Re: Aw: Re: 1.5.4 - The connection has been closed because the server is taking too long to respond.

[Jimmy]

Hi Michael,

When the guacd fails the connection to a sftp server, the guacd stops the 
connection to the RDP server.
The "SSH handshake failed." error message shows that the guacd failed the the 
connection to a sftp server configured by you.
As you can see the following code, you can know what I mean:
https://github.com/apache/guacamole-server/blob/master/src/common-ssh/ssh.c#L522-L528

https://github.com/apache/guacamole-server/blob/master/src/protocols/rdp/rdp.c#L775-L785

Best regards,
Jimmy

On Wednesday, January 17th, 2024 at 10:23 PM, michael böhm 
 wrote:

> Hi Jimmy,
>
> it cannot be a general configuration issue at the ssh / sftp server as it 
> works about 60 times in guacd daemon's lifetime. After restarting guacd 
> container it works for another about 60 times until it stops working again.
>
> Other users have the problem with 1.5.4 as well but I'm not aware of a 
> solution yet.
>
> Is there anything else I can provide to help troubleshoot the problem?
>
> Thanks and best wishes
>
> Michael
> Gesendet: Dienstag, 16. Januar 2024 um 20:38 Uhr
> Von: "Jimmy" 
> An: user@guacamole.apache.org
> Betreff: Re: Aw: 1.5.4 - The connection has been closed because the server is 
> taking too long to respond.
> Hello michael böhm,
> From the guacd's log, it seems that your sftp configuration has a problem.
>
> ```
> guacd | guacd[47140]: INFO: No security mode specified. Defaulting to 
> security mode negotiation with server.
> guacd | guacd[47140]: INFO: Resize method: display-update
> guacd | guacd[47140]: INFO: No clipboard line-ending normalization specified. 
> Defaulting to preserving the format of all line endings.
> guacd | guacd[47140]: INFO: User "@0fbf93c3-a8f2-4612-9212-56ec2772e71b" 
> joined connection "$8ceea3c6-da39-4690-9b21-73e5375122ec" (1 users now 
> present)
> guacd | guacd[47140]: ERROR: SSH handshake failed.
> guacd | guacd[1]: INFO: Connection "$8ceea3c6-da39-4690-9b21-73e5375122ec" 
> removed.
> ```
>
> The above highlighted log message shows that the guacd is unable to connect 
> the sftp server configured by you.
> If the sftp connection fails, you can't connect to the RDP server.
>
> So, please check the sftp configuration and the sftp server.
>
> Best regards,
> Jimmy
>
> On Thursday, January 11th, 2024 at 1:13 AM, michael böhm 
>  wrote:
>
>> Hello everyone,
>>
>> some info about the system in case it helps:
>>
>> root@nguac3:~# hostnamectl
>> Static hostname: nguac3
>> Icon name: computer-vm
>> Chassis: vm
>> Machine ID: 916d16333d104ef693511097facf33ca
>> Boot ID: c2c0feca91334509ad999e5b849b2a69
>> Virtualization: xen
>> Operating System: Ubuntu 22.04.3 LTS
>> Kernel: Linux 5.15.0-91-generic
>> Architecture: x86-64
>> Hardware Vendor: Xen
>> Hardware Model: HVM domU
>>
>> root@nguac3:~# docker --version
>> Docker version 24.0.7, build afdd53b
>>
>> root@nguac3:~# docker exec guacd /opt/guacamole/sbin/guacd -v
>> Guacamole proxy daemon (guacd) version 1.5.4
>>
>> root@nguac3:~# docker inspect guacd
>> [
>> {
>> "Id": "5ceb278b2846958f626ee03ff34bd638c2532d6d29ddd29a323c09e9e9ac9054",
>> "Created": "2023-12-21T14:07:35.028804323Z",
>> "Path": "/bin/sh",
>> "Args": [
>> "-c",
>> "/opt/guacamole/sbin/guacd -b 0.0.0.0 -L $GUACD_LOG_LEVEL -f"
>> ],
>> "State": {
>> "Status": "running",
>> "Running": true,
>> "Paused": false,
>> "Restarting": false,
>> "OOMKilled": false,
>> "Dead": false,
>> "Pid": 609404,
>> "ExitCode": 0,
>> "Error": "",
>> "StartedAt": "2024-01-11T08:53:25.71992483Z",
>> "FinishedAt": "2024-01-11T08:53:24.232531017Z",
>> "Health": {
>> "Status": "starting",
>> "FailingStreak": 0,
>> "Log": [
>> {
>> "Start": "2024-01-11T09:32:31.39633778+01:00",
>> "End": "2024-01-11T09:32:31.45900887+01:00",
>> "ExitCode": 0,
>> "Output": ""
>> },
>> {
>> "Start": "2024-01-11T09:37:31.465054013+01:00",
>> "End": "2024-01-11T09:37:31.533937216+01:00",
>> "ExitCode": 0,
>> "Output": ""
>> },
>> {
>> "Start": "2024-01-11T09:42:31.547868328+01:00",
>> "End": "2024-01-11T09:42:31.612246246+01:00",
>> "ExitCode": 0,
>> "Output": ""
>> },
>> {
>> "Start": "2024-01-11T09:47:31.636506015+01:00",
>> "End": "2024-01-11T09:47:31.704388969+01:00",
>> "ExitCode": 0,
>> "Output": ""
>> },
>> {
>> "Start": "2024-01-11T09:52:31.736864224+01:00",
>> "End": "2024-01-11T09:52:31.804027504+01:00",
>> "ExitCode": 0,
>> "Output": ""
>> }
>> ]
>> }
>> },
>> "Image": 
>> "sha256:de48d9e3ee9d40db46fbfd1675ae624331d682fa1ed28f450e2da93c71c792aa",
>> "ResolvConfPath": 
>> "/var/lib/docker/containers/5ceb278b2846958f626ee03ff34bd638c2532d6d29ddd29a323c09e9e9ac9054/resolv.conf",
>> "HostnamePath": 
>> "/var/lib/docker/containers/5ceb278b2846958f626ee03ff34bd638c2532d6d29ddd29a323c09e9e9ac9054/hostname",
>> "HostsPath": 
>> "/var/lib/docker/containers/5ceb278b2846958f626ee03ff34bd638c2532d6d29ddd29a323c09e9e9ac9054/hosts",
>> "LogPath": "",
>> "Name": "/guacd",
>> "RestartCount": 0,
>> "Driver": "overlay2",
>> "Platform": "linux",
>> "MountLabel": "",
>> "ProcessLabel": "",
>> "AppArmorProfile": 

