I think it is here: > jdbc:mysql scheme compatibility > > MariaDB Connector/J 3.0 only accepts jdbc:mariadb: as the protocol in > connection strings by default. When both MariaDB Connector/J and the MySQL > drivers are found in the class-path, using jdbc:mariadb: as the protocol > helps to ensure that Java chooses MariaDB Connector/J. > > Connector/J still allows jdbc:mysql: as the protocol in connection > strings when the permitMysqlScheme option is set. For example: > > jdbc:mysql://HOST/DATABASE?permitMysqlScheme > > (2.x version did permit connection URLs beginning with both jdbc:mariadb > and jdbc:mysql) > If you are curious, you can try the 2.7.12 mariadb driver.
пт, 7 мар. 2025 г. в 00:57, Jason Bailey <[email protected]>: > Using that alternative connector did the trick (thank you!). Any idea why > that worked while the previous one did not? > > > > > On 3/6/25 2:21 PM, Anakien Skywalker wrote: > > Can you try this one: > > https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-$MYSQL_JDBC_VERSION.tar.gz > MYSQL_JDBC_VERSION=8.3.0 > > Remove the rest of drivers and in guacamole config set driver mysql > > чт, 6 мар. 2025 г., 22:51 Jason Bailey <[email protected]> > <[email protected]>: > >> This is what I have: >> >> echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat9 >> >> echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/profile.d/tomcat9.sh >> >> >> Also... >> >> >> root@guac:/etc/guacamole# ls -l >> total 20 >> drwxrwxr-x 2 tomcat tomcat 4096 Mar 5 15:15 extensions >> -rw-r--r-- 1 tomcat tomcat 2847 Mar 6 11:14 guacamole.properties >> -rw-r--r-- 1 tomcat tomcat 212 Mar 3 15:55 guacd.conf >> drwxrwxr-x 2 tomcat tomcat 4096 Mar 5 17:14 lib >> >> >> root@guac:/etc/guacamole/lib# ll >> total 3896 >> -rw-r--r-- 1 tomcat tomcat 627652 Mar 5 17:14 >> mariadb-java-client-2.7.12.jar >> -rw-r--r-- 1 tomcat tomcat 743409 Feb 21 11:27 >> mariadb-java-client-3.5.2.jar >> -rw-r--r-- 1 tomcat tomcat 2609733 Mar 5 17:04 >> mysql-connector-java-9.2.0.jar >> >> >> >> >> On 3/6/25 1:44 PM, Anakien Skywalker wrote: >> >> Oh yeah, >> And by the way: >> Any of the following MySQL-compatible JDBC drivers are supported for >> connecting Guacamole with MySQL or MariaDB: >> >> MySQL Connector/J >> MariaDB Connector/J >> >> Did you install them both? Because you have to install them both. >> >> чт, 6 мар. 2025 г., 22:39 Anakien Skywalker <[email protected]>: >> >>> Hello, >>> Did you set GUACAMOLE_HOME env var? >>> >>> The Guacamole extension .jar will ultimately need to be placed within >>> GUACAMOLE_HOME/extensions, while the JDBC driver must be downloaded >>> separately from the database vendor and placed within GUACAMOLE_HOME/lib. >>> Please, check both directories and permissions. >>> >>> If guacamole home env var is not set, this could be an issue. At least I >>> had such problem deploying with docker. >>> >>> чт, 6 мар. 2025 г., 22:26 Jason Bailey <[email protected]> >>> <[email protected]>: >>> >>>> Okay... LDAP works now. Progress! I still can't get MariaDB/MySQL to >>>> work, however. >>>> >>>> This is what I'm seeing in the logs. >>>> >>>> 12:09:07.428 [http-nio-8080-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction >>>> - Opening JDBC Connection >>>> 12:09:07.429 [http-nio-8080-exec-1] DEBUG >>>> o.a.g.a.j.DynamicallyAuthenticatedDataSource - Creating new database >>>> connection for pool. >>>> 12:09:07.429 [http-nio-8080-exec-1] WARN >>>> o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider >>>> has encountered an internal error which will halt the authentication >>>> process. If this is unexpe> >>>> 12:09:07.430 [http-nio-8080-exec-1] ERROR >>>> o.a.g.rest.RESTExceptionMapper - Unexpected internal error: >>>> ### Error querying database. Cause: java.sql.SQLException: No suitable >>>> driver found