RE: Configuring LDAP
I set SELinux to permissive and put the LDAP extension back (its under /usr/share/tomcat/.guacamole/extensions), restarted tomcat and guacd, and try to log in using an LDAP user. I click Login and on the Network tab, it shows tokens (/guacamole/api/tokens) as having a “pending” status. Never gets any further. Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Monday, November 20, 2017 2:04 PM To: user@guacamole.apache.org Subject: Re: Configuring LDAP On Mon, Nov 20, 2017 at 1:52 PM, mailto:harry.dev...@faa.gov>> wrote: We’re using Red Hat Enterprise Linux 7.4 with SELinux set to enforcing. I disabled the LDAP extension and just used MySQL for the guacadmin user and could log in. I do see the following information in /var/log/messages: This sounds like the server-side, but are you able to temporarily disable SELinux (set it to permissive mode, "setenforce 0") and then restart Tomcat and see if it works with LDAP? I'm not suggesting this as a long-term fix, just long enough to validate whether SELinux is, indeed, blocking LDAP traffic, or if it's still something else? -Nick
Re: Clipboard support using guacamole-common-js API
Hi Mike,
I enabled Ctrl + V ( Paste Event ) >> then updated the guacClipboard
<< $scope.$broadcast('guacClipboard', data); >> .
Issue : It was sending Ctrl + V keys to the server and then the clipboard
data , therefore server is pasting older data and on the next Ctrl + v , it
is pasting the correct data.
I stopped the guackeyDown broadcast <<
$scope.$broadcast('guacBeforeKeyup', keysym, keyboard); >> only for Ctrl +
V and first sent the clipboard data to the server, now data is updated on
the server >> then used guacSyntheticKeydown to send ctrl and V keys .
It is copying the correct data but with an issue.
Issue : Suppose I have this text on the Notepad of the remote server "
Guacamole | " , As you see the cursor is after the space, when I paste
text "amarjeet" from local to remote it becomes
"Guacamoleamarjeet" : The space is not there.
Please share your suggestions. I would be very grateful to you.
I am looking into it.
Thanks and Regards,
Amarjeet Singh
On Sat, Nov 18, 2017 at 10:23 AM, Mike Jumper
wrote:
> On Nov 17, 2017 17:40, "Amarjeet Singh" wrote:
>
> ...
> I have added the clipboard support without any plugins or without pressing
> ctrl+shift+alt. for all browsers.
>
>
> Can you describe the nature of your changes?
>
> - Mike
>
>
Re: Clipboard support using guacamole-common-js API
@Mike : It is working : I am not facing the above issue as of now. I might
be sending the wrong keys.
On Tue, Nov 21, 2017 at 7:27 PM, Amarjeet Singh
wrote:
> Hi Mike,
>
> I enabled Ctrl + V ( Paste Event ) >> then updated the guacClipboard
> << $scope.$broadcast('guacClipboard', data); >> .
>
> Issue : It was sending Ctrl + V keys to the server and then the
> clipboard data , therefore server is pasting older data and on the next
> Ctrl + v , it is pasting the correct data.
>
> I stopped the guackeyDown broadcast << $scope.$broadcast('guacBeforeKeyup',
> keysym, keyboard); >> only for Ctrl + V and first sent the clipboard data
> to the server, now data is updated on the server >> then used
> guacSyntheticKeydown to send ctrl and V keys .
>
> It is copying the correct data but with an issue.
>
>
> Issue : Suppose I have this text on the Notepad of the remote server "
> Guacamole | " , As you see the cursor is after the space, when I paste
> text "amarjeet" from local to remote it becomes
>
> "Guacamoleamarjeet" : The space is not there.
>
>
> Please share your suggestions. I would be very grateful to you.
>
> I am looking into it.
>
> Thanks and Regards,
> Amarjeet Singh
>
> On Sat, Nov 18, 2017 at 10:23 AM, Mike Jumper
> wrote:
>
>> On Nov 17, 2017 17:40, "Amarjeet Singh" wrote:
>>
>> ...
>> I have added the clipboard support without any plugins or without
>> pressing ctrl+shift+alt. for all browsers.
>>
>>
>> Can you describe the nature of your changes?
