Guacamole Package?

ghost · May 8, 2017, 5:46pm

Hello,

I am not a developer hence I wish to call for developers in this community to help me out creating a module that can be integrated into nextcloud.

Below are few examples that already achieved what I am looking for

Rainloop email module
XMPP module
Spreed.me
These modules call internal ip addresses without the need to forward ports on the main firewall
they use proxy ngix

Our desired module is necessary in order to eliminate the need to type username and password.
No need to make it so complex and link it to the LDAP, you just look at rainloop how it functions and implement the same for the Guacamole Nextcloud module.

This is very practical module for tech support , for teleworkers and is an integral part of the collaboration suite.
Currently it is working with external link Guacamole Package?

alefattorini · May 8, 2017, 6:02pm

Just moved the post here, I agree. Guacamole is very interesting, anyone interested in creating a new package for that? What does it involve?
@FMFREAK

wbilger · October 13, 2017, 5:43pm

Has there been any updates on a Guacamole package for NS?
I tried the install instructions above for NS7, and could not get it to work on a test system.

ghost · October 15, 2017, 10:31am

@wbilger what seems to be your problem ?
I have guacamole running on 2 systems with over 30 remote worker/system. (20 simultaneous sessions)
We have RDP on windows 2008R2 accessible by remote users.
All working very fine.

wbilger · October 15, 2017, 4:39pm

I’m going to attempt it again on a test system this week, but was more
hoping to hear if an official module might be in the works.

greavette · October 15, 2017, 6:30pm

Hi @ghost,

That’s very interesting that you are running Guacamole on your Nethserver. Something I’ve been considering but wihout a proper module I’m planning on running my guacamole on a separate server and hopefully use Nethserver as a my reverse proxy and piping Guacamole into my Nextcloud. I found the following that will hopefully get me started.

https://kmyers.me/blog/tech/short-tutorial-nextcloud-guacamole/

Question for you…what happens to your Guacamole when you upgrade Nethserver? Does Nethserver and Guacamole upgrade cleanly or do you need to fix or resetup anything?

Thanks!

edi · October 17, 2017, 5:07pm

Have you tried following the howto from post 59?

If it doesn’t work, where does it fail?

wbilger · October 17, 2017, 5:37pm

From what I remember I did not have any failure in following the instructions, but did not get the Guac login screen at 8080.
I am going to attempt again on a test server.
I have 2 test servers, 1 uses LDAP for NS logins, which it looks like these instructions do, but on the 2nd one, it gets it’s users from an AD server, would it be possible to have Guac use those logins as well?

stephdl · October 17, 2017, 7:05pm

guacamole is in epel (el7 version) at the last version now

wbilger · October 17, 2017, 7:12pm

I am able to get the login screen, but the credentials guacadmin:guacadmin do not work.

greavette · October 17, 2017, 7:33pm

Thank you @stephdl for letting me know.

But until Nethserver adds a Guacamole module to it’s list of modules it supports I think I’ll continue with my plan to install Guacamole on a separate server and look at using reverse proxy from Nethserver to allow me to use my Nethserver ssl certificate to access my Guacamole server.

I’ll continue to follow this thread on guacamole being installed within Nethserver but I’m hesitant to install non-supported modules on my production Nethserver.

Thanks!

stephdl · October 17, 2017, 7:36pm

guacamole added to my todo list…but really no eta

edi · October 17, 2017, 8:51pm

Could you paste the content of /etc/guacamole/guacamole.properties?

wbilger · October 17, 2017, 9:08pm

'# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password: mymysqlpassword
mysql-user-required: true

'# LDAP properties
ldap-hostname: localhost
ldap-encryption-method: starttls
ldap-search-bind-dn: cn=ldapservice,dc=directory,dc=nh
ldap-search-bind-password: **********
ldap-user-base-dn: dc=directory,dc=nh

Also, how would I bind to an AD server?

edi · October 17, 2017, 9:36pm

ok then assuming the credentials in there are right, can you try and check on mysql if the db exists and the user guacadmin is in there?

If that’s ok, you could confirm whether guacamole is actually trying to login from either LDAP or mysql, check some logs

to enable LDAP logging

ldapmodify -Y EXTERNAL <<EOF
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: 256
EOF

To disable it:

olcLogLevel: 0

To enable tomcat logging:

vi /etc/rsyslog.d/tomcat.conf

put this inside

programname,contains,"server" /var/log/tomcat/catalina.out
programname,contains,"server" ~

and check if the logs have anything to say as you login

tail -f /var/log/tomcat/catalina.out
tail -f /var/log/slapd

Also, does the folder /usr/share/tomcat/.guacamole/extensions/ contain guacamole-auth-jdbc-mysql.jar and guacamole-auth-ldap.jar?

Is there a file like mysql-connector-java-5.x.yz-bin.jar inside /usr/share/tomcat/.guacamole/lib/?

(paths may differ depending on how you installed it)

wbilger · October 18, 2017, 12:55am

In the mysql database, there is a guacuser, but not guacadmin user. There is a guacdb database, and guacdb.user table does not exist, there is no guacdb.user table.
I followed your instructions exactly, line for line in post 59, where exactly is guacadmin created?

wbilger · October 18, 2017, 2:11pm

@edi
Well, I thought I would restore my VM before Guac was installed and try again, to be sure I never missed a step, and now I have tried it 10 times, and every time I get a blank white page, no login.

wbilger · October 19, 2017, 11:17pm

I was able to get this working after a lot of playing.
The instructions by @edi from post 59 didn’t seem to work completely anymore, at least for me (I just got a white screen, no login), but I was able to figure it by some trial and error using the instructions from @Adam in post 27 (without LDAP or reverse proxy), and adding LDAP authentication and reverse proxy from @edi from post 59, as well as updating to 0.9.13. Seems to be working great so far.
Not sure if it did not work because of some update to NS, as I could see very little difference in the instructions (besides LDAP, reverse proxy), except maybe a slight difference in the order in which things were done. Works for me now anyway.
If anyone is having the same problem, and wants to know exactly what I did, let me know.

Still VERY interested in a tested NethServer module.

wbilger · October 21, 2017, 6:48pm

So, I have this running on a test NethServer with a local LDAP server installed, works great.
But, I am having trouble getting it to authenticate against a zentyal domain controller.
My setup is a zentyal domain controller running, and NS connects to the Zentyal server through AD no problem, but I can’t seem to get Guacamole to authenticate. This is what I have in my guacamole.properties;

'# LDAP properties
ldap-hostname: mydomain.lan
ldap-encryption-method: none
ldap-search-bind-dn: cn=Users,dc=mydomain,dc=lan
ldap-search-bind-password: mypassword 'zentyal Administrator password
ldap-user-base-dn: dc=mydomain,dc=lan

Does anyone have Guacamole running and authenticating against a Zentyal domain controller, or any idea what I am doing wrong?

mrmarkuz · October 21, 2017, 7:08pm

Hi @wbilger,

Your bind DN has no user and the user base DN may also be wrong. Don’t know if zentyal needs encryption, maybe you also need an ldap-encryption-method. You may try:

ldap-search-bind-dn: cn=Administrator,cn=Users,dc=mydomain,dc=lan
ldap-user-base-dn: dc=Users,dc=mydomain,dc=lan