mm yes it is 0.8.4…i have no problem with old version if stable and no bug
it fits my needs with no effort
So big differences between 0.9.6 and 0.8.4 ?
Quite a bit has been changed and improved since 0.8.4.
I can’t find the guacamole package on epel, any hint? Already installed others rpms
if you vant to try guacamole 0.9.9 on Centos 6/7:
yum install -y wget
wget http://sourceforge.net/projects/guacamoleinstallscript/files/CentOS/guacamole-install-script.sh
chmod +x guacamole-install-script.sh
./guacamole-install-script.sh
Follow the wizard and then go to:
https://host/guacamole
More info on the Guacamole Install Script page
Task of this script:
Install Packages Dependencies
Download Guacamole and MySQL Connector packages
Install Guacamole Server
Install Guacamole Client
Install MySQL Connector
Configure MariaDB or MySQL
Setting Tomcat Server
Generates a Java KeyStore for SSL Support
Install and Setting Nginx Proxy (SPDY enabled)
Generates a Self-Signed Certificate for SSL Support
Configure SELinux for Nginx Proxy
Configure FirewallD or iptables
Not sure if this was already posted somewhere on these boards, but I would like to point out it is possible to have a little basic rebranding of the login page by editing a few files in a .jar guacamole extension file and having tomcat load it
This was tested on Guacamole 0.9.9 installed on NS 6.8
Credits go to Justine Arendt from https://sourceforge.net/p/guacamole/discussion/1110834/thread/be2a6785/
Download the generic-customize-extension.jar from the post above
Open it with 7zip
Edit the files inside to fit your needs
Image files in \web\images\ edit the background and logo images on login page
CSS file for login page is in \web\ folder
Files in \translations\ folder changes text above user/pwd boxes
Place the jar file into /var/lib/guacamole/extensions/
service tomcat restart
Very useful, thanks for sharing!
Is anyone interested in making some tests with this package?
@Adam @jackyes @Ctek @Hunv @enzo@edi @dz00te
I am!
I installed guacamole incubating 0.9.10 a few days ago on NS 6* as they have a RC posted in the mailing list
The latest version adds desktop sharing with outsiders with temporary links, screen recording, improved ctrl-c ctrl-v and some more
http://guacamole.incubator.apache.org/releases/0.9.10-incubating/
really neat
how can we test it?
Edit: just came to mind, i couldn’t install on NS 7 as i couldn’t find one of the required package to build guacamole with all functions, so i installed it on NS 6
I’m testing the LDAP connector on a test machine and it works on the openLDAP that Nethserver provides, users created from the web ui of NS can login to Guacamole, but only if i enable anonymous bind on the LDAP with
perl -MNethServer::Directory -e ‘$l = NethServer::Directory->new(); $l->enforceAccessDirective(“by anonymous read”, “*”);’
i couldn’t find a way to read the LDAP from guac otherwise…
Any tip on browsing the LDAP without anon access? Or is that OK?
Following http://docs.nethserver.org/projects/nethserver-devel/en/latest/directory.html i understand i should maybe use service account, but how exactly? Any hints?
Also, since guac uses an ldif to extend the ldap schema, i then use ldapadd to add users and their custom attributes, which password should i use to write tho?
For what I understood you have two users who can bind the ldap directory.
ldapservice -> only read access
libuser -> write access restricted to the localhost
all password can be found in /var/lib/nethserver/secrets/
in guac you need to give a user with its password
Guacamole is also one of those edu applications that could make NS7 the perfect edu server. So yes, please add it as a module…
Maybe NetForge should get an edu chapter…
It would be great! Edu section
Thank you, managed to get the BIND right and can now login to guac with both ldap and mysql users
I cannot however use ldapadd to add new connections for users to use, neither ldapservice nor libuser have enough rights to do that, or maybe i should adjust the ACL to permit write access to the new fields that were added with the expanded schema…
Creating an ldif file like ssh-host.ldif:
dn: cn=ssh-localhost,ou=Groups,dc=directory,dc=nh
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: ssh-localhost
guacConfigProtocol: ssh
guacConfigParameter: hostname=localhost
guacConfigParameter: port=222
member: cn=davide,ou=People,dc=directory,dc=nh
ldapadd -x -D cn=libuser,dc=directory,dc=nh -W -f ssh-host.ldif
Enter LDAP Password:
adding new entry "cn=ssh-localhost,ou=Groups,dc=directory,dc=nh"
ldap_add: Insufficient access (50)
additional info: no write access to parent
Although that is not mandatory, because guacamole uses both database backends at the same time, it can authenticate against ldap, and use mysql to store users connection data, just needs an account with the same name to exist there and everything seems to work
@davidep is the better interlocutor than me to speak about ldap, but I guess it is not a good idea to write information in ldap, it is here to store really sensitive informations. The idea to store guac informations in a mysql database sounds better.
Bumping this to let everyone know Guacamole 0.9.10-Incubating is now officially out, this is the first release since it was added to apache incubator
https://guacamole.incubator.apache.org/releases/0.9.10-incubating/
Cheers!
I’d like to add this amazing module to NethServer. How can we start? Any volunteer?
I can offer a prize
@Adam @jackyes @edi @Ctek @sitz @Hunv @dz00te @edi
I should have a working howto for Guacamole 0.9.10 on NS7, which is pretty much the same as the one posted by Adam plus other things to use its latest features and Letsencrypt
Would that be useful to start?