Aw: Re: 1.5.4 - The connection has been closed because the server is taking too long to respond.

[michael böhm]

Hi Jimmy,

 

it cannot be a general configuration issue at the ssh / sftp server as it works about 60 times in guacd daemon's lifetime. After restarting guacd container it works for another about 60 times until it stops working again.

 

Other users have the problem with 1.5.4 as well but I'm not aware of a solution yet.

 

Is there anything else I can provide to help troubleshoot the problem?

 

Thanks and best wishes

 

Michael

 
 

Gesendet: Dienstag, 16. Januar 2024 um 20:38 Uhr
Von: "Jimmy" 
An: user@guacamole.apache.org
Betreff: Re: Aw: 1.5.4 - The connection has been closed because the server is taking too long to respond.


Hello michael böhm,

From the guacd's log, it seems that your sftp configuration has a problem.

 

```

guacd            | guacd[47140]: INFO:    No security mode specified. Defaulting to security mode negotiation with server.
guacd            | guacd[47140]: INFO:    Resize method: display-update
guacd            | guacd[47140]: INFO:    No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
guacd            | guacd[47140]: INFO:    User "@0fbf93c3-a8f2-4612-9212-56ec2772e71b" joined connection "$8ceea3c6-da39-4690-9b21-73e5375122ec" (1 users now present)

guacd            | guacd[47140]: ERROR:    SSH handshake failed.
guacd            | guacd[1]: INFO:    Connection "$8ceea3c6-da39-4690-9b21-73e5375122ec" removed.

```

 

The above highlighted log message shows that the guacd is unable to connect the sftp server configured by you.

If the sftp connection fails, you can't connect to the RDP server.

 

So, please check the sftp configuration and the sftp server.

