Guacamole with Jetty and MySQL auth in a Jail

markymark832

Dabbler
Joined
Feb 28, 2017
Messages
36
Did you try a static configuration first, that's what I did. Then switched to MySQL after everything worked. I cannot remember that I installed anything special, the guacamole package simply pulled in all the necessary dependencies.

The docs for static configuration can be found here:

For reference, my guacamole config is rather unspectacular:
Code:
# guacgd.conf
[daemon]

[server]
bind_host = localhost
bind_port = 4822

# guacamole.properties
uacd-host:    localhost
guacd-port:     4822

mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole
mysql-username: guacamole
mysql-password: *********
mysql-user-required: true


Plus you need to manually put guacamole-auth-jdbc-mysql-1.0.0.jar into /usr/local/etc/guacamole-client/extensions.

HTH,
Patrick
thanks for the reply, i'm just using the .xml file for the connection setting for now, i don't really need the sql implentation,
i'll bin the jail and start again, but this time output the results on the pkg install to see if it is pulling the dependencies
fingers crossed
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
I do not really *need* the MySQL backend, either. But it lets you manage connections and users from the web UI, which is pretty convenient.
 

markymark832

Dabbler
Joined
Feb 28, 2017
Messages
36
I do not really *need* the MySQL backend, either. But it lets you manage connections and users from the web UI, which is pretty convenient.
yeah i can see that, i've currently got freenas as a ssh in guacamole, then iocage into the jail and do the editing that way... suppose it depends on how many connections you are creating/removing on it
 

markymark832

Dabbler
Joined
Feb 28, 2017
Messages
36
quick question, when it comes to updating Guacamole is there a procedure? (if there is updates available)
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737

RSVP

Explorer
Joined
Feb 11, 2016
Messages
73
Of course. And it can easily be installed as a ready to use package with all dependencies.
  • create standard jail with VNET
  • make sure networking works and you can SSH and su/sudo
  • pkg install guacamole-client
  • pkg install guacamole-server
  • sysrc guacd_enable="YES"
  • sysrc tomcat9_enable="YES"
Works like a charm since about a year ago or so when I first discovered it. I suggest starting with plain text user authentication (in the user-mapping.xml file) and switching to MySQL after that is successful.

HTH,
Patrick

Hi,
Thanks for posting this. I am at that web gui and its prompting for username and password. Am I missing something in your last comment about user-mapping.xml? I am searching for that but so far no go. Thanks for the help
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
There's a sample file :wink:
/usr/local/etc/guacamole-client/user-mapping.xml.sample

Copy to user-mapping.xml in the same directory.
 

minstrel

Cadet
Joined
Aug 3, 2021
Messages
5
Of course. And it can easily be installed as a ready to use package with all dependencies.
  • create standard jail with VNET
  • make sure networking works and you can SSH and su/sudo
  • pkg install guacamole-client
  • pkg install guacamole-server
  • sysrc guacd_enable="YES"
  • sysrc tomcat9_enable="YES"
Works like a charm since about a year ago or so when I first discovered it. I suggest starting with plain text user authentication (in the user-mapping.xml file) and switching to MySQL after that is successful.

HTH,
Patrick


Hi
Thanks for this information. I tried installing following the above instructions and I'm running into a couple of issues.

First, when I try ti install the guacamole-server package, I'm getting a message that the package was already installed. The client package installed correctly (137 packages total) and guacamole-server is one of them, so it looks like the server is installed as part of the client package.

The other issue is that after installing the client, running thy sysrc commands, and copying the user_mapping.xml file, I try to launch the application in my browser but I keep getting an "Unable to Connect" message. I'm able to ping the IP so it is correct and active. I'm probably missing a step somewhere but can't figure it out.

Any help would be appreciated.

Thanks
 

minstrel

Cadet
Joined
Aug 3, 2021
Messages
5
Hi
Thanks for this information. I tried installing following the above instructions and I'm running into a couple of issues.

First, when I try ti install the guacamole-server package, I'm getting a message that the package was already installed. The client package installed correctly (137 packages total) and guacamole-server is one of them, so it looks like the server is installed as part of the client package.

The other issue is that after installing the client, running thy sysrc commands, and copying the user_mapping.xml file, I try to launch the application in my browser but I keep getting an "Unable to Connect" message. I'm able to ping the IP so it is correct and active. I'm probably missing a step somewhere but can't figure it out.

Any help would be appreciated.

Thanks


Never mind, I think I found the problem. I had to start the 2 services first. I did and now I see the web UI.
 

diskdiddler

Wizard
Joined
Jul 9, 2014
Messages
2,374
I set this up a couple of years ago and somehow, the 2FA auth, randomly broke. Infact it felt like each update, something broke while in a jail.
The end result was a compromised workstation as someone got in.

I would be extra careful making sure your security is particularly high with this.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
The other issue is that after installing the client, running thy sysrc commands, and copying the user_mapping.xml file, I try to launch the application in my browser but I keep getting an "Unable to Connect" message. I'm able to ping the IP so it is correct and active. I'm probably missing a step somewhere but can't figure it out.
Did you start the services or restart the jail?

I set this up a couple of years ago and somehow, the 2FA auth, randomly broke. Infact it felt like each update, something broke while in a jail.
The end result was a compromised workstation as someone got in.
After each Guacamole version update you must upgrade the database. They provide scripts for that in the source tree. If you used MySQL with 2FA that's possibly what hit you. Nothing jail specific. Always check release notes and change logs for any application.

https://guacamole.apache.org/doc/gug/jdbc-auth.html#idm46227496716912
https://github.com/apache/guacamole...ules/guacamole-auth-jdbc-mysql/schema/upgrade
 
Last edited:

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
The web UI is on port 8080 by default. I forgot I run it behind a reverse proxy that does the SSL ...
 
Top