for jdbc:mysql://127.0.0.1:3306/guacamole >>>> ### The error may exist in >>>> org/apache/guacamole/auth/jdbc/user/UserMapper.xml >>>> ### The error may involve >>>> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne >>>> ### The error occurred while executing a query >>>> ### Cause: java.sql.SQLException: No suitable driver found for jdbc: >>>> mysql://127.0.0.1:3306/guacamole >>>> 12:09:07.430 [http-nio-8080-exec-1] DEBUG >>>> o.a.g.rest.RESTExceptionMapper - Unexpected error in REST endpoint. >>>> org.apache.ibatis.exceptions.PersistenceException: >>>> ### Error querying database. Cause: java.sql.SQLException: No suitable >>>> driver found for jdbc:mysql://127.0.0.1:3306/guacamole >>>> ### The error may exist in >>>> org/apache/guacamole/auth/jdbc/user/UserMapper.xml >>>> ### The error may involve >>>> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne >>>> ### The error occurred while executing a query >>>> ### Cause: java.sql.SQLException: No suitable driver found for jdbc: >>>> mysql://127.0.0.1:3306/guacamole >>>> >>>> The mariadb jdbc driver is in /etc/guacamole/lib and the folder is >>>> owned by the tomcat user with 755 permissions. >>>> >>>> Suggestions? Thank you! >>>> >>>> >>>> >>>> >>>> On 3/6/25 4:16 AM, Anakien Skywalker wrote: >>>> >>>> Hello, >>>> Please, look higher up in the logs, during the startup of Tomcat (or >>>> deployment >>>> of the guacamole WAR file) to make sure it's loading the expected >>>> extensions, and see if there are any other errors there. The error you >>>> are referring to may be related with mysql driver not getting loaded. >>>> >>>> ср, 5 мар. 2025 г. в 21:12, Jason Bailey >>>> <[email protected]> <[email protected]>: >>>> >>>>> Did you enable auto creation of accounts in the mysql plugin? Yes. >>>>> >>>>> Did you create guacadmin user in mysql? I ran the >>>>> 000-create-admin-user.sql script against the database and I can see the >>>>> records present when I view the appropriate database tables. >>>>> >>>>> Set extension priority? I have not done so thus far. It isn't being >>>>> used in my old server, which is what I used as a template for the new >>>>> server. That said, I'll add it. >>>>> >>>>> Checking in the logs.... I see no mention of LDAP, so it must not be >>>>> loading. >>>>> >>>>> Nick, you were right, the permissions on the /etc/guacamole/lib and >>>>> /etc/guacamole/extensions folders were wrong. I'm actually trying to build >>>>> SaltStack state / provisioning that sets Apache Guacamole up, and I had >>>>> copied and pasted the wrong block of YAML. Long story short, the folder >>>>> was >>>>> 644 instead of 755. That has been fixed. >>>>> >>>>> Unfortunately, even with all these changes, it's still not working. >>>>> I'm now getting "DEBUG o.a.g.rest.RESTExceptionMapper - Client request >>>>> rejected: Permission Denied". I get that even when I bypass the reverse >>>>> proxy config and connect to tomcat directly with my browser. >>>>> >>>>> This is what I have in my guacamole.properties file: >>>>> >>>>> guacd-hostname: ::1 >>>>> guacd-port: 4822 >>>>> >>>>> mysql-hostname: 127.0.0.1 >>>>> mysql-database: guacamole >>>>> mysql-username: guacamole >>>>> mysql-password: LongGuacamolePassword >>>>> mysql-driver: mariadb >>>>> mysql-auto-create-accounts: true >>>>> mysql-server-timezone: America/Denver >>>>> >>>>> ldap-hostname: corp.myorganization.com >>>>> ldap-port: 389 >>>>> ldap-encryption-method: none >>>>> ldap-username-attribute: sAMAccountName >>>>> ldap-search-bind-dn: cn=OBS Manager >>>>> LDAP,OU=Services,DC=corp,DC=myorganization,DC=com >>>>> ldap-search-bind-password: MyReallyLongLdapPassword >>>>> ldap-user-base-dn: dc=corp,dc=myorganization,dc=com >>>>> ldap-user-search-filter: (memberOf=CN=OBS >>>>> Users,OU=Services,DC=corp,DC=myorganization,DC=com) >>>>> ldap-max-search-results: 