Howto install guacamole

Thanks @sharpec, great work :clap:, I added it to the howto. LDAP works like a charm.
AD only worked when setting ldap server require strong auth = no in the smb.conf of the AD container.
I couldn’t make AD work with SSL, I tried to import the NS cert to java keystore with keytool but I am afraid a self-signed cert is not working. I assume it works with a letsencrypt cert…

1 Like

great work @sharpec thank you (and of course to @mrmarkuz) :clap:
just tested with an external 2012R2 AD (the ns7 is not joined to AD)
i had to adapt a little bit the config file:

# LDAP properties
ldap-hostname: ad.yourdomain.demo
ldap-port: 3268 #some problems with port 389 and AD on 2012R2
ldap-user-base-dn: CN=Users,DC=yourdomain,DC=demo
#ldap-encryption-method:none #disable encryption
ldap-user-base-dn: dc=yourdomain,dc=demo
ldap-search-bind-dn: cn=ldapservice,CN=Users,dc=yourdomain,dc=demo
ldap-search-bind-password: yourpassword
ldap-username-attribute:   sAMAccountName


Finally got down to installing Guacamole on NethServer - and it works really great!

Where do I find the NS container to do this:

Great work!


1 Like


Great work!

A small bug it seems: Inside the Web-GUI, guacadmin can’t change his own password, even if set in the Users section of the config.


Changing the password using PHPMyAdmin works.
However, that needs a second user with the correct password, as MySQL only saves the salt and the hash, but not the password itself…
That password hash and salt can be copied to guacadmin, that will work.



1 Like

some more test… i had problem in upload/download file from ssh backend server
following manual
if someone has the same problem, at the end this config seems to work for me

SSLProxyEngine on
ProxyPass /guacamole http://localhost:8080/guacamole  flushpackets=on
ProxyPassReverse /guacamole http://localhost:8080/guacamole
<Location /guacamole>

<Location /guacamole/websocket-tunnel>
    Order allow,deny
    Allow from all
    ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
    ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel

honestly, i’m not sure if i have changed something else, working on it now and then :frowning:
as soon as i have time i’ll try with a new install

1 Like

A first draft nethserver-guacamole package is ready to be tested! Don’t use in production!

Local LDAP works, AD makes problems with self-signed certificates so we may import a valid letsencrypt cert to the samba container as described here
Be patient at installation, guacamole is compiled in the background…


As an aside, if you use DNS validation for the Let’s Encrypt certificates, you don’t need to have a public A/CNAME record for your hostname. I’ve posted some other information here on implementing DNS validation:

This way, you could get a cert for ad.yourdomain.tld (or whatever), without having that domain resolve, on the public Internet, to your domain controller. Since I moved my DNS hosting to Cloudflare, I’ve used the technique I posted in the wiki for most of my internal resources. But now that I’ve put acme-dns onto my Neth box (as described in the first link), I think I’m going to move that way, so I don’t need to have as many copies of my Cloudflare API key floating around.

1 Like

That’s a HUGE news! Thanks this is awesome


Will be in core for 7.5


I am trying to get guacamole to work on my machine but get the following message when trying to access the app.
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

I searched the log files from log viewer and attaching everything I could find then searched for the word Guacamole.

Thanks in advance for your help!

Did you setup guacamole manually from the howto or did you install the module?

It seems like the guacamole db user credentials are wrong:

### Error querying database. Cause: java.sql.SQLException: Access denied for user 'guacamole'@'localhost' (using password: YES)

I installed the module. Is there any way to uninstall and redo it?

Yes, you may remove module, src and database and install it again:

yum remove nethserver-guacamole
rm -Rf /usr/local/src/guacamole/
drop database guacamole;
yum install nethserver-guacamole

No luck…

Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Please check if tomcat is running and if there are errors:

systemctl status tomcat -l

Same with mariadb:

systemctl status mariadb -l

Try to restart the services:

systemctl restart mariadb tomcat

I think it has something to do with mariadb.

[root@gateway ~]# mysql
ERROR 1045 (28000): Access denied for user ‘root’@‘localhost’ (using password: YES)
[root@gateway ~]# sudo mysql -uroot -p

Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 32
Server version: 5.5.56-MariaDB MariaDB Server

Copyright © 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]>

I believe the database is not even getting installed.

Normally root can login without password. Did you change the mysql root password?

You may use cat ~/.my.cnf to get the mysql root password and then login to mysql and reset the password:


That may be because root is used to create database and users.

MariaDB [(none)]> alter user root set password = ‘UY4_FzRrsMYs7D1q’;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘use r root set password = ‘UY4_FzRrsMYs7D1q’’ at line 1
MariaDB [(none)]>

MariaDB [(none)]> UPDATE user SET password=password(‘UY4_FzRrsMYs7D1q’) WHERE user=‘root’; ERROR 1046 (3D000): No database selected
MariaDB [(none)]>

Not sure what I am doing wrong, but it seems like there is no database present. Any other ideas’? Should I reinstall everything from scratch(including Neth Server??

No, that’s not necessary. These commands should work to set the password:

MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('UY4_FzRrsMYs7D1q') WHERE User = 'root' AND Host = 'localhost';
MariaDB [(none)]> flush privileges;

Now you should be able to login to mysql as root without password.

[root@testserver ~]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.

You may reconfigure guacamole with signal-event nethserver-guacamole-update. This way the database should be created correctly.

MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD(‘UY4_FzRrsMYs7D1q’) WHERE User = ‘root’ AND Host = ‘localhost’;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit

[root@gateway ~]# mysql
ERROR 1045 (28000): Access denied for user ‘root’@‘localhost’ (using password: YES)

Still the same…but the password is changed.