>>
>> - Mike
>>
>>
>
Re: Configuring LDAP
On Tue, Nov 21, 2017 at 8:10 AM, wrote: > I set SELinux to permissive and put the LDAP extension back (its under > /usr/share/tomcat/.guacamole/extensions), restarted tomcat and guacd, and > try to log in using an LDAP user. I click Login and on the Network tab, it > shows tokens (/guacamole/api/tokens) as having a “pending” status. Never > gets any further. > > > > Harry > > > > *From:* Nick Couchman [mailto:vn...@apache.org] > *Sent:* Monday, November 20, 2017 2:04 PM > *To:* user@guacamole.apache.org > *Subject:* Re: Configuring LDAP > > > > On Mon, Nov 20, 2017 at 1:52 PM, wrote: > > We’re using Red Hat Enterprise Linux 7.4 with SELinux set to enforcing. I > disabled the LDAP extension and just used MySQL for the guacadmin user and > could log in. I do see the following information in /var/log/messages: > > > > > > This sounds like the server-side, but are you able to temporarily disable > SELinux (set it to permissive mode, "setenforce 0") and then restart Tomcat > and see if it works with LDAP? I'm not suggesting this as a long-term fix, > just long enough to validate whether SELinux is, indeed, blocking LDAP > traffic, or if it's still something else? > > > > -Nick >
Re: Configuring LDAP
On Tue, Nov 21, 2017 at 8:10 AM, wrote: > I set SELinux to permissive and put the LDAP extension back (its under > /usr/share/tomcat/.guacamole/extensions), restarted tomcat and guacd, and > try to log in using an LDAP user. I click Login and on the Network tab, it > shows tokens (/guacamole/api/tokens) as having a “pending” status. Never > gets any further. > > > Okay...on the system where you're running Tomcat, can you make sure the OpenLDAP client utilities are installed and then use "ldapsearch" to query the same LDAP server that you're trying to use in Guacamole? Something like this: ldapsearch -H ldap:// -D -W -b cn= ...substituting in the above parameters and make sure you get a response? -Nick
No logs, failed to login
I'm running guacamole under tomcat8. I setup tomcat8 following this tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-ubuntu-16-04 I've built the guacd service and client, and deployed the client to tomcat8. I've set the invornment variable for GUACAMOLE_HOME to point to /etc/guacamole (for both my user steve, and root just in case). Inside of /etc/guacamole i have 3 files, guacamole.properties, user-mapping.xml, guacd.conf guacamole.properties contains: guacd-hostname: localhost guacd-port: 4822 user-mapping.xml contains: rdp localhost 3389 guacd.conf contains: # # guacd configuration file # [daemon] pid_file = /var/run/guacd.pid log_level = info [server] bind_host = localhost bind_port = 4822 I can navigate to the guacamole page at localhost:8080/guacamole but if i try to login with admin, abc123 i get an invalid login error. My /var/log/tomcat8 folder has no log files in it at all. Syslog only shows the following (i restarted guacd service): Nov 21 13:51:55 debian guacd[2203]: Guacamole proxy daemon (guacd) version 0.9.13-incubating started Nov 21 13:51:55 debian guacd[2200]: Starting guacd: guacd[2203]: INFO:#011Guacamole proxy daemon (guacd) version 0.9.13-incubating started Nov 21 13:51:55 debian guacd[2200]: SUCCESS Nov 21 13:51:55 debian systemd[1]: Started LSB: Guacamole proxy daemon. Nov 21 13:51:55 debian guacd[2205]: Listening on host 127.0.0.1, port 4822 Nov 21 13:51:56 debian systemd[1]: Started Cleanup of Temporary Directories. No further logs are generated, what do i do?
