Re: Using Docker Images with XML Authentication

[ivanmarcus]

Like Sean I've not done anything much with the Docker image - in fact 
I've never used it.


However I did try converting an Ubuntu 20.04 Guacamole VM with MySQL 
auth to use the user-mapping.xml file.


The following seemed to work:


mv /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-1.1.0.jar /home/ 
(moved rather than deleted as I wanted to put it back after this test!)


mv /etc/guacamole/guacamole.properties /home (as above)

nano /etc/guacamole/user-mapping.xml (create the necessary user detail 
in this file etc)


service guacd restart

service tomcat9 restart


After this I was able to log into Guacamole with the user-mapping 
user/pass, and was at the login page for an RDP target I had running. I 
didn't go any further but have no reason to assume it wouldn't work as 
advertised from there.


That said, I'm not totally certain that's all that'd be required, you 
may find something else you need to do. Either way if you do 
successfully modify the image it'd be useful if you posted your 
findings/method back to the list in case anyone else wants to do this, 
thanks.




On 23/05/2020 1:56 p.m., Sean Reid wrote:

Hi Scott,

It doesn't seem like the Docker images support this. I've never tried 
to do this myself with the Docker image, but looking quickly at the 
bin/start.sh 
 
script that starts guacamole when the docker image starts up, it looks 
like you'd need to build a docker image yourself with some changes to 
that script so that it doesn't require database information. There are 
probably some other changes you'd need to make too, but they didn't 
jump out at me as quickly.


Once you've made those changes the start script, you could then either 
build a copy of your user-mappings.xml permanently into your 
custom image, or you could mount the file at "docker run" time with a 
the "-v" option passed to docker.


I hope this at least gives you a little bit of an idea for a path forward,
Sean


On Fri, May 22, 2020 at 12:52 PM Scott Hancock > wrote:


Hi,

I’m trying the Guacamole docker images. To simplify things I’d
like to just use the default XML authentication rather than a
database. Is there a way to configure the docker images to use xml
instead of database for authentication?

Thanks,
Scott
-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org

For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Error while fetching history in Guacamole

[Mike Jumper]

On Thu, May 21, 2020 at 11:25 PM Madhukar Bhosale 
wrote:

> Hi,
>
>
>
> Below are the logs, when I hit search in history and using guacamole 1.1.0
> version.
>
>
>
> 11:51:48.899 [https-openssl-apr-8443-exec-6] ERROR
> o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
>
> ### Error querying database.  Cause:
> com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near
> 'username'.
>
> ### The error may exist in
> org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
>
> ### The error may involve defaultParameterMap
>
> ### The error occurred while setting parameters
>
> ### SQL: SELECT TOP (?)
> [guacamole_connection_history].connection_id,
> [guacamole_connection_history].connection_name,
> [guacamole_connection_history].remote_host,
> [guacamole_connection_history].sharing_profile_id,
> [guacamole_connection_history].sharing_profile_name,
> [guacamole_connection_history].user_id,
> [guacamole_connection_history].username,
> [guacamole_connection_history].start_date,
>   [guacamole_connection_history].end_date FROM
> [guacamole_connection_history]WHERE
> (  [guacamole_connection_history].user_id IN
> ( SELECT user_id FROM
> [guacamole_user] WHERE POSITION(? IN username) >
> 0 )  OR
> [guacamole_connection_history].connection_id IN (
> SELECT connection_id FROM
> [guacamole_connection] WHERE POSITION(? IN
> connection_name) > 0 )
> )  ORDER BY
> [guacamole_connection_history].start_date   DESC
>
> ### Cause: com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect
> syntax near 'username'.
>

This has been fixed for the upcoming release:

https://issues.apache.org/jira/browse/GUACAMOLE-870

- Mike

AW: Soon any guackamole package for debian?

[Joachim Lindenberg]

w.r.t. Ubuntu, you may want to “push” for  
 
https://bugs.launchpad.net/bugs/1873514.

Nevertheless I´d love to see a version of Guacamole that pulls the FreeRDP 
nightly build (and depending on need also other important libs) into a 
container.

Best Regards,

Joachim

 

Von: Robert Hardy  
Gesendet: Donnerstag, 21. Mai 2020 23:32
An: user@guacamole.apache.org
Betreff: Re: Soon any guackamole package for debian?

 

Working with Debian is a nut I've yet to crack. I haven't got further than my 
own PPAs.
I've tried before but it seems a lot more complicated than it needs to be.
When I hear about a year long process to become a Debian developer and the need 
for mentoring I tend to glaze over...
I'll have to try at some point but my time is expensive and I don't have a lot 
of time for games, especially when it's pro bono...

You didn't read my message. The existing packages of freerdp2 inside Ubuntu are 
ancient pre-release development git snapshots from February 2019.
There have been major changes to fix all sorts of problems. There are 2663 
closed issues on github. 
It's hard to map exactly how many came after that snapshot in February 2019 
with the UI in front of me but it's a lot of them.
It also includes fixes to address significant 14 security vulnerabilities.

