Its working now. I found the reason. In postgres, you have to do the CREATE USER guacamole_user WITH PASSWORD 'some_password';
on the postgres DB (all users and permissions are located in this DB) and GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA public TO guacamole_user; GRANT SELECT,USAGE ON ALL SEQUENCES IN SCHEMA public TO guacamole_user; on the guacamole_db DB. This is not properly described in the guacamole documentation: http://guacamole.incubator.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-mysql Are here some guacamole devs who can: 1. update the sql scripts on the github link (see belowe)? 2. update the "Granting Gutacamole access to the database" part so that you have to create the user on the postgres db and the access rights on the guacamole_db? -----Ursprüngliche Nachricht----- Von: Fischer, Manuel <[email protected]> Gesendet: Donnerstag, 2. März 2023 11:03 An: [email protected] Betreff: AW: Guacamole 1.5.0 not working in docker > On Wed, Mar 1, 2023 at 12:11 PM Rolf Zurbrügg <[email protected]> > wrote: >> >> Hi Manuel, >> >> It seems, like your are not running the init script for the DB. Have you >> tried running this: >> >> ``` >> docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh >> --mysql > guac_db.sql ``` From the error it seems as if your DB is >> not initialised. >> > >Just make sure to use the --postgres option, instead. > >-Nick Hi Rolf and Nick , 1. My colleague tried to set it up with the initdb.sh script for mysql using the mysql option. But the only thing what happened was, that it created a initdb.sql file in the /home/ directory of the guacamole container. He was not able to init the mysqldb with this script. We verified this with mysql workbench. He then tried to initialize the mysql db manually. 2. I also tried to set it up with postgres. I never used the initdb.sh command. I always used the scripts available on the following link and initialized the db manually, like its described in the documentation on docker hub ("Alternatively, you can use the SQL scripts included with guacamole-auth-jdbc."): https://github.com/apache/guacamole-client/tree/0.9.10-incubating/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema I verified the initialization with pgAdmin. We can see all schemes and types and also the guacadmin user. 3. Further informations and questions: a) We checked /home/guacamole/.guacamole/guacamole.propertiers . All necessary informations for the database are included: guacd-hostname: 172.17.0.5 guacd-port: 4822 postgresql-username: guacamole_user postgresql-password: ourpassword postgresql-database: guacamole_db postgresql-hostname: 172.17.0.3 postgresql-port: 5432 We can connect to the postgres db using the above credentials with pgAdmin or over cli. b) We installed ip utilities inside the guacamole container and we can ping the postgres/mysql and guacd from inside. IP-connectivity seems not to be the problem. c) We also noticed, that the script on github (see link above) are for version 0.9.10. Is this correct? Because we also noticed, that these are 7 years old. We compared the scripts from the link above with the scrits from inside the guacamole container ( /opt/guacamole/postgresql/schema -> 001-create-schema.sql 002-create-admin-user.sql ). We found out, that these files do have much more sql code inside, so those on git are outdated. Because of this, we deleted all containers and started again with the newer SQL files. But its still not working. Attached you will find the current Log. Its still the authentication provider error. Manuel 02-Mar-2023 09:46:43.069 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/guacamole/tomcat 02-Mar-2023 09:46:43.069 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat 02-Mar-2023 09:46:43.069 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/guacamole/tomcat/temp 02-Mar-2023 09:46:43.070 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.36] using APR version [1.7.0]. 02-Mar-2023 09:46:43.070 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}]. 02-Mar-2023 09:46:43.070 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 02-Mar-2023 09:46:43.083 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022] 02-Mar-2023 09:46:43.200 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"] 02-Mar-2023 09:46:43.217 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 514 ms 02-Mar-2023 09:46:43.239 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina] 02-Mar-2023 09:46:43.239 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.86] 02-Mar-2023 09:46:43.258 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/guacamole/tomcat/webapps/guacamole.war] 02-Mar-2023 09:46:44.344 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. 09:46:44.680 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/home/guacamole/.guacamole". 09:46:44.749 [localhost-startStop-1] INFO o.a.g.GuacamoleServletContextListener - Read configuration parameters from "/home/guacamole/.guacamole/guacamole.properties". 09:46:44.750 [localhost-startStop-1] INFO o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity. 09:46:45.635 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - Extension "PostgreSQL Authentication" (postgresql) loaded. 09:46:45.757 [localhost-startStop-1] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support... 02-Mar-2023 09:46:46.545 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/home/guacamole/tomcat/webapps/guacamole.war] has finished in [3,287] ms 02-Mar-2023 09:46:46.555 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 02-Mar-2023 09:46:46.565 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 3347 ms 09:47:25.774 [http-nio-8080-exec-2] WARN o.a.g.e.AuthenticationProviderFacade - The "postgresql" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: postgresql" within your guacamole.properties. 09:47:25.776 [http-nio-8080-exec-2] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error: ### Error querying database. Cause: org.postgresql.util.PSQLException: ERROR: permission denied for table guacamole_user ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml ### The error may involve defaultParameterMap ### The error occurred while setting parameters ### SQL: SELECT guacamole_user.user_id, guacamole_entity.entity_id, guacamole_entity.name, password_hash, password_salt, password_date, disabled, expired, access_window_start, access_window_end, valid_from, valid_until, timezone, full_name, email_address, organization, organizational_role, MAX(start_date) AS last_active FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id WHERE guacamole_entity.name = ? AND guacamole_entity.type = 'USER'::guacamole_entity_type GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; SELECT guacamole_user_attribute.user_id, guacamole_user_attribute.attribute_name, guacamole_user_attribute.attribute_value FROM guacamole_user_attribute JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE guacamole_entity.name = ? AND guacamole_entity.type = 'USER'::guacamole_entity_type ### Cause: org.postgresql.util.PSQLException: ERROR: permission denied for table guacamole_user --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