 



Best regards,

Jimmy



 

On Thursday, January 11th, 2024 at 1:13 AM, michael böhm  wrote:
 


Hello everyone,

 

some info about the system in case it helps:

 


root@nguac3:~# hostnamectl
 Static hostname: nguac3
       Icon name: computer-vm
         Chassis: vm
      Machine ID: 916d16333d104ef693511097facf33ca
         Boot ID: c2c0feca91334509ad999e5b849b2a69
  Virtualization: xen
Operating System: Ubuntu 22.04.3 LTS              
          Kernel: Linux 5.15.0-91-generic
    Architecture: x86-64
 Hardware Vendor: Xen
  Hardware Model: HVM domU


root@nguac3:~# docker --version
Docker version 24.0.7, build afdd53b

 

root@nguac3:~# docker exec guacd /opt/guacamole/sbin/guacd -v
Guacamole proxy daemon (guacd) version 1.5.4

 

root@nguac3:~# docker inspect guacd
[
    {
        "Id": "5ceb278b2846958f626ee03ff34bd638c2532d6d29ddd29a323c09e9e9ac9054",
        "Created": "2023-12-21T14:07:35.028804323Z",
        "Path": "/bin/sh",
        "Args": [
            "-c",
            "/opt/guacamole/sbin/guacd -b 0.0.0.0 -L $GUACD_LOG_LEVEL -f"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 609404,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2024-01-11T08:53:25.71992483Z",
            "FinishedAt": "2024-01-11T08:53:24.232531017Z",
            "Health": {
                "Status": "starting",
                "FailingStreak": 0,
                "Log": [
                    {
                        "Start": "2024-01-11T09:32:31.39633778+01:00",
                        "End": "2024-01-11T09:32:31.45900887+01:00",
                        "ExitCode": 0,
                        "Output": ""
                    },
                    {
                        "Start": "2024-01-11T09:37:31.465054013+01:00",
                        "End": "2024-01-11T09:37:31.533937216+01:00",
                        "ExitCode": 0,
                        "Output": ""
                    },
                    {
                        "Start": "2024-01-11T09:42:31.547868328+01:00",
                        "End": "2024-01-11T09:42:31.612246246+01:00",
                        "ExitCode": 0,
                        "Output": ""
                    },
                    {
                        "Start": "2024-01-11T09:47:31.636506015+01:00",
                        "End": "2024-01-11T09:47:31.704388969+01:00",
                        "ExitCode": 0,
                        "Output": ""
                    },
                    {
                        "Start": "2024-01-11T09:52:31.736864224+01:00",
                        "End": "2024-01-11T09:52:31.804027504+01:00",
                        "ExitCode": 0,
                        "Output": ""
                    }
                ]
            }
        },
        "Image": "sha256:de48d9e3ee9d40db46fbfd1675ae624331d682fa1ed28f450e2da93c71c792aa",
        "ResolvConfPath": "/var/lib/docker/containers/5ceb278b2846958f626ee03ff34bd638c2532d6d29ddd29a323c09e9e9ac9054/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/5ceb278b2846958f626ee03ff34bd638c2532d6d29ddd29a323c09e9e9ac9054/hostname",
        

Token Management

[anoop yadav]

I am trying to build a Web app where users can create multiple Ubuntu
instances and use them through my web app. The domain for my web app is
example-app.com which is written in reactjs. I have hosted guacamole
clients on separate subdomains lab.example-app.com.

In the reactjs app, I am using the Iframe (Not sure if there is any other
way) to show lab.example-app.com (guacamole client app), since I don't want
the user to do another login on the guacamole app. I am planning to use a
token. My current logic is as follows:

1. When the user creates an account (the backend is in Django-python) I
make a rest API request to create an account, get a token from guacamole
and save it to the web app database.
2. When the user creates an Ubuntu instance, using the rest API I create a
connection and associate the user with it. I save a URL like
lab.example-app.com/guacamole/#/client/?token=


Everything works fine, the user can access multiple connections but since
the token has a lifetime, and after that time the URL is not working.


How do I manage the token so that it doesn't expire?

Re: Guacamole server disconnect after 30 sec

[anoop yadav]

Hi Daniel,

You are right I changed the timeout for the load balancer to 2147483645
(INT MAX - by default it was 30 sec), and now the issue is fixed, but I
still don't understand why this timeout on the load balancer was causing
the issue.

Thanks

On Thu, Jan 18, 2024 at 1:11 AM Daniel Carroll <
apacheguacamole0...@defiant.coloradomesa.edu> wrote:

