Guacamole Package?


(other names Tedd77/Giorgio09) #81

Hello,

I am not a developer hence I wish to call for developers in this community to help me out creating a module that can be integrated into nextcloud.

Below are few examples that already achieved what I am looking for

  1. Rainloop email module
  2. XMPP module
  3. Spreed.me
    These modules call internal ip addresses without the need to forward ports on the main firewall
    they use proxy ngix

Our desired module is necessary in order to eliminate the need to type username and password.
No need to make it so complex and link it to the LDAP, you just look at rainloop how it functions and implement the same for the Guacamole Nextcloud module.

This is very practical module for tech support , for teleworkers and is an integral part of the collaboration suite.
Currently it is working with external link Guacamole Package?


(Alessio Fattorini) #82

Just moved the post here, I agree. Guacamole is very interesting, anyone interested in creating a new package for that? What does it involve?
@FMFREAK


(Wayne Bilger) #83

Has there been any updates on a Guacamole package for NS?
I tried the install instructions above for NS7, and could not get it to work on a test system.


(other names Tedd77/Giorgio09) #84

@wbilger what seems to be your problem ?
I have guacamole running on 2 systems with over 30 remote worker/system. (20 simultaneous sessions)
We have RDP on windows 2008R2 accessible by remote users.
All working very fine.


(Wayne Bilger) #85

I’m going to attempt it again on a test system this week, but was more
hoping to hear if an official module might be in the works.


(Charles) #86

Hi @ghost,

That’s very interesting that you are running Guacamole on your Nethserver. Something I’ve been considering but wihout a proper module I’m planning on running my guacamole on a separate server and hopefully use Nethserver as a my reverse proxy and piping Guacamole into my Nextcloud. I found the following that will hopefully get me started.

https://kmyers.me/blog/tech/short-tutorial-nextcloud-guacamole/

Question for you…what happens to your Guacamole when you upgrade Nethserver? Does Nethserver and Guacamole upgrade cleanly or do you need to fix or resetup anything?

Thanks!


(Davide) #87

Have you tried following the howto from post 59?

If it doesn’t work, where does it fail?


(Wayne Bilger) #88

From what I remember I did not have any failure in following the instructions, but did not get the Guac login screen at 8080.
I am going to attempt again on a test server.
I have 2 test servers, 1 uses LDAP for NS logins, which it looks like these instructions do, but on the 2nd one, it gets it’s users from an AD server, would it be possible to have Guac use those logins as well?


(Stéphane de Labrusse) #89

guacamole is in epel (el7 version) at the last version now


(Wayne Bilger) #90

I am able to get the login screen, but the credentials guacadmin:guacadmin do not work.


(Charles) #91

Thank you @stephdl for letting me know.

But until Nethserver adds a Guacamole module to it’s list of modules it supports I think I’ll continue with my plan to install Guacamole on a separate server and look at using reverse proxy from Nethserver to allow me to use my Nethserver ssl certificate to access my Guacamole server.

I’ll continue to follow this thread on guacamole being installed within Nethserver but I’m hesitant to install non-supported modules on my production Nethserver. :slight_smile:

Thanks!


(Stéphane de Labrusse) #92

guacamole added to my todo list…but really no eta


(Davide) #93

Could you paste the content of /etc/guacamole/guacamole.properties?


(Wayne Bilger) #94

'# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password: mymysqlpassword
mysql-user-required: true

'# LDAP properties
ldap-hostname: localhost
ldap-encryption-method: starttls
ldap-search-bind-dn: cn=ldapservice,dc=directory,dc=nh
ldap-search-bind-password: **********
ldap-user-base-dn: dc=directory,dc=nh

Also, how would I bind to an AD server?


(Davide) #95

ok then assuming the credentials in there are right, can you try and check on mysql if the db exists and the user guacadmin is in there?

If that’s ok, you could confirm whether guacamole is actually trying to login from either LDAP or mysql, check some logs

to enable LDAP logging

ldapmodify -Y EXTERNAL <<EOF
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: 256
EOF

To disable it:

olcLogLevel: 0

To enable tomcat logging:

vi /etc/rsyslog.d/tomcat.conf

put this inside

programname,contains,"server" /var/log/tomcat/catalina.out
programname,contains,"server" ~

and check if the logs have anything to say as you login

tail -f /var/log/tomcat/catalina.out
tail -f /var/log/slapd

Also, does the folder /usr/share/tomcat/.guacamole/extensions/ contain guacamole-auth-jdbc-mysql.jar and guacamole-auth-ldap.jar?

Is there a file like mysql-connector-java-5.x.yz-bin.jar inside /usr/share/tomcat/.guacamole/lib/?

(paths may differ depending on how you installed it)


(Wayne Bilger) #96

In the mysql database, there is a guacuser, but not guacadmin user. There is a guacdb database, and guacdb.user table does not exist, there is no guacdb.user table.
I followed your instructions exactly, line for line in post 59, where exactly is guacadmin created?


(Wayne Bilger) #97

@edi
Well, I thought I would restore my VM before Guac was installed and try again, to be sure I never missed a step, and now I have tried it 10 times, and every time I get a blank white page, no login.


(Wayne Bilger) #98

I was able to get this working after a lot of playing.
The instructions by @edi from post 59 didn’t seem to work completely anymore, at least for me (I just got a white screen, no login), but I was able to figure it by some trial and error using the instructions from @Adam in post 27 (without LDAP or reverse proxy), and adding LDAP authentication and reverse proxy from @edi from post 59, as well as updating to 0.9.13. Seems to be working great so far.
Not sure if it did not work because of some update to NS, as I could see very little difference in the instructions (besides LDAP, reverse proxy), except maybe a slight difference in the order in which things were done. Works for me now anyway.
If anyone is having the same problem, and wants to know exactly what I did, let me know.

Still VERY interested in a tested NethServer module.


(Wayne Bilger) #99

So, I have this running on a test NethServer with a local LDAP server installed, works great.
But, I am having trouble getting it to authenticate against a zentyal domain controller.
My setup is a zentyal domain controller running, and NS connects to the Zentyal server through AD no problem, but I can’t seem to get Guacamole to authenticate. This is what I have in my guacamole.properties;

'# LDAP properties
ldap-hostname: mydomain.lan
ldap-encryption-method: none
ldap-search-bind-dn: cn=Users,dc=mydomain,dc=lan
ldap-search-bind-password: mypassword '#Zentyal Administrator password
ldap-user-base-dn: dc=mydomain,dc=lan

Does anyone have Guacamole running and authenticating against a Zentyal domain controller, or any idea what I am doing wrong?


(Markus Neuberger) #100

Hi @wbilger,

Your bind DN has no user and the user base DN may also be wrong. Don’t know if zentyal needs encryption, maybe you also need an ldap-encryption-method. You may try:

ldap-search-bind-dn: cn=Administrator,cn=Users,dc=mydomain,dc=lan
ldap-user-base-dn: dc=Users,dc=mydomain,dc=lan