It is not recommended to run guacamole against an ancient snapshot release like 
that. Frankly it won't work properly and will be insecure.
A lot of things didn't work for me until I recompiled against a specific 
freerdp2 daily from the date of release of the stable release.
It's an ugly work around but it worked for now.

Upgrading from Ubuntu 18.04 to the stable 20.04 release requires a mysql 
database upgrade from 5.7 to 8.0.
Guacamole 1.1.0 stopped working after I upgraded my OS. Not at all surprising 
since Guacamole 1.1.0 was installed completely un-packaged.
Basically it was unable to connect to the upgraded database.

Digging around in the guacamole bug reports, I believe it is because it needs 
some support for a newer database connector that will work with 1.2.0 once it 
is released. Obviously 1.2.0 released isn't yet available so I'm stuck in a 
holding pattern in terms of being able to upgrade.

- Rob

On 2020-05-21 3:40 p.m., Mike Jumper wrote:

On Thu, May 21, 2020 at 12:30 PM Robert Hardy mailto:rha...@webcon.ca> > wrote:

Currently the extreme lack of packaging for both guacamole and freerdp2 is 
really holding use of both project back.

 

If you would like to work with Debian to produce packages of Guacamole, I'm 
sure they would welcome the assistance.

 

Currently there seem to be two blocking issues:
1. Due to database changes, 1.2.0 of guacamole is needed in order to be able to 
upgrade to the current stable of release of 20.04 Ubuntu. That isn't available.

 

What database changes are you referring to?

 

2. The build dependency of freerdp2 release is not available.

 

Isn't it? https://packages.ubuntu.com/focal/freerdp2-dev

 

- Mike

 

 

RE: Duo LOGIN.INFO_DUO_VALIDATION_CODE_INCORRECT

[Dino Edwards]

  *   I think this may just be incorrect logging of an error. Additional 
logging was introduced recently which was intended to point out when an 
internal error blocks authentication, but an invalid Duo code is not an 
internal error and doesn't block auth from working.


  *   Except for this error appearing in the logs, do things work as expected?


  *   - Mike

Actually no. The I never get the Duo prompt. I get the following message with a 
Continue button:

LOGIN.INFO_DUO_AUTH_REQUIRED

Once I click the Continue button, I get logged in to Guacamole.

RE: Error while fetching history in Guacamole

[Madhukar Bhosale]

Hi,

Below are the logs, when I hit search in history and using guacamole 1.1.0 
version.

11:51:48.899 [https-openssl-apr-8443-exec-6] ERROR 
o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
### Error querying database.  Cause: 
com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near 
'username'.
### The error may exist in 
org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
### The error may involve defaultParameterMap
### The error occurred while setting parameters
### SQL: SELECT TOP (?) 
[guacamole_connection_history].connection_id, 
[guacamole_connection_history].connection_name, 
[guacamole_connection_history].remote_host, 
[guacamole_connection_history].sharing_profile_id, 
[guacamole_connection_history].sharing_profile_name, 
[guacamole_connection_history].user_id, 
[guacamole_connection_history].username, 
[guacamole_connection_history].start_date, 
[guacamole_connection_history].end_date FROM 
[guacamole_connection_history]WHERE(
  [guacamole_connection_history].user_id IN ( 
SELECT user_id FROM [guacamole_user] 
WHERE POSITION(? IN username) > 0 )  OR 
[guacamole_connection_history].connection_id IN ( SELECT 
connection_id FROM [guacamole_connection]   
  WHERE POSITION(? IN connection_name) > 0 )
 )  ORDER BY
 [guacamole_connection_history].start_date   DESC
### Cause: com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax 
near 'username'.

Regards
Madhukar

From: Mike Jumper
Sent: Friday, May 22, 2020 10:39 AM
To: user@guacamole.apache.org
Subject: Re: Error while fetching history in Guacamole

On Thu, May 21, 2020, 22:07 Madhukar Bhosale  wrote:
Hi,
While fetching history, I am getting below error. Need help.

What version of Guacamole?

What do you see in your Tomcat logs when this occurs?

- Mike

Re: Hardware Acceleration Support

[Tim Worcester]

Thanks guys!  I will start diving into code for this.  Just wanted to make
sure I wasn't missing some magic configuration option ;)

On Thu, May 21, 2020 at 4:59 PM Sean Reid  wrote:

