Guacamole 1.3.0 testing

Hi friends,

please test nethserver-guacamole providing Guacamole 1.3.0 (on a test machine if possible).

yum install https://mrmarkuz.dynu.net/mirror/devtest/nethserver-guacamole-0.0.1-3.ns7.noarch.rpm

Epel provides libguac*-1.3.0 now so the module needed an update.

I included the guacamole-customize-loginscreen-extension by @Zer0Cool, thanks to @oneitonitram for his post, and adapted it a little bit. Still thinking about the design of the login page. This is the example actually included in the new module:

Here’s another example by @flatspin.

You can manage the content of /var/lib/guacamole/extensions/branding.jar easily with 7zip in Windows as @royceb explained here or with mc and unzip:

yum install mc unzip

After changes to the file you need to signal-event nethserver-guacamole-update to apply them.

See Guacamole docs for more info.
If you already use a branding.jar file, please do a backup before updating.

I have disconnecting issues with VNC on servers that were updated from version 0.9.* but didn’t find a solution yet. Similar to these:

https://issues.apache.org/jira/browse/GUACAMOLE-414

Source code:

8 Likes

Early testing but the initial install works for me with the updated login page.

1 Like

@mrmarkuz

Hi

I’ll make a snapshot / backup (PBS) of my NethServer at home and upgrade the Mesh on that box later afternoon today. I’ll provide feedback!

My 2 cents
Andy

1 Like

Hi Markus,

when just updating the login-page looks like this:

image

No prob. Did a snapshot before.
So I removed the neth-package and the guacamole-rpms manually.
After reinstall it works:

Don’t know if this happend because of the customization of the login-page .

The database with connections, users etc. still exists.
But I can’t open a remote session. :thinking:
It sticks on “waiting for response” when I try to connect to a Win10-machine.
Just a short try. Will play more with it later.
I think it not a problem of guacamole itself, more a networkproblem/Windowsproblem here.

So, great work Markus!! Thanks a lot for your effort on this!!! :+1: :smiley:

1 Like

It seems to be a problem of my Win10-clients.
With one client on Win10 2004 it works, with another client on Win 10 20H2 it doesn’t work???
But I can do a windowsremotedesktop from the Win10 2004 client to the Win 10 20H2 client.
So remotedesktop on the 20H2 client is working, but not guacamole.
Strange windows world…

EDIT: When I deactivate WOL in connection it works with the 20H2 client.

1 Like

Happy to report RDP with NLA enabled on a Windows 10 2004 works and prompts for the username & password field if left blank. Working on the new windowed app feature and will report back.

2 Likes

Thanks for testing!

I think so, it seems like a CSS error. Maybe there was an old jar from your previous login page configuration.

I am going to move old jars to a separate dir when the module is installed/configured to not have old jars in the extensions dir that may make problems.

Thanks for the hint, I’m going to reproduce it because I don’t understand the relation between Wake On Lan and RDP login. :thinking:

Happy to read that. :+1:

Thanks, looking forward to your report, never tested these windowed apps.

Thanks, I appreciate it.

2 Likes

I think to recall you could configure guacamole to make the server send a WOL packet to wake-up a specific computer and set a wait/delay for the computer to be up before effectively trying RDP connection.

2 Likes

Hi,
I’m getting a 404 after upgrading.
All the services are running, but I noticed that guacd is running on 4822, while the apache conf is set on 8080:
[root@smart guacamole]# systemctl status guacd
● guacd.service - Guacamole proxy daemon
Loaded: loaded (/usr/lib/systemd/system/guacd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-02-25 10:32:53 -03; 29min ago
Docs: man:guacd(8)
Main PID: 2043 (guacd)
Tasks: 1
CGroup: /system.slice/guacd.service
└─2043 /usr/sbin/guacd -f

Feb 25 10:32:53 smart.nethserver systemd[1]: Started Guacamole proxy daemon.
Feb 25 10:32:56 smart.nethserver guacd[2043]: Guacamole proxy daemon (guacd) version 1.3.0 started
Feb 25 10:32:56 smart.nethserver guacd[2043]: Listening on host 127.0.0.1, port 4822
Feb 25 10:32:56 smart.nethserver guacd[2043]: guacd[2043]: INFO: Guacamole proxy daemon (guacd) version 1.3.0 started
Feb 25 10:32:56 smart.nethserver guacd[2043]: guacd[2043]: INFO: Listening on host 127.0.0.1, port 4822
Hint: Some lines were ellipsized, use -l to show in full.
[root@smart guacamole]#

Thanks,

1 Like

@jfranco Thanks for testing!

Tomcat8 is serving guacamole and listens on port 8080.

Please check if Tomcat8 is running:

systemctl status tomcat8 -l

guacd is the daemon process to connect to remote RDP, VNC, etc, it listens on port 4822 by default.

Hi @mrmarkuz
It’s running:
systemctl status tomcat8 -l
● tomcat8.service - Apache Tomcat 8 Web Application Container
Loaded: loaded (/usr/lib/systemd/system/tomcat8.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-02-25 12:03:32 -03; 4 days ago
Main PID: 2101 (jsvc)s
On a production server I see an update to guacd, should I uninstall the testing version and try the updated one from official repos?

Thanks,

Which version do you use now? The testing version nethserver-guacamole-0.0.1-3 or the stable 0.0.1-2?

As always check /var/log/messages and /var/log/httpd/error* for errors.

Do you use a virtualhost for guacamole?

config show guacd

Maybe you use the guacamole vhost for another site too?

httpd -S

Maybe try reconfiguring guacamole:

signal-event nethserver-guacamole-update

The guacd* part comes from epel repository.
The update should work but has no impact on the issue, I think it’s an Apache reverse proxy problem.

I have failed utterly here with the default Windows 10 RDP setup and still need further testing. Branding was as easy as copy/paste and a few edits of the existing files.

3 Likes

Thanks, I really appreciate your testing.

I also have a working ADSAMBA backed to authenticate with valid LE cert. A quick question, is there a way I can get the LDAP query to also include logins with the user@example.tdl?

1 Like

Yes, that’s possible.

In /etc/guacamole/guacamole.properties you can add the userPrincipalName (mail address) to the ldap-username-attribute like

ldap-username-attribute: cn,userPrincipalName

This way users can login with username or username@domain.tld.

At the moment you need a custom template but I could add a db prop to set the attribute like

config setprop guacd userattribute cn,userPrincipalName

3 Likes

Great idea. Appreciate it!! :+1:

2 Likes

Can I make a feature request to include this by default on new installs or is there a reason why this wouldn’t be desirable?

2 Likes

I’m ok with making it to the default for new installs.
Do we still need a db prop for changing the default?

Don’t know how much work this is to include the db prop, but for flexibility reason I’d say yes.
IIUC it would also be possible to use any LDAP-property you wich to use, or not?
So also a computer name or a group name would be possible.

1 Like