Re: No logs, failed to login
On Tue, Nov 21, 2017 at 10:53 AM, dirtbikersteve . wrote: >... > > I've built the guacd service and client, and deployed the client to tomcat8. > I've set the invornment variable for GUACAMOLE_HOME to point to > /etc/guacamole (for both my user steve, and root just in case). > You would be better off using the default GUACAMOLE_HOME location of ".guacamole" within the home directory of the Tomcat user, in your case most likely the "tomcat8" user. Doing so would not require explicitly setting GUACAMOLE_HOME to anything. Otherwise, setting environment variables such that Tomcat will expose them to the web application is complicated. Simply setting them in the profile for users, even the root user, will not have any effect on service users like the Tomcat user. The Tomcat service will set up its own, clean environment, and has its own mechanism for allowing environment variables to be set. This mechanism tends to vary by distribution, so I highly recommend simply using ".guacamole" as described above. > ... > I can navigate to the guacamole page at localhost:8080/guacamole but if i > try to login with admin, abc123 i get an invalid login error. My > /var/log/tomcat8 folder has no log files in it at all. Syslog only shows the > following (i restarted guacd service): > Nov 21 13:51:55 debian guacd[2203]: Guacamole proxy daemon (guacd) version > 0.9.13-incubating started > Nov 21 13:51:55 debian guacd[2200]: Starting guacd: guacd[2203]: > INFO:#011Guacamole proxy daemon (guacd) version 0.9.13-incubating started > Nov 21 13:51:55 debian guacd[2200]: SUCCESS > Nov 21 13:51:55 debian systemd[1]: Started LSB: Guacamole proxy daemon. > Nov 21 13:51:55 debian guacd[2205]: Listening on host 127.0.0.1, port 4822 > Nov 21 13:51:56 debian systemd[1]: Started Cleanup of Temporary Directories. > > No further logs are generated, what do i do? The Tomcat logs are what you would need to locate. If you don't see a file like "catalina.out" in /var/log/tomcat8, the Tomcat service may have been configured to log to the systemd journal (journalctl) by default. I would check there and, failing that, the documentation of your distribution. They may have documented where the Tomcat logs can be found. - Mike
Re: No logs, failed to login
Wow, i've wasted so much time. Moving all my stuff to /opt/tomcat/.guacamole fixed everything. Also i think the configuration web page: https://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html should mention that all of these files must be manually created, i was under the impression for a while that these were auto-generated. Regardless, thanks! On Tue, Nov 21, 2017 at 2:05 PM, Mike Jumper wrote: > On Tue, Nov 21, 2017 at 10:53 AM, dirtbikersteve . > wrote: > >... > > > > I've built the guacd service and client, and deployed the client to > tomcat8. > > I've set the invornment variable for GUACAMOLE_HOME to point to > > /etc/guacamole (for both my user steve, and root just in case). > > > > You would be better off using the default GUACAMOLE_HOME location of > ".guacamole" within the home directory of the Tomcat user, in your > case most likely the "tomcat8" user. Doing so would not require > explicitly setting GUACAMOLE_HOME to anything. > > Otherwise, setting environment variables such that Tomcat will expose > them to the web application is complicated. Simply setting them in the > profile for users, even the root user, will not have any effect on > service users like the Tomcat user. The Tomcat service will set up its > own, clean environment, and has its own mechanism for allowing > environment variables to be set. This mechanism tends to vary by > distribution, so I highly recommend simply using ".guacamole" as > described above. > > > ... > > I can navigate to the guacamole page at localhost:8080/guacamole but if i > > try to login with admin, abc123 i get an invalid login error. My > > /var/log/tomcat8 folder has no log files in it at all. Syslog only shows > the > > following (i restarted guacd service): > > Nov 21 13:51:55 debian guacd[2203]: Guacamole proxy daemon (guacd) > version > > 0.9.13-incubating started > > Nov 21 13:51:55 debian guacd[2200]: Starting guacd: guacd[2203]: > > INFO:#011Guacamole proxy daemon (guacd) version 0.9.13-incubating started > > Nov 21 13:51:55 debian guacd[2200]: SUCCESS > > Nov 21 13:51:55 debian systemd[1]: Started LSB: Guacamole proxy daemon. > > Nov 21 13:51:55 debian guacd[2205]: Listening on host 127.0.0.1, port > 4822 > > Nov 21 13:51:56 debian systemd[1]: Started Cleanup of Temporary > Directories. > > > > No further logs are generated, what do i do? > > The Tomcat logs are what you would need to locate. If you don't see a > file like "catalina.out" in /var/log/tomcat8, the Tomcat service may > have been configured to log to the systemd journal (journalctl) by > default. I would check there and, failing that, the documentation of > your distribution. They may have documented where the Tomcat logs can > be found. > > - Mike >