> Mike,
>
> I think we'd have to coordinate a little bit to get there. I have it
> for guacenc, but I'm familiar enough with libavcodec and libavformat
> at this point from the PRs I have worked that I think I could
> reasonably work on a POC to get it working in guacd.
>
> In addition, I've spent some minor effort trying to produce valid
> HTTP-DASH representations of videos so that it can be easily streamed
> to a front end for playback using a simple  tag.
>
> As far as legality, I'm obviously no lawyer, but if it helps, I tend
> to favor libx264 which is GPL (and we'd be linking against it rather
> than statically compiling it in). However, I'm pretty sure H.264 is
> patent-encumbered, so I have no idea how that works when the code is
> GPL'd. And I've played with VP8 support too, so there might be an
> avenue to move forward there if necessary.
>
>
> Sean
>
> On Thu, May 21, 2020 at 4:49 PM Mike Jumper  wrote:
> >
> > On Thu, May 21, 2020 at 1:39 PM Sean Reid  wrote:
> >>
> >> On Thu, May 21, 2020 at 4:24 PM sciUser 
> wrote:
> >> >
> >> > As long as you have a GPU assigned to the VM it will handle the
> rendering,
> >> > Guacamole is just the broker for the RDP protocol.
> >>
> >> The pixels that come from RDP or VNC may be compressed in some way,
> >> but before guacd sends them out to the client, it still has to unpack
> >> them and convert them to png, jpeg, webp (if it was compiled to
> >> include webp) in the guacamole protocol. With this in mind, I'd be
> >> interested in seeing guacd could scale better than it already does
> >> with GPU-based image encoding. It's possible we could see more
> >> connection to unique displays with GPU encoding.
> >>
> >> In addition, guecenc is an area I've toyed with adding GPU support to
> >> personally since I've spent a lot of time adding H.264 support to
> >> guacenc and modern GPUs almost certainly have H.264 hardware encoding
> >> support. The issue I ran into was one of user interface: requiring a
> >> user to know their set up well-enough to tell guacenc to use the nvenc
> >> encoder seemed like a bad UI choice to me, and I had no good ideas for
> >> how to automatically detect that support and use it. So I didn't push
> >> it too much further. But if you have ideas, I'd love to see optional
> >> GPU encoding support there!
> >
> >
> > If you have something (or can have something) which could produce an
> H.264 stream within guacd, I have some working POC code which decodes H.264
> streams received within the Guacamole client (streams sent via the "video"
> instruction and subsequent blobs). The code leverages the "Broadway" H.264
> decoder.
> >
> > I think we'd need legal confirmation that including such a decoder and
> encoder is OK, but overall definitely worth doing. It sounds like we may be
> closer to having this than I thought.
> >
> > - Mike
> >
>
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

Tomcat Remote IP Valve

[Alexander Brayninger]

Hello,

I have just setup Guacamole in the vSphere Integrated Containers environment 
(docker-compatible system by VMware) and it work perfectly! Thank you for so 
amazing software!

I want to see real user IPs in Guacamole and I already setup an Nginx proxy for 
IP forwarding. As I understood from the docs, I also have to change the Tomcat 
config file to complete the configuration and finally see real IPs. What is the 
recommended way to change the Tomcat config in docker environment? Should I 
create another volume and mount it to the conf folder? Actually, would be much 
better to be able to enable IP forwarding through the environment variables or 
guacamole.properties and decrease the number of volumes I have to have in a 
Guacamole deployment.

Thank you in advance!


Best Regards,
Alexander Brayninger
System Administrator
---
Topcon Positioning Systems, LLC
115114, Moscow
Derbenevskaya nab. 7/22
Phone: +7 (495) 935-7890, ex.1008
Fax: +7 (495) 935-7854
Mobile: +7 (903) 741-8657

Confidentiality Notice: This message (including attachments) is a private 
communication solely for use of the intended recipient(s). If you are not the 
intended recipient(s) or believe you received this message in error, notify the 
sender immediately and then delete this message. Any other use, retention, 
dissemination or copying is prohibited and may be a violation of law, including 
the Electronic Communication Privacy Act of 1986.   

Re: Using Docker Images with XML Authentication

[Sean Reid]

Hi Scott,

It doesn't seem like the Docker images support this. I've never tried to do
this myself with the Docker image, but looking quickly at the bin/start.sh

script that starts guacamole when the docker image starts up, it looks like
you'd need to build a docker image yourself with some changes to that
script so that it doesn't require database information. There are probably
some other changes you'd need to make too, but they didn't jump out at me
as quickly.

Once you've made those changes the start script, you could then either
build a copy of your user-mappings.xml permanently into your custom image,
or you could mount the file at "docker run" time with a the "-v" option
passed to docker.

I hope this at least gives you a little bit of an idea for a path forward,
Sean


On Fri, May 22, 2020 at 12:52 PM Scott Hancock  wrote:

> Hi,
>
> I’m trying the Guacamole docker images. To simplify things I’d like to
> just use the default XML authentication rather than a database. Is there a
> way to configure the docker images to use xml instead of database for
> authentication?
>
> Thanks,
> Scott
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

Using Docker Images with XML Authentication

[Scott Hancock]

Hi,

I’m trying the Guacamole docker images. To simplify things I’d like to just use 
the default XML authentication rather than a database. Is there a way to 
configure the docker images to use xml instead of database for authentication?

Thanks,
Scott
-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org