great work @sharpec thank you (and of course to @mrmarkuz)
just tested with an external 2012R2 AD (the ns7 is not joined to AD)
i had to adapt a little bit the config file:
# LDAP properties
ldap-hostname: ad.yourdomain.demo
ldap-port: 3268 #some problems with port 389 and AD on 2012R2
ldap-user-base-dn: CN=Users,DC=yourdomain,DC=demo
#ldap-encryption-method:none #disable encryption
ldap-user-base-dn: dc=yourdomain,dc=demo
ldap-search-bind-dn: cn=ldapservice,CN=Users,dc=yourdomain,dc=demo
ldap-search-bind-password: yourpassword
ldap-username-attribute: sAMAccountName
A small bug it seems: Inside the Web-GUI, guacadmin can’t change his own password, even if set in the Users section of the config.
Changing the password using PHPMyAdmin works.
However, that needs a second user with the correct password, as MySQL only saves the salt and the hash, but not the password itself…
That password hash and salt can be copied to guacadmin, that will work.
Local LDAP works, AD makes problems with self-signed certificates so we may import a valid letsencrypt cert to the samba container as described here
Be patient at installation, guacamole is compiled in the background…
As an aside, if you use DNS validation for the Let’s Encrypt certificates, you don’t need to have a public A/CNAME record for your hostname. I’ve posted some other information here on implementing DNS validation:
This way, you could get a cert for ad.yourdomain.tld (or whatever), without having that domain resolve, on the public Internet, to your domain controller. Since I moved my DNS hosting to Cloudflare, I’ve used the technique I posted in the wiki for most of my internal resources. But now that I’ve put acme-dns onto my Neth box (as described in the first link), I think I’m going to move that way, so I don’t need to have as many copies of my Cloudflare API key floating around.
I am trying to get guacamole to work on my machine but get the following message when trying to access the app.
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
I searched the log files from log viewer and attaching everything I could find then searched for the word Guacamole.
MariaDB [(none)]> alter user root set password = ‘UY4_FzRrsMYs7D1q’;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘use r root set password = ‘UY4_FzRrsMYs7D1q’’ at line 1
MariaDB [(none)]>
MariaDB [(none)]> UPDATE user SET password=password(‘UY4_FzRrsMYs7D1q’) WHERE user=‘root’; ERROR 1046 (3D000): No database selected
MariaDB [(none)]>
Not sure what I am doing wrong, but it seems like there is no database present. Any other ideas’? Should I reinstall everything from scratch(including Neth Server??
No, that’s not necessary. These commands should work to set the password:
MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('UY4_FzRrsMYs7D1q') WHERE User = 'root' AND Host = 'localhost';
MariaDB [(none)]> flush privileges;
Now you should be able to login to mysql as root without password.
[root@testserver ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
...
You may reconfigure guacamole with signal-event nethserver-guacamole-update. This way the database should be created correctly.