> Hi Anoop,
>
> Notice the following log line:
> [http-nio-8080-exec-17] INFO  o.a.g.r.auth.AuthenticationService - User
> \"master_admin\" successfully authenticated from [122.x.x.x, 34.x.x.x,
> 35.x.x.x].",
>
> Multiple IPs are listed.  That means that this connection is being
> proxied, twice.
> The odds are high that one of these proxies is terminating the connection
> after 30 seconds, and that's the source of this issue.
> One or both proxies will need to be reconfigured to support very long
> timeouts.
> Regards,
>
> - Daniel
>
> -Original Message-
> From: anoop yadav
> Sent: Wed Jan 17 2024 12:32:38 MST
> Subject: Guacamole server disconnect after 30 sec
>
> I am running guacamole/guacd:1.5.4 and guacamole/guacamole:1.5.4 on Google
> Kubernetes, but I am facing an issue I can connect to the RDP connection
> for just 30 seconds after that it shows a notification *"The Guacamole
> server is not currently reachable. Please check your network and try
> again."* When I click on reconnect it works again but just for 30 sec,
> during this 30-second connection works perfectly. Terminal, and File
> Explorer all are working but this message keeps on coming every 30 sec.
>
> guacamole-client is running with nodeport and ingress and guacamole-server
> is running with service.
>
> Logs from Client
>
> [http-nio-8080-exec-17] INFO  o.a.g.r.auth.AuthenticationService -
> User \"master_admin\" successfully authenticated from [122.x.x.x,
> 34.x.x.x, 35.x.x.x].",
>
> [http-nio-8080-exec-15] INFO  o.a.g.tunnel.TunnelRequestService - User
> \"master_admin\" connected to connection \"3\"."
>
> [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User
> \"master_admin\" disconnected from connection \"3\". Duration: 29667
> milliseconds",
>
> [ ... ]
>
> How can I resolve this issue?
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

Re: Upgrade from 1.2 to 1.4 or 1.5 Scrolling content is overwriting itself

[Allen Chen]

Hi Nick,

Thank you for the quick reply. After I changed git:// to https:// then I 
can clone the source.


It probably needs an update on this page: 
https://guacamole.apache.org/doc/gug/installing-guacamole.html#obtaining-the-source-code 
to correct the link.


Allen

On 1/17/2024 6:01 PM, Nick Couchman wrote:



On Wed, Jan 17, 2024 at 5:54 PM Allen Chen 
 wrote:


Hi there,

I try to figure it out between 1.3 and 1.4 by cloning the guacamole
client, but the command failed:

# git clone git://github.com/apache/guacamole-client.git


Initialized empty Git repository in /squid/z/guacamole-client/.git/
github.com [0: 140.82.113.3]: errno=Connection
timed out
fatal: unable to connect a socket (Connection timed out)

Any idea?


I don't think git:// is a valid URL prefix - I think you can either 
use SSH URLs (g...@github.com/apache/guacamole-client.git 
) or HTTPS URLs 
(https://github.com/apache/guacamole-client).


-Nick

Re: Upgrade from 1.2 to 1.4 or 1.5 Scrolling content is overwriting itself

[Nick Couchman]

On Wed, Jan 17, 2024 at 5:54 PM Allen Chen 
wrote:

> Hi there,
>
> I try to figure it out between 1.3 and 1.4 by cloning the guacamole
> client, but the command failed:
>
> # git clone git://github.com/apache/guacamole-client.git
>
> Initialized empty Git repository in /squid/z/guacamole-client/.git/
> github.com[0: 140.82.113.3]: errno=Connection timed out
> fatal: unable to connect a socket (Connection timed out)
>
> Any idea?
>

I don't think git:// is a valid URL prefix - I think you can either use SSH
URLs (g...@github.com/apache/guacamole-client.git) or HTTPS URLs (
https://github.com/apache/guacamole-client).

-Nick

Re: Upgrade from 1.2 to 1.4 or 1.5 Scrolling content is overwriting itself

[Allen Chen]

Hi there,

I try to figure it out between 1.3 and 1.4 by cloning the guacamole 
client, but the command failed:


# git clone git://github.com/apache/guacamole-client.git

Initialized empty Git repository in /squid/z/guacamole-client/.git/
github.com[0: 140.82.113.3]: errno=Connection timed out
fatal: unable to connect a socket (Connection timed out)

Any idea?

Allen

On 11/6/2023 5:09 PM, Michael Jumper wrote:

On 11/6/2023 1:56 PM, Allen Chen wrote:

Hi there,

After I upgraded guacamole from 1.2 to 1.5.3, scrolling content is 
overwriting itself in RDP session. I googled and found a similar 
issue 
https://www.reddit.com/r/archlinux/comments/ajac8i/scrolling_terminal_content_is_overwriting_itself/.


