I am very close to moving my complete office to NethServer. Right now I am testing with 3-4 users, and looking to move into production with all user shortly. Getting Guacamole running, and being able to backup with Hotsync were very big proponents in this.
Hotsync is working perfectly for me, but can it include Guacamole? (I haven’t been able to test this yet, but will soon, it’s just not listed in hotsync doc as backup up)
More importantly, I cannot get my AD users (zentyal) into Guacamole, and am having trouble finding a good how-to.
I am connected to Zentyal AD, and can login with all Zentyal users to Webtop, NextCloud, but cannot for Guacamole.
I installed Guacamole using instructions here; https://wiki.nethserver.org/doku.php?id=guacamole
I attempted to connect to Zentyal LDAP using the LDAP instructions here;
I was able to test this today, and the guacamole install does not get synced, but after slave promotion, if I install guac as original, then all of the settings seems to have been synced, users/connections etc.
Would be nice if install was synced, but at least the db seems to sync. Not sure if it would be better to do this way, or if I could pre-install guacamole on the Slave?
Still need help connecting AD as well, and then testing that survives the hotsync/guac install.
Haven’t tested hotsync but will try help (hope my assumptions are correct):
One of the reasons for not being included in hotsync is that (nethserver-)guacamole isn’t an official package, it is maintained by the community (@mrmarkuz).
A more important reason is that it requires an external repo. If the repo was present and enabled on the slave, then my guess is that guacamole would be installed automatically (if included in the package list of master’s config backup).
Shall the package be pushed to nethforge repo then no extra action would be needed from the user.
I tried installing the repo from @mrmarkuz on the slave, and it still doesn’t seem to work.
During the promotion by running hotsync-promote I still see the error ‘No package nethserver-guacamole available’. repo must get replaced during promotion.
Then my assumptions are wrong Hotsync script copies yum repo files from master to slave, so maybe the repo was already there but unsure at which stage.
I am going to reproduce the guacamole zentyal hotsync scenario…
Just an idea for now: In “Software Center configuration” on the slave, if not set already, you may try the Unlocked switch.
EDIT:
You may check login attempts in /var/log/messages, unfortunately there’s not much info why it’s not working. I assume some cert problems, tried this patch already without success.
It seems like Guacamole/Zentyal only works without encryption but I am going to investigate further. If you change the ldap encryption method in /etc/guacamole/guacamole.properties to none, it works with zentyal 5.1:
ldap-encryption-method: none
To apply the config just restart tomcat:
systemctl restart tomcat
I am going to fix the module hopefully with encryption, at least with an extra property to change the encryption method.
EDIT2:
Do you have a subscription?
I tested it with nethserver hotsync master, slave and zentyal 5.1 with AD and it worked.
I joined master to the AD, installed repo, guacamole and hotsync which I configured on master and slave.
After doing hotsync on master and hotsync-slave on slave which installed guacamole, I turned off the master and promoted the slave with hotsync-promote. Then reconneced via SSH to the new promoted master because of IP change from slave to master and did /sbin/e-smith/signal-event post-restore-data.
Guacamole was installed and after doing the encryption patch guacamole just worked on new master.
Ok, I am able to login with any AD users now, but I cannot see any of the users listed in guacamole, so there is no way to allow the users to access connections.
I haven’t tested Hotysnc again yet, but will soon but wanted to get AD working first.
You may login as guacadmin and create a user with same name as the AD user you’d like to be admin and give him admin rights. If you then login as this AD user you’ll see all users.
Thanks, it works. I had done that, but already had that user, so it didn’t seem to work unless user created after.
For hotsync, I got that to work now as per your instructions here. The problem seemed to be I did not run ‘hotsync-slave’, I assumed it was run during hotsync-promote, but did not work unless I ran 'hotsync-slave first. (I would get error package nethserver-hotsync not found).
This then goes against the instructions here; http://docs.nethserver.org/en/v7/hotsync.html
“hotsync-slave” script extracts from MASTER configuration backup the list of packages to install and install them.
It just installs the packages from master not installed already on slave every night, so it should be enough to just do hotsync-promote because usually installed modules are not changed since the last run of hotsync-promote. In other words: There’s no need to run hotsync-slave manually.