RE: Configuring LDAP
OK, took me a little bit to weed through some OpenLDAP config issues (it wasn’t installed on the server I have guacamole installed on; didn’t realize that at first), but I got the ldapsearch working. So I re-enabled the LDAP parameters and tried again. The page shows “Invalid Login”, but the following is displayed in the /var/log/messages: Nov 21 14:56:15 access server: 14:56:15.495 [http-bio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error Nov 21 14:56:15 access server: 14:56:15.495 [http-bio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN ""cn=My User"" Nov 21 14:56:15 access server: 14:56:15.496 [http-bio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 172.31.26.216 for user "harry.devine" failed. I have the LDAP parameters defined as follows in guacamole properties (I am masking the usernames and such): ldap-hostname="my-host" ldap-port=636 ldap-search-bind-dn="cn=My User" ldap-search-bind-password="Pass123" ldap-user-base-dn="dc=my,dc=example,dc=com" ldap-username-attribute="cn=users,cn=accounts,dc=my,dc=example,dc=com" ldap-group-base-dn="cn=groups,cn=accounts,dc=my,dc=example,dc=com" Ideas? Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Tuesday, November 21, 2017 9:20 AM To: user@guacamole.apache.org Subject: Re: Configuring LDAP On Tue, Nov 21, 2017 at 8:10 AM, mailto:harry.dev...@faa.gov>> wrote: I set SELinux to permissive and put the LDAP extension back (its under /usr/share/tomcat/.guacamole/extensions), restarted tomcat and guacd, and try to log in using an LDAP user. I click Login and on the Network tab, it shows tokens (/guacamole/api/tokens) as having a “pending” status. Never gets any further. Okay...on the system where you're running Tomcat, can you make sure the OpenLDAP client utilities are installed and then use "ldapsearch" to query the same LDAP server that you're trying to use in Guacamole? Something like this: ldapsearch -H ldap:// -D -W -b cn= ...substituting in the above parameters and make sure you get a response? -Nick
RE: Configuring LDAP
Here is mine.. see if it helps.. the DC is a windows server 2012 r2 server. ldap-hostname: dc01.mydomain.org ldap-port: 3268 ldap-user-base-dn: DC=mydomain, DC=org ldap-search-bind-dn: CN=mysecretlookupuser, CN=Users, DC= mydomain, DC=org ldap-search-bind-password: Mysecret password ldap-username-attribute: sAMAccountName In the past I have had issues with using something other than the Base DN. Also, In my configs the spacing DOES Matter.. r From: harry.dev...@faa.gov [mailto:harry.dev...@faa.gov] Sent: Tuesday, November 21, 2017 2:01 PM To: user@guacamole.apache.org Subject: RE: Configuring LDAP OK, took me a little bit to weed through some OpenLDAP config issues (it wasn’t installed on the server I have guacamole installed on; didn’t realize that at first), but I got the ldapsearch working. So I re-enabled the LDAP parameters and tried again. The page shows “Invalid Login”, but the following is displayed in the /var/log/messages: Nov 21 14:56:15 access server: 14:56:15.495 [http-bio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error Nov 21 14:56:15 access server: 14:56:15.495 [http-bio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN ""cn=My User"" Nov 21 14:56:15 access server: 14:56:15.496 [http-bio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 172.31.26.216 for user "harry.devine" failed. I have the LDAP parameters defined as follows in guacamole properties (I am masking the usernames and such): ldap-hostname="my-host" ldap-port=636 ldap-search-bind-dn="cn=My User" ldap-search-bind-password="Pass123" ldap-user-base-dn="dc=my,dc=example,dc=com" ldap-username-attribute="cn=users,cn=accounts,dc=my,dc=example,dc=com" ldap-group-base-dn="cn=groups,cn=accounts,dc=my,dc=example,dc=com" Ideas? Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Tuesday, November 21, 2017 9:20 AM To: user@guacamole.apache.org Subject: Re: Configuring LDAP On Tue, Nov 21, 2017 at 8:10 AM, wrote: I set SELinux to permissive and put the LDAP extension back (its under /usr/share/tomcat/.guacamole/extensions), restarted tomcat and guacd, and try to log in using an LDAP user. I click Login and on the Network tab, it shows tokens (/guacamole/api/tokens) as having a “pending” status. Never gets any further. Okay...on the system where you're running Tomcat, can you make sure the OpenLDAP client utilities are installed and then use "ldapsearch" to query the same LDAP server that you're trying to use in Guacamole? Something like this: ldapsearch -H ldap:// -D -W -b cn= ...substituting in the above parameters and make sure you get a response? -Nick
RE: Configuring LDAP