Server environments: CentOS 7.7, tomcat 8, jdk-13 and Apache proxy as 
the front end with SSL configured to redirect https to guacamole port 
8080


Test 1: downgrade guacamole client to 1.3 and keep guacd on 1.5.3, 
scrolling content is working properly both via Apache proxy and 
direct access on port 8080;


Test 2: downgrade guacamole client to 1.4 and keep guacd on 1.5.3, 
scrolling content is not working properly via Apache proxy, but 
working properly via direct access on port 8080;


So the problem is on version 1.4 and 1.5.3 via Apache proxy.

To confirm this, I build a new machine with CentOS Stream release 8, 
tomcat 9 and jdk-20, I get exactly the same results listed in Test 1 
and Test 2.


I took a screenshot:

Does anybody know what is the issue?


The presence/absence of a proxy has no bearing on the graphical 
content of a connection. The only case where a proxy might affect only 
the handling of graphical content would be if that proxy adds HTTP 
headers that instruct the browser to disallow such content from being 
decoded ("Content-Security-Policy").


I don't think the above is likely. There would be errors/warnings in 
your browser's console if that's the case, and it would probably 
result in the connection rendering absolutely nothing. From your 
screenshots, things are definitely being rendered.


This looks more like a bug in the remote desktop server hosting the 
session (ie: incorrect graphical updates are being sent). I think the 
correlations that you're seeing between proxy vs. no proxy, various 
releases of Guacamole itself, different versions of Tomcat or the JDK, 
etc. are more likely coincidences.


If you can narrow things to purely one version of guacd that works and 
another that doesn't, changing absolutely nothing else in the stack 
whatsoever, then that could indicate a problem in the handling of 
graphical updates or a bug in one of the lower-level libraries that we 
consume. I don't think this is likely either, though, as it would have 
been loudly noticed by others by now:


https://guacamole.apache.org/faq/#probably-not-a-bug

If you *can* narrow things to a known-good release and a known-bad 
release, then a git bisect should reveal the nature of the issue.


- Mike

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org



-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Guacamole server disconnect after 30 sec

[Daniel Carroll]

Hi Anoop,

Notice the following log line:
[http-nio-8080-exec-17] INFO  o.a.g.r.auth.AuthenticationService - User 
\"master_admin\" successfully authenticated from [122.x.x.x, 34.x.x.x, 
35.x.x.x].",

Multiple IPs are listed.  That means that this connection is being proxied, 
twice.
The odds are high that one of these proxies is terminating the connection after 
30 seconds, and that's the source of this issue.
One or both proxies will need to be reconfigured to support very long timeouts.
Regards,

- Daniel

-Original Message-
From: anoop yadav
Sent: Wed Jan 17 2024 12:32:38 MST
Subject: Guacamole server disconnect after 30 sec

I am running guacamole/guacd:1.5.4 and guacamole/guacamole:1.5.4 on Google
Kubernetes, but I am facing an issue I can connect to the RDP connection
for just 30 seconds after that it shows a notification *"The Guacamole
server is not currently reachable. Please check your network and try
again."* When I click on reconnect it works again but just for 30 sec,
during this 30-second connection works perfectly. Terminal, and File
Explorer all are working but this message keeps on coming every 30 sec.

guacamole-client is running with nodeport and ingress and guacamole-server
is running with service.

Logs from Client

[http-nio-8080-exec-17] INFO  o.a.g.r.auth.AuthenticationService -
User \"master_admin\" successfully authenticated from [122.x.x.x,
34.x.x.x, 35.x.x.x].",

[http-nio-8080-exec-15] INFO  o.a.g.tunnel.TunnelRequestService - User
\"master_admin\" connected to connection \"3\"."

[http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User
\"master_admin\" disconnected from connection \"3\". Duration: 29667
milliseconds",

[ ... ]

How can I resolve this issue?


-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Guacamole server disconnect after 30 sec

[anoop yadav]

I am running guacamole/guacd:1.5.4 and guacamole/guacamole:1.5.4 on Google
Kubernetes, but I am facing an issue I can connect to the RDP connection
for just 30 seconds after that it shows a notification *"The Guacamole
server is not currently reachable. Please check your network and try
again."* When I click on reconnect it works again but just for 30 sec,
during this 30-second connection works perfectly. Terminal, and File
Explorer all are working but this message keeps on coming every 30 sec.

guacamole-client is running with nodeport and ingress and guacamole-server
is running with service.

Logs from Client

[http-nio-8080-exec-17] INFO  o.a.g.r.auth.AuthenticationService -
User \"master_admin\" successfully authenticated from [122.x.x.x,
34.x.x.x, 35.x.x.x].",

[http-nio-8080-exec-15] INFO  o.a.g.tunnel.TunnelRequestService - User
\"master_admin\" connected to connection \"3\"."

