Guacamole 1.3.0 testing

mrmarkuz · February 24, 2021, 1:17am

Hi friends,

please test nethserver-guacamole providing Guacamole 1.3.0 (on a test machine if possible).

yum install https://mrmarkuz.dynu.net/mirror/devtest/nethserver-guacamole-0.0.1-3.ns7.noarch.rpm

Epel provides libguac*-1.3.0 now so the module needed an update.

I included the guacamole-customize-loginscreen-extension by @Zer0Cool, thanks to @oneitonitram for his post, and adapted it a little bit. Still thinking about the design of the login page. This is the example actually included in the new module:

Here’s another example by @flatspin.

You can manage the content of /var/lib/guacamole/extensions/branding.jar easily with 7zip in Windows as @royceb explained here or with mc and unzip:

yum install mc unzip

After changes to the file you need to signal-event nethserver-guacamole-update to apply them.

See Guacamole docs for more info.
If you already use a branding.jar file, please do a backup before updating.

I have disconnecting issues with VNC on servers that were updated from version 0.9.* but didn’t find a solution yet. Similar to these:

https://issues.apache.org/jira/browse/GUACAMOLE-414

Source code:

royceb · February 24, 2021, 4:55am

Early testing but the initial install works for me with the updated login page.

Andy_Wismer · February 24, 2021, 7:51am

@mrmarkuz

Hi

I’ll make a snapshot / backup (PBS) of my NethServer at home and upgrade the Mesh on that box later afternoon today. I’ll provide feedback!

My 2 cents
Andy

flatspin · February 24, 2021, 10:05am

Hi Markus,

when just updating the login-page looks like this:

No prob. Did a snapshot before.
So I removed the neth-package and the guacamole-rpms manually.
After reinstall it works:

Don’t know if this happend because of the customization of the login-page .

The database with connections, users etc. still exists.
But I can’t open a remote session.
It sticks on “waiting for response” when I try to connect to a Win10-machine.
Just a short try. Will play more with it later.
I think it not a problem of guacamole itself, more a networkproblem/Windowsproblem here.

So, great work Markus!! Thanks a lot for your effort on this!!!

flatspin · February 24, 2021, 12:13pm

It seems to be a problem of my Win10-clients.
With one client on Win10 2004 it works, with another client on Win 10 20H2 it doesn’t work???
But I can do a windowsremotedesktop from the Win10 2004 client to the Win 10 20H2 client.
So remotedesktop on the 20H2 client is working, but not guacamole.
Strange windows world…

EDIT: When I deactivate WOL in connection it works with the 20H2 client.

royceb · February 24, 2021, 1:24pm

Happy to report RDP with NLA enabled on a Windows 10 2004 works and prompts for the username & password field if left blank. Working on the new windowed app feature and will report back.

mrmarkuz · February 24, 2021, 3:38pm

Thanks for testing!

I think so, it seems like a CSS error. Maybe there was an old jar from your previous login page configuration.

I am going to move old jars to a separate dir when the module is installed/configured to not have old jars in the extensions dir that may make problems.

Thanks for the hint, I’m going to reproduce it because I don’t understand the relation between Wake On Lan and RDP login.

Happy to read that.

Thanks, looking forward to your report, never tested these windowed apps.

Thanks, I appreciate it.

dnutan · February 24, 2021, 8:00pm

I think to recall you could configure guacamole to make the server send a WOL packet to wake-up a specific computer and set a wait/delay for the computer to be up before effectively trying RDP connection.

jfranco · February 25, 2021, 2:04pm

Hi,
I’m getting a 404 after upgrading.
All the services are running, but I noticed that guacd is running on 4822, while the apache conf is set on 8080:
[root@smart guacamole]# systemctl status guacd
● guacd.service - Guacamole proxy daemon
Loaded: loaded (/usr/lib/systemd/system/guacd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-02-25 10:32:53 -03; 29min ago
Docs: man:guacd(8)
Main PID: 2043 (guacd)
Tasks: 1
CGroup: /system.slice/guacd.service
└─2043 /usr/sbin/guacd -f

Feb 25 10:32:53 smart.nethserver systemd[1]: Started Guacamole proxy daemon.
Feb 25 10:32:56 smart.nethserver guacd[2043]: Guacamole proxy daemon (guacd) version 1.3.0 started
Feb 25 10:32:56 smart.nethserver guacd[2043]: Listening on host 127.0.0.1, port 4822
Feb 25 10:32:56 smart.nethserver guacd[2043]: guacd[2043]: INFO: Guacamole proxy daemon (guacd) version 1.3.0 started
Feb 25 10:32:56 smart.nethserver guacd[2043]: guacd[2043]: INFO: Listening on host 127.0.0.1, port 4822
Hint: Some lines were ellipsized, use -l to show in full.
[root@smart guacamole]#

Thanks,

mrmarkuz · February 25, 2021, 3:18pm

@jfranco Thanks for testing!

Tomcat8 is serving guacamole and listens on port 8080.

Please check if Tomcat8 is running:

systemctl status tomcat8 -l

guacd is the daemon process to connect to remote RDP, VNC, etc, it listens on port 4822 by default.

jfranco · March 2, 2021, 1:01pm

Hi @mrmarkuz
It’s running:
systemctl status tomcat8 -l
● tomcat8.service - Apache Tomcat 8 Web Application Container
Loaded: loaded (/usr/lib/systemd/system/tomcat8.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-02-25 12:03:32 -03; 4 days ago
Main PID: 2101 (jsvc)s
On a production server I see an update to guacd, should I uninstall the testing version and try the updated one from official repos?

Thanks,

mrmarkuz · March 2, 2021, 2:41pm

Which version do you use now? The testing version nethserver-guacamole-0.0.1-3 or the stable 0.0.1-2?

As always check /var/log/messages and /var/log/httpd/error* for errors.

Do you use a virtualhost for guacamole?

config show guacd

Maybe you use the guacamole vhost for another site too?

httpd -S

Maybe try reconfiguring guacamole:

signal-event nethserver-guacamole-update

The guacd* part comes from epel repository.
The update should work but has no impact on the issue, I think it’s an Apache reverse proxy problem.

royceb · March 2, 2021, 6:25pm

I have failed utterly here with the default Windows 10 RDP setup and still need further testing. Branding was as easy as copy/paste and a few edits of the existing files.

mrmarkuz · March 2, 2021, 8:26pm

Thanks, I really appreciate your testing.

royceb · March 2, 2021, 11:14pm

I also have a working ADSAMBA backed to authenticate with valid LE cert. A quick question, is there a way I can get the LDAP query to also include logins with the user@example.tdl?

mrmarkuz · March 2, 2021, 11:41pm

Yes, that’s possible.

In /etc/guacamole/guacamole.properties you can add the userPrincipalName (mail address) to the ldap-username-attribute like

ldap-username-attribute: cn,userPrincipalName

This way users can login with username or username@domain.tld.

At the moment you need a custom template but I could add a db prop to set the attribute like

config setprop guacd userattribute cn,userPrincipalName

flatspin · March 3, 2021, 3:49pm

Great idea. Appreciate it!!

royceb · March 3, 2021, 4:21pm

Can I make a feature request to include this by default on new installs or is there a reason why this wouldn’t be desirable?

mrmarkuz · March 3, 2021, 4:26pm

I’m ok with making it to the default for new installs.
Do we still need a db prop for changing the default?

flatspin · March 3, 2021, 5:00pm

Don’t know how much work this is to include the db prop, but for flexibility reason I’d say yes.
IIUC it would also be possible to use any LDAP-property you wich to use, or not?
So also a computer name or a group name would be possible.