certificate of '<windows_fqdn>' is not trusted.ERROR: The certificate of '<windows_fqdn>' hasn't got a known issuer. $wget -O - https://<windows_fqdn>:3389 --no-check-certificate--2018-04-05 16:12:08-- (try: 4) https://<windows_fqdn>:3389/Connecting to <windows_fqdn> (<windows_fqdn>)|<IP>|:3389... connected.WARNING: The certificate of '<windows_fqdn>' is not trusted.WARNING: The certificate of '<windows_fqdn>' hasn't got a known issuer.HTTP request sent, awaiting response... No data received.Retrying. On Thursday, April 5, 2018, 11:53:22 AM EDT, Kris Keller <[email protected]> wrote: Does the “dockerhost (x.x.2.x)” have ssh and rdp access to the two targets you wish to connect to? On the dockerhost can you issue wget –O – https://<windows_fqdn>:3389 ??? if you have connectivity you should see a certificate error where the CN= the hostname you are trying to connect to. If you can’t then you need to fix your network routing. If you can then can you attach to the guacd docker container and run the same command? (you may have to temporarily install wget inside the container) sudo docker exec –it <container name/id> /bin/bash root@lkjljjl> wget –O – https://<windows_fqdn>:3389 that is where I would start. If you prefer other tools over wget, that is fine too. The point being to test that you have network connectivity between the host/container and the target. Use whatever tool you are comfortable with. -Kris On 4/5/18, 10:32 AM, "Tezarin" <[email protected]> wrote: Hi, I sent my complete setup, can someone who has Guacamole working inside the Docker container please reply to my email? Thanks On Wednesday, April 4, 2018, 9:29:42 AM EDT, Tezarin <[email protected]> wrote: Hi, Thank you for your reply. I thought the user-mapping should exist and now I understand it doesn't have to, since you installation doesn't have it. Thanks. Here's my scurrent setup: 1) I have a VM called dockerhost (x.x.2.x) which has docker installed on it. 2) I can access this VM only through our proxy server. 3) To access the Guacamole GUI, I'll have to setup SSH tunnel and forward the port 8080 My local machine's ssh config file for this VM: Host dockerhost HostName x.domain.com ProxyCommand ssh user@proxy-server -W %h:%p LocalForward 8080 127.0.0.1:8080 I will go to 127.0.0.1:8080 and access the GUI. So far so good. I have setup my connections and created a user. But when I try to connet to my two remote hosts (one CentOS and one Windows and on another network VPC) it doesn't connect and I can't seem to figure out why. ---------- My CentOS connection settings: Name: CentOSLocation: ROOTProtocol: SSH NetworkHostname: x.x.88.1Port: 22 And left the rest of the fields blank. ------------ My Windows connection settings: Name: WindowsLocation: ROOTProtocol: RDP NetworkHostname: x.x.88.2Port: 3389Security mode: NLA (I've tried the rest of the options but no luck with those either)Ignore server certificate: Checked And left the rest of the fields blank. ------------ There are three docker containers running, some of the logs for each container are as follows. Docker logs after I attempt to connect to the CentOS machine: guacd[1164]: INFO: User "@8805fb92-7f67-4e6c-974c-92e79953c80f" joined connection "$ba540c22-e6ce-48e3-8256-f160e7c820ea" (1 users now present)guacd[1164]: ERROR: SSH handshake failed. ------------- Docker logs after I attempt to connect to the Windows machine: guacd[1180]: INFO: Security mode: NLAguacd[1180]: INFO: Resize method: noneguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" joined connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" (1 users now present)guacd[1180]: INFO: Loading keymap "base"guacd[1180]: INFO: Loading keymap "en-us-qwerty"guacd[1180]: INFO: Authentication requested but username or password not givenguacd[1180]: ERROR: Error connecting to RDP serverguacd[1180]: INFO: User "@46dbaefd-978e-4a6b-8c0e-4a6b4060288a" disconnected (0 users remain)guacd[1180]: INFO: Last user of connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" disconnectedconnected to x.x.88.2:3389SSL_read: Failure in SSL library (protocol error?)Authentication failure, check credentials.If credentials are valid, the NTLMSSP implementation may be to blame.guacd[1]: INFO: Connection "$079de6dc-145b-4a3d-adcf-8222a718cbf2" removed. Could you please help me figure out what the issue is? Thanks in advance On Wednesday, April 4, 2018, 3:03:10 AM EDT, Mike Jumper <[email protected]> wrote: On Tue, Apr 3, 2018 at 12:24 PM, Tezarin <[email protected]> wrote: > Hi all, > I am new to Guacamole and decided to set that up inside Docker. I followed > a couple of instructions, i.e. https://guacamole.apache. > org/doc/gug/guacamole-docker.html > And > > https://www.cb-net.co.uk/linux/running-guacamole-from- > a-docker-container-on-ubuntu-16-04-lts-16-10/ > > And now have three docker container: guacamole, guacd and mysql. OK. I was able to locate the guacamole.properties file but there is no > user-mapping.xml file. > > Why are you trying to use user-mapping.xml? ... > This is my guacamole.properties > > cat /root/.guacamole/guacamole.properties# guacamole.properties - > generated Mon Apr 2 17:27:20 UTC 2018guacd-hostname: 172.17.0.3guacd-port: > 4822 > #user-mapping: /etc/.guacamole/user-mapping.xmlmysql-hostname: > 172.17.0.2mysql-port: 3306mysql-database: guacamolemysql-username: > guacamolemysql-password: [password] > > Does this mean you have manually edited guacamole.properties after the container started? - Mike