[http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User
\"master_admin\" disconnected from connection \"3\". Duration: 29667
milliseconds",


Logs from server:

guacd[1]: INFO:\tCreating new client for protocol \"rdp\"

guacd[1]: INFO:\tConnection ID is \"$e7fecdf7-1d1d-45db-9eda-\"

guacd[64]: INFO:\tNo security mode specified. Defaulting to security
mode negotiation with server.

guacd[64]: INFO:\tResize method: none

guacd[64]: INFO:\tNo clipboard line-ending normalization specified.
Defaulting to preserving the format of all line endings.

guacd[64]: INFO:\tUser \"@fecdc4a0-1651-4e8e-abf7-\" joined
connection \"$e7fecdf7-1d1d-45db-9eda-\" (1 users now present)

guacd[64]: INFO:\tLoading keymap \"base\"

guacd[64]: INFO:\tLoading keymap \"en-us-qwerty\"

guacd[64]: ERROR:\tUser is not responding.

guacd[64]: INFO:\tUser \"@fecdc4a0-1651-4e8e-abf7-xxx\" disconnected
(0 users remain)

guacd[64]: INFO:\tLast user of connection
\"$e7fecdf7-1d1d-45db-9eda-xxx\" disconnected

guacd[1]: INFO:\tConnection \"$e7fecdf7-1d1d-45db-9eda-xxx\" removed.


How can I resolve this issue?

RE: Issue logging in locally as guacadmin on new install

[Devine, Harry (FAA)]

I have guacamole-auth-jdbc-mysql-1.5.4.jar and guacamole-auth-ldap-1.5.4.jar 
under /etc/guacamole/extensions, and mysql-connector-j-8.2.0.jar under 
/etc/guacamole/lib.  Is this not the correct locations?

Thanks,
Harry

From: Nick Couchman 
Sent: Wednesday, January 17, 2024 11:26 AM
To: user@guacamole.apache.org
Subject: Re: Issue logging in locally as guacadmin on new install

On Wed, Jan 17, 2024 at 10:23 AM Vincent Sherwood 
mailto:vince...@itsolutions.ie.invalid>> wrote:
We have  mysql-connector-j-8.0.32.jar  on our system and it works great with 
MariaDB 10.5.22

Note: we didn't install from an RPM but rather just downloaded and copied the 
jar file directly into /etc/guacamole/lib/ - perhaps guacamole is not finding 
the jar file where the RPM installs it.

Yeah, depending on where the RPM drops the library, and how Tomcat has been 
installed, the MySQL JDBC driver may not be found by default. Linking it in 
/etc/guacamole/lib is definitely the best way to make sure Guacamole can find 
it.

-Nick

Re: Issue logging in locally as guacadmin on new install

[Nick Couchman]

On Wed, Jan 17, 2024 at 10:23 AM Vincent Sherwood
 wrote:

> We have  mysql-connector-j-8.0.32.jar  on our system and it works great
> with MariaDB 10.5.22
>
> Note: we didn't install from an RPM but rather just downloaded and copied
> the jar file directly into /etc/guacamole/lib/ - perhaps guacamole is not
> finding the jar file where the RPM installs it.
>

Yeah, depending on where the RPM drops the library, and how Tomcat has been
installed, the MySQL JDBC driver may not be found by default. Linking it in
/etc/guacamole/lib is definitely the best way to make sure Guacamole can
find it.

-Nick

>

Re: Issue logging in locally as guacadmin on new install

[Vincent Sherwood]

We have  mysql-connector-j-8.0.32.jar  on our system and it works great with 
MariaDB 10.5.22

Note: we didn't install from an RPM but rather just downloaded and copied the 
jar file directly into /etc/guacamole/lib/ - perhaps guacamole is not finding 
the jar file where the RPM installs it.


From: Devine, Harry (FAA) 
Sent: Wednesday 17 January 2024 15:06
To: user@guacamole.apache.org 
Subject: RE: Issue logging in locally as guacadmin on new install


Any thoughts on this?  I still can’t log in with guacadmin, but can log in with 
an LDAP user.  I’ll need the local guacadmin user to be able to log in moving 
forward, and whatever the solution turns out to be for this, I’ll need to 
update my Ansible role so future Guacamole installations behave as intended.