400 >>>>> >>>>> auth-provider: >>>>> net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider >>>>> >>>>> Thanks >>>>> >>>>> >>>>> >>>>> On 3/5/25 4:41 AM, Anakien Skywalker wrote: >>>>> >>>>> Hello, >>>>> Just a few things to check: >>>>> 1. Did you enable auto creation accounts in mysql plugin? >>>>> https://guacamole.apache.org/doc/gug/jdbc-auth.html#auto-creating-database-users >>>>> >>>>> >>>>>> mysql-auto-create-accounts: true >>>>> >>>>> 2. Did you create guacadmin user in mysql? You need to execute the >>>>> following schema migration 002-create-admin-user.sql in your db in order >>>>> to >>>>> create admin user. Make sure all queries from migration are executed. >>>>> 3. Set extension priority. In your log, I don't see any evidence you >>>>> use ldap. But you could use ldap, mysql where mysql is fallback for >>>>> guacadmin. >>>>> >>>>>> extension-priority: mysql, ldap >>>>> >>>>> I am not sure of the correct naming. Please, check it yourself in your >>>>> logs: >>>>> >>>>>> 23:32:06.468 [main] INFO o.a.g.extension.ExtensionModule - - >>>>>> [postgresql] "PostgreSQL Authentication" >>>>>> (/etc/guacamole/extensions/guacamole-auth-jdbc-postgresql-1.5.5.jar) >>>>>> 23:32:06.468 [main] INFO o.a.g.extension.ExtensionModule - - [ldap] >>>>>> "LDAP Authentication" >>>>>> (/etc/guacamole/extensions/guacamole-auth-ldap-1.5.5.jar) >>>>>> >>>>>> According to these logs, it would be: >>>>> >>>>>> >>>>>> extension-priority: postgresql, ldap >>>>> >>>>> >>>>> >>>>> ср, 5 мар. 2025 г. в 03:37, Nick Couchman <[email protected]>: >>>>> >>>>>> On Tue, Mar 4, 2025 at 7:00 PM Jason Bailey >>>>>> <[email protected]> <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Replying to my own email here, but I did get debug logging working. >>>>>>> I'm seeing a few extra things now when I try to login: >>>>>>> >>>>>>> DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication >>>>>>> attempt from [10.0.0.86, 127.0.0.1] failed. >>>>>>> >>>>>>> DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: >>>>>>> Permission Denied. >>>>>>> >>>>>>> WARN o.a.g.r.auth.AuthenticationService - Authentication attempt >>>>>>> from [10.0.0.86, 127.0.0.1] for user "guacadmin" failed >>>>>>> >>>>>>> DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file >>>>>>> "/etc/guacamole/user-mapping.xml" does not exist and will not be read >>>>>>> >>>>>>> I don't have a user-mapping.xml anymore -- not since going to >>>>>>> LDAP/MSAD authentication. >>>>>>> >>>>>> >>>>>> It does not appear to me that the LDAP authentication extension is >>>>>> loading at all. Are there other messages, prior to this, that indicate >>>>>> that >>>>>> it is loading successfully? >>>>>> >>>>>> The message about the user-mapping.xml file is relatively benign - >>>>>> it's just warning you that it isn't there. >>>>>> >>>>>> >>>>>>> >>>>>>> Is this an indication that the reverse proxy through Apache might be >>>>>>> the issue? >>>>>>> >>>>>> >>>>>> Nope, don't think this has anything to do with reverse proxy - I >>>>>> think your Guacamole install is not picking up the LDAP extension at all. >>>>>> Maybe check that permissions are correct on all of the files/folders, >>>>>> such >>>>>> that the user running Tomcat has access to /etc/guacamole and all of the >>>>>> files and folders under it? >>>>>> >>>>>> -Nick >>>>>> >>>>> *Confidentiality Notice* This email message may contain legally >>>>> privileged and/or confidential information. If you are not the intended >>>>> recipient(s), you are hereby notified that any dissemination, distribution >>>>> or copying of this email message is strictly prohibited. If you have >>>>> received this email in error, please immediately notify the sender and >>>>> delete this email message from your computer. >>>>> >>>>
