Doesn’t seem to work, I’ve tried all the different encryption methods too, but Zentyal uses port 389, so I assume it’s none.
Now some log entries would be interesting. I don’t know guacamole, but there should be logfiles:
Found this, maybe missing config for AD:
Thanks. It will be Monday before I can try now, but I will update how it
goes with log files.
Reading the links you provided, I think this is too complicated for the time I have right now. I thought this would be simpler, NS itself, and NextCloud have no problem authenticating against Zentyal AD.
I was hoping that someone had this working with Zentyal, or any AD, but it does not seem like this is the case. I will live with just keeping user logins in mysql for now.
Hopefully there is a NS module for Guacamole soon, with AD integrated!
I know I would be willing to test if anyone would be able to tackle this.
Did you try to add this to your guacamole.properties? It doesn’t take much time and maybe it’s the missing property?
I did yes, no difference.
Hi guacamole lovers,
I gave it a try and it’s really nice to have a web based remote desktop/ssh/vnc with connection manager.
yum -y install nethserver-mysql java-1.8.0-devel wget http://sourceforge.net/projects/guacamoleinstallscript/files/CentOS/guacamole-install-script.sh chmod +x guacamole-install-script.sh cat ~/.my.cnf ./guacamole-install-script.sh
Scroll up to copy your mariadb root password from the output of “cat ~/.mycnf” and just paste it:
Enter the root password for MariaDB: YOURMARIADBPW Enter the Guacamole DB name: guacamole Enter the Guacamole DB username: guacamole Enter the Guacamole DB password: guacamole Enter the Java KeyStore password (least 6 characters): guacamole Do you wish to Install the Proxy feature (Nginx)?: no
Then you are asked to complete the Java keystore wizard:
What is your first and last name? [Unknown]: Markus What is the name of your organizational unit? [Unknown]: Users What is the name of your organization? [Unknown]: NethServer What is the name of your City or Locality? [Unknown]: Vienna What is the name of your State or Province? [Unknown]: Vienna What is the two-letter country code for this unit? [Unknown]: AT Is CN=Markus, OU=Users, O=NethServer, L=Vienna, ST=Vienna, C=AT correct? [no]: yes
To allow the ports:
config set fw_guacamole service status enabled TCPPorts 8080,8443 access green signal-event firewall-adjust
Browse to https://YOURNETHSERVER:8443/guacamole/ and login with username and password guacadmin
I could connect to Win Server 2016 via RDP and to Nethserver via SSH. Guacamole rocks!
This explains install from epel but didn’t work for me:
OMG! this is also a killer app!
Great to see this coming to NethServer. Nest step: nethserver-guacamole module! WEEHOO…
Good to know there is a workable way to install it on NethServer. Thanks for updating us
@stephdl did you try epel rpms yet?
need to check my note, but it misses the user interface IIRC
OMG…did I read this right? Guacamole is coming to Nethserver?
I’ve been working a bit with the developer of a script to install Guacamole - https://sourceforge.net/projects/guacamoleinstallscript/?source=navbar.
He was kind enough to upgrade Guacamole to a newer version. But having the ability to add Guacamole to my Nethserver modules would be a holy grail for us.
I’ll keep a watch on this thread and find time for testing.
While I look forward to having Guacamole on my Nethserver, here is a comment on how I’m currently including Guacamole in our office.
I’ve installed a Nextcloud app called External sites. I then used the guacamole install script (link above) to install Guacamole on a separate CentOS server. I’m using my Nextcloud as the gateway to get to my Guacamole server. Think of it as a two factor authentication before access to my network.
External sites is a great app within Nextcloud but currently in Nextcloud 12 I do not have the ability to enable External sites by group. But Nextcloud 13 is going to give me this ability so I’m looking forward to the next version of Nextcloud coming out later this month. We don’t have many people using our Guacamole but it has come in handy on a few occassions. Putting Guacamole behind our Nextcloud install gives me extra piece of mind and I only need to open one firewall rule to my network to my Nextcloud server.
I love that trick, your users think that guacamole is on NethServer
How do you use guacamole? Can you provide us some scenarios?