Thanks,

Harry



From: Devine, Harry (FAA) 
Sent: Thursday, January 11, 2024 3:20 PM
To: user@guacamole.apache.org
Subject: RE: Issue logging in locally as guacadmin on new install



I do have the “mysql-connector-j-8.0.33-1.el8.noarch.rpm” file as part of my 
Ansible role, and that gets installed as part of the playbook execution.  Could 
it be that this is not the correct connector for MariaDB on RHEL 8?



Thanks,

Harry



From: Devine, Harry (FAA) 
mailto:harry.dev...@faa.gov.INVALID>>
Sent: Thursday, January 11, 2024 3:14 PM
To: user@guacamole.apache.org
Subject: Issue logging in locally as guacadmin on new install



I have a playbook that installs Guacamole for me.  I’ve been refining it for a 
few days and it’s finally just-about working, but the last thing left to get 
working is to log in as the local guacadmin user.  I have the JDBC and LDAP jar 
files installed under /usr/share/tomcat/.guacamole/extensions, and the LDAP 
file loads, but the JDBC will not:



Jan 11 15:05:05 guac-test server[242104]: 15:05:05.785 [main] INFO  
o.a.g.extension.ExtensionModule -  - [mysql] "MySQL Authentication" 
(/usr/share/tomcat/.guacamole/extensions/guacamole-auth-jdbc-mysql-1.5.4.jar)

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.785 [main] INFO  
o.a.g.extension.ExtensionModule -  - [ldap] "LDAP Authentication" 
(/usr/share/tomcat/.guacamole/extensions/guacamole-auth-ldap-1.5.4.jar)

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.785 [main] INFO  
o.a.g.extension.ExtensionModule -  - [tsose] "Guac-Test" 
(/usr/share/tomcat/.guacamole/extensions/tsose.jar)

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.785 [main] INFO  
o.a.g.extension.ExtensionModule - To change this order, set the 
"extension-priority" property or rename the extension files. The default 
priority of extensions is dictated by the sort order of their filenames.

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.797 [main] ERROR 
o.a.g.extension.ProviderFactory - authentication provider extension failed to 
start: No JDBC driver for MySQL/MariaDB is installed.

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.798 [main] ERROR 
o.a.g.extension.ProviderFactory - authentication provider extension failed to 
start: No JDBC driver for MySQL/MariaDB is installed.

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.834 [main] INFO  
o.a.g.extension.ExtensionModule - Extension "MySQL Authentication" (mysql) 
loaded.

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.968 [main] WARN  
o.a.g.e.LanguageResourceService - Overlay language resource "de" does not exist.

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.970 [main] INFO  
o.a.g.extension.ExtensionModule - Extension "LDAP Authentication" (ldap) loaded.

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.990 [main] INFO  
o.a.g.extension.ExtensionModule - Extension "Guac-Test" (tsose) loaded.



When I attempt to log in as guacadmin then as an LDAP user, the LDAP user works 
but not guacadmin (I redacted the LDAP server name and internal IPs):



Jan 11 15:06:53 guac-test server[242104]: 15:06:53.904 [http-nio-8080-exec-3] 
WARN  o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored 
because the relevant authentication provider could not be loaded. Please check 
for errors earlier in the logs.

Jan 11 15:06:53 guac-test server[242104]: 15:06:53.904 [http-nio-8080-exec-3] 
WARN  o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored 
because the relevant authentication provider could not be loaded. Please check 
for errors earlier in the logs.

Jan 11 15:06:58 guac-test server[242104]: 15:06:58.885 [http-nio-8080-exec-2] 
WARN  o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored 
because the relevant authentication provider could not be loaded. Please check 
for errors earlier in the logs.

Jan 11 15:06:58 guac-test server[242104]: 15:06:58.892 [http-nio-8080-exec-2] 
INFO  o.a.g.a.l.AuthenticationProviderService - Unable to determine DN of user 
"guacadmin" using LDAP server "ldap1". Proceeding with next server...

Jan 11 15:06:58 guac-test server[242104]: 15:06:58.892 [http-nio-8080-exec-2] 
INFO  

RE: Issue logging in locally as guacadmin on new install

[Devine, Harry (FAA)]

Any thoughts on this?  I still can't log in with guacadmin, but can log in with 
an LDAP user.  I'll need the local guacadmin user to be able to log in moving 
forward, and whatever the solution turns out to be for this, I'll need to 
update my Ansible role so future Guacamole installations behave as intended.

Thanks,
Harry

From: Devine, Harry (FAA) 
Sent: Thursday, January 11, 2024 3:20 PM
To: user@guacamole.apache.org
Subject: RE: Issue logging in locally as guacadmin on new install

I do have the "mysql-connector-j-8.0.33-1.el8.noarch.rpm" file as part of my 
Ansible role, and that gets installed as part of the playbook execution.  Could 
it be that this is not the correct connector for MariaDB on RHEL 8?

Thanks,
Harry

From: Devine, Harry (FAA) 
mailto:harry.dev...@faa.gov.INVALID>>
Sent: Thursday, January 11, 2024 3:14 PM
To: user@guacamole.apache.org
Subject: Issue logging in locally as guacadmin on new install

I have a playbook that installs Guacamole for me.  I've been refining it for a 
few days and it's finally just-about working, but the last thing left to get 
working is to log in as the local guacadmin user.  I have the JDBC and LDAP jar 
files installed under /usr/share/tomcat/.guacamole/extensions, and the LDAP 
file loads, but the JDBC will not:

Jan 11 15:05:05 guac-test server[242104]: 15:05:05.785 [main] INFO  
o.a.g.extension.ExtensionModule -  - [mysql] "MySQL Authentication" 
(/usr/share/tomcat/.guacamole/extensions/guacamole-auth-jdbc-mysql-1.5.4.jar)
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.785 [main] INFO  
o.a.g.extension.ExtensionModule -  - [ldap] "LDAP Authentication" 
(/usr/share/tomcat/.guacamole/extensions/guacamole-auth-ldap-1.5.4.jar)
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.785 [main] INFO  
o.a.g.extension.ExtensionModule -  - [tsose] "Guac-Test" 
(/usr/share/tomcat/.guacamole/extensions/tsose.jar)
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.785 [main] INFO  
o.a.g.extension.ExtensionModule - To change this order, set the 
"extension-priority" property or rename the extension files. The default 
priority of extensions is dictated by the sort order of their filenames.
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.797 [main] ERROR 
o.a.g.extension.ProviderFactory - authentication provider extension failed to 
start: No JDBC driver for MySQL/MariaDB is installed.
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.798 [main] ERROR 
o.a.g.extension.ProviderFactory - authentication provider extension failed to 
start: No JDBC driver for MySQL/MariaDB is installed.
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.834 [main] INFO  
o.a.g.extension.ExtensionModule - Extension "MySQL Authentication" (mysql) 
loaded.
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.968 [main] WARN  
o.a.g.e.LanguageResourceService - Overlay language resource "de" does not exist.
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.970 [main] INFO  
o.a.g.extension.ExtensionModule - Extension "LDAP Authentication" (ldap) loaded.
Jan 11 15:05:05 guac-test server[242104]: 15:05:05.990 [main] INFO  
o.a.g.extension.ExtensionModule - Extension "Guac-Test" (tsose) loaded.

When I attempt to log in as guacadmin then as an LDAP user, the LDAP user works 
but not guacadmin (I redacted the LDAP server name and internal IPs):

Jan 11 15:06:53 guac-test server[242104]: 15:06:53.904 [http-nio-8080-exec-3] 
WARN  o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored 
because the relevant authentication provider could not be loaded. Please check 
for errors earlier in the logs.
Jan 11 15:06:53 guac-test server[242104]: 15:06:53.904 [http-nio-8080-exec-3] 
WARN  o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored 
because the relevant authentication provider could not be loaded. Please check 
for errors earlier in the logs.
Jan 11 15:06:58 guac-test server[242104]: 15:06:58.885 [http-nio-8080-exec-2] 
WARN  o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored 
because the relevant authentication provider could not be loaded. Please check 
for errors earlier in the logs.
Jan 11 15:06:58 guac-test server[242104]: 15:06:58.892 [http-nio-8080-exec-2] 
INFO  o.a.g.a.l.AuthenticationProviderService - Unable to determine DN of user 
"guacadmin" using LDAP server "ldap1". Proceeding with next server...
Jan 11 15:06:58 guac-test server[242104]: 15:06:58.892 [http-nio-8080-exec-2] 
INFO  o.a.g.a.l.AuthenticationProviderService - User "guacadmin" did not 
successfully authenticate against any LDAP server.
Jan 11 15:06:58 guac-test server[242104]: 15:06:58.892 [http-nio-8080-exec-2] 
WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from 
[xxx.xxx.xxx.xxx, 127.0.0.1] for user "guacadmin" failed.

Any thoughts on what I could have misconfigured?

Thanks,
Harry

Harry Devine
Secure-OSE System Administrator
Red Hat Certified System Administrator (RHCSA)
Work: (609) 485-4218
FAA Cell:  (609)