Restart tomcat Service tomcat restart.. Tail –f /var/log/messages Authenticated From: harry.dev...@faa.gov [mailto:harry.dev...@faa.gov] Sent: Tuesday, November 21, 2017 2:01 PM To: user@guacamole.apache.org Subject: RE: Configuring LDAP OK, took me a little bit to weed through some OpenLDAP config issues (it wasn’t installed on the server I have guacamole installed on; didn’t realize that at first), but I got the ldapsearch working. So I re-enabled the LDAP parameters and tried again. The page shows “Invalid Login”, but the following is displayed in the /var/log/messages: Nov 21 14:56:15 access server: 14:56:15.495 [http-bio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error Nov 21 14:56:15 access server: 14:56:15.495 [http-bio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN ""cn=My User"" Nov 21 14:56:15 access server: 14:56:15.496 [http-bio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 172.31.26.216 for user "harry.devine" failed. I have the LDAP parameters defined as follows in guacamole properties (I am masking the usernames and such): ldap-hostname="my-host" ldap-port=636 ldap-search-bind-dn="cn=My User" ldap-search-bind-password="Pass123" ldap-user-base-dn="dc=my,dc=example,dc=com" ldap-username-attribute="cn=users,cn=accounts,dc=my,dc=example,dc=com" ldap-group-base-dn="cn=groups,cn=accounts,dc=my,dc=example,dc=com" Ideas? Harry From: Nick Couchman [mailto:vn...@apache.org] Sent: Tuesday, November 21, 2017 9:20 AM To: user@guacamole.apache.org Subject: Re: Configuring LDAP On Tue, Nov 21, 2017 at 8:10 AM, wrote: I set SELinux to permissive and put the LDAP extension back (its under /usr/share/tomcat/.guacamole/extensions), restarted tomcat and guacd, and try to log in using an LDAP user. I click Login and on the Network tab, it shows tokens (/guacamole/api/tokens) as having a “pending” status. Never gets any further. Okay...on the system where you're running Tomcat, can you make sure the OpenLDAP client utilities are installed and then use "ldapsearch" to query the same LDAP server that you're trying to use in Guacamole? Something like this: ldapsearch -H ldap:// -D -W -b cn= ...substituting in the above parameters and make sure you get a response? -Nick
How to hide CD name 'Guacamole RDP G disk'
When i open a remote app, the disk 'Guacamole RDP G' will appear . It's Guacamole RDP setting for this phenomenon ? i cant determine ,but this name is so similarity with Guacamole RDP Can i hide this disk with Guacamole Setting or disappear it with code's modification -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: Clipboard support using guacamole-common-js API
@Mike : I have tested with Chrome, Firefox , Edge and IE.
It's working. I will contribute it to review by Guacamole team or if any
necessary changes required.
On Tue, Nov 21, 2017 at 7:35 PM, Amarjeet Singh
wrote:
> @Mike : It is working : I am not facing the above issue as of now. I
> might be sending the wrong keys.
>
>
>
> On Tue, Nov 21, 2017 at 7:27 PM, Amarjeet Singh
> wrote:
>
>> Hi Mike,
>>
>> I enabled Ctrl + V ( Paste Event ) >> then updated the guacClipboard
>> << $scope.$broadcast('guacClipboard', data); >> .
>>
>> Issue : It was sending Ctrl + V keys to the server and then the
>> clipboard data , therefore server is pasting older data and on the next
>> Ctrl + v , it is pasting the correct data.
>>
>> I stopped the guackeyDown broadcast << $scope.$broadcast('guacBeforeKeyup',
>> keysym, keyboard); >> only for Ctrl + V and first sent the clipboard data
>> to the server, now data is updated on the server >> then used
>> guacSyntheticKeydown to send ctrl and V keys .
>>
>> It is copying the correct data but with an issue.
>>
>>
>> Issue : Suppose I have this text on the Notepad of the remote server "
>> Guacamole | " , As you see the cursor is after the space, when I paste
>> text "amarjeet" from local to remote it becomes
>>
>> "Guacamoleamarjeet" : The space is not there.
>>
>>
>> Please share your suggestions. I would be very grateful to you.
>>
>> I am looking into it.
>>
>> Thanks and Regards,
>> Amarjeet Singh
>>
>> On Sat, Nov 18, 2017 at 10:23 AM, Mike Jumper
>> wrote:
>>
>>> On Nov 17, 2017 17:40, "Amarjeet Singh" wrote:
>>>
>>> ...
>>> I have added the clipboard support without any plugins or without
>>> pressing ctrl+shift+alt. for all browsers.
>>>
>>>
>>> Can you describe the nature of your changes?
>>>
>>> - Mike
>>>
>>>
>>
>
Re: How to hide CD name 'Guacamole RDP G disk'
On Wed, Nov 22, 2017 at 5:09 AM, loumt wrote: > When i open a remote app, the disk 'Guacamole RDP G' will appear . > > It's Guacamole RDP setting for this phenomenon ? i cant determine ,but this > name is so similarity with Guacamole RDP > Yes, that's Guacamole's virtual drive to allow you to transfer files from and to the remote desktop. Can i hide this disk with Guacamole Setting or disappear it with code's > modification > You should be able to disable it using the connection's configuration. Look for 'enable-drive' under RDP section: http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#rdp
Re: Re: How to hide CD name 'Guacamole RDP G disk'
It's cool! I set enable-drive false and the disk that name Guacamole RDP G disk is disappear! Thank for you help! lo...@sanlogic.com From: Or Cohen Date: 2017-11-22 14:59 To: user Subject: Re: How to hide CD name 'Guacamole RDP G disk