Thanks @sharpec, great work , I added it to the howto. LDAP works like a charm.
AD only worked when setting ldap server require strong auth = no
in the smb.conf of the AD container.
I couldn’t make AD work with SSL, I tried to import the NS cert to java keystore with keytool but I am afraid a self-signed cert is not working. I assume it works with a letsencrypt cert…
great work @sharpec thank you (and of course to @mrmarkuz)
just tested with an external 2012R2 AD (the ns7 is not joined to AD)
i had to adapt a little bit the config file:
# LDAP properties
ldap-hostname: ad.yourdomain.demo
ldap-port: 3268 #some problems with port 389 and AD on 2012R2
ldap-user-base-dn: CN=Users,DC=yourdomain,DC=demo
#ldap-encryption-method:none #disable encryption
ldap-user-base-dn: dc=yourdomain,dc=demo
ldap-search-bind-dn: cn=ldapservice,CN=Users,dc=yourdomain,dc=demo
ldap-search-bind-password: yourpassword
ldap-username-attribute: sAMAccountName
Hi
Finally got down to installing Guacamole on NethServer - and it works really great!
Where do I find the NS container to do this:
Great work!
Andy
Hi
Great work!
A small bug it seems: Inside the Web-GUI, guacadmin can’t change his own password, even if set in the Users section of the config.
Changing the password using PHPMyAdmin works.
However, that needs a second user with the correct password, as MySQL only saves the salt and the hash, but not the password itself…
That password hash and salt can be copied to guacadmin, that will work.
Thx
Andy
some more test… i had problem in upload/download file from ssh backend server
following manual https://guacamole.apache.org/doc/gug/proxying-guacamole.html#proxying-with-apache
if someone has the same problem, at the end this config seems to work for me
SSLProxyEngine on
ProxyPass /guacamole http://localhost:8080/guacamole flushpackets=on
ProxyPassReverse /guacamole http://localhost:8080/guacamole
<Location /guacamole>
SSLRequireSSL
</Location>
<Location /guacamole/websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
</Location>
honestly, i’m not sure if i have changed something else, working on it now and then
as soon as i have time i’ll try with a new install
A first draft nethserver-guacamole package is ready to be tested! Don’t use in production!
Local LDAP works, AD makes problems with self-signed certificates so we may import a valid letsencrypt cert to the samba container as described here
Be patient at installation, guacamole is compiled in the background…
As an aside, if you use DNS validation for the Let’s Encrypt certificates, you don’t need to have a public A/CNAME record for your hostname. I’ve posted some other information here on implementing DNS validation:
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers
This way, you could get a cert for ad.yourdomain.tld
(or whatever), without having that domain resolve, on the public Internet, to your domain controller. Since I moved my DNS hosting to Cloudflare, I’ve used the technique I posted in the wiki for most of my internal resources. But now that I’ve put acme-dns onto my Neth box (as described in the first link), I think I’m going to move that way, so I don’t need to have as many copies of my Cloudflare API key floating around.
That’s a HUGE news! Thanks this is awesome
I am trying to get guacamole to work on my machine but get the following message when trying to access the app.
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
I searched the log files from log viewer and attaching everything I could find then searched for the word Guacamole.
https://vmakol.com/nextcloud/index.php/s/oPmqxWaa4LYetyo
Thanks in advance for your help!
Did you setup guacamole manually from the howto or did you install the module?
It seems like the guacamole db user credentials are wrong:
### Error querying database. Cause: java.sql.SQLException: Access denied for user 'guacamole'@'localhost' (using password: YES)
I installed the module. Is there any way to uninstall and redo it?
Yes, you may remove module, src and database and install it again:
yum remove nethserver-guacamole
rm -Rf /usr/local/src/guacamole/
mysql
drop database guacamole;
quit;
yum install nethserver-guacamole
No luck…
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Please check if tomcat is running and if there are errors:
systemctl status tomcat -l
Same with mariadb:
systemctl status mariadb -l
Try to restart the services:
systemctl restart mariadb tomcat
I think it has something to do with mariadb.
[root@gateway ~]# mysql
ERROR 1045 (28000): Access denied for user ‘root’@‘localhost’ (using password: YES)
[root@gateway ~]# sudo mysql -uroot -p
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 32
Server version: 5.5.56-MariaDB MariaDB Server
Copyright © 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]>
I believe the database is not even getting installed.
Normally root can login without password. Did you change the mysql root password?
You may use cat ~/.my.cnf
to get the mysql root password and then login to mysql and reset the password:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'THEPASSWORDFROMMYCNF';
That may be because root is used to create database and users.
MariaDB [(none)]> alter user root set password = ‘UY4_FzRrsMYs7D1q’;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘use r root set password = ‘UY4_FzRrsMYs7D1q’’ at line 1
MariaDB [(none)]>
MariaDB [(none)]> UPDATE user SET password=password(‘UY4_FzRrsMYs7D1q’) WHERE user=‘root’; ERROR 1046 (3D000): No database selected
MariaDB [(none)]>
Not sure what I am doing wrong, but it seems like there is no database present. Any other ideas’? Should I reinstall everything from scratch(including Neth Server??
No, that’s not necessary. These commands should work to set the password:
MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('UY4_FzRrsMYs7D1q') WHERE User = 'root' AND Host = 'localhost';
MariaDB [(none)]> flush privileges;
Now you should be able to login to mysql
as root without password.
[root@testserver ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
...
You may reconfigure guacamole with signal-event nethserver-guacamole-update
. This way the database should be created correctly.
MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD(‘UY4_FzRrsMYs7D1q’) WHERE User = ‘root’ AND Host = ‘localhost’;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@gateway ~]# mysql
ERROR 1045 (28000): Access denied for user ‘root’@‘localhost’ (using password: YES)
Still the same…but the password is changed.