I installed guacamole using the way you suggested. That way it installs with a selfsigned certificate and everything works well. Thank you very much. Despite I want to enhance 2 things:
- I created a bash-script to copy the LetsEncrypt certificate to the Java key store, so now I don’t get annoying messages anymore about a selfsigned certificate. Is it possible to execute this script automatically after the LetsEncrypt certificate renewal? If yes, can you tell me how?
- Guacamole is listening on port 8443 (https://<FQDN>:8443/guacamole/). On my work I can only access external websites at port 80 or 443, so I still cannot access my computer at home via guacamole. I tried to solve this via reverse proxy (so when I browse to https://<FQDN>/guacamole/, it is proxied to https://<FQDN>:8443/guacamole/), but this only works within my home network. As I cannot create a VPN tunnel from my work to my home network, this still doesn’t work. Is it possible to use reverse proxy from outside my home network? If yes, can you tell me how?
This is great, I am really interested in your script because it may help with other java key store apps.
/usr/libexec/nethserver/letsencrypt-certs is executed daily via
/etc/cron.daily/nethserver-letsencrypt-certs so you may append your script there.
I hope so but I wasn’t able to make it work.
Here is my bash script:
#!/bin/bash #Convert LetsEncrypt certificate to PKCS12 openssl pkcs12 -export -in /etc/letsencrypt/live/<FQDN>/fullchain.pem -inkey /etc/letsencrypt/live/<FQDN>/privkey.pem -out /var/lib/tomcat/webapps/cert.p12 -name guacamole -passout pass:guacamole #Remove old certificate from Java keystore keytool -keystore /var/lib/tomcat/webapps/.keystore -delete -alias guacamole -storepass guacamole -noprompt #Import PKCS12 certificate into Java keystore keytool -importkeystore -deststorepass guacamole -destkeypass guacamole -destkeystore /var/lib/tomcat/webapps/.keystore -srckeystore /var/lib/tomcat/webapps/cert.p12 -srcstoretype PKCS12 -srcstorepass guacamole -noprompt #Remove PKCS12 certificate rm -rf /var/lib/tomcat/webapps/cert.p12 #Restart tomcat systemctl stop tomcat systemctl start tomcat
Howto install guacamole
Guacamole - AD users and hotsync
We are doing things wrong. In the past I programmed apps in NodeJS; those apps were listening on (i.e.) port 3000; then I put Nginx as reverse proxy in front of it; Nginx was handling encryption, and the traffic between Nginx and the app was not encrypted; the app couldn’t be reached from internet directly, only via Nginx.
Here with Guacamole we need to do it the same way, except with Httpd instead of Nginx. So I need to install Guacamole without encryption and Httpd has to proxy the network traffic to the Guacamole port (without encryption). The Guacamole port may only be open for localhost, not for any other network.
On my NethServer I have Apache 2.4.6 running, so according to the Guacamole docs it should be possible to make this work. I will try to configure this in the weekend when there is some time left (probably not so much because of carnaval).
There was already a solution for this:
Thanks, seems I missed this one
There are two examples of how we are using Nextcloud and Guacamole in our small office. The majority of our workstations in our office do not have access to the Internet. These workstations are almost like dumb terminals that are used by operators to do their job(s). We have two external vendors who provide remote support for their applications but for these vendors to get access to one of our workstations, because these workstations are blocked by our firewall the vendor can’t help visually.
For this usecase I’m using Guacamole (though Nextcloud) so our Vendors can login and on Guacamole I’ve provided VNC access (viewer only) to each of our workstations. The Vendor is provided a VNC password to use by the operator. The Vendor can now safely (after logging in essentially three time…once into our Nextcloud, then into Guacamole, and lastly using VNC) into the workstation that needs assistance. I love the fact that in Guacamole each Vendor will only have access to the servers I allow them to view through their Guacamole user Id. As you can see I’m a bit paranoid with people getting in.
One of our senior staff has a need to work from home when allowed by the owners. For these days this user will login through Nextcloud and then using Guacamole they will be able to access their office workstation using RDP.
So far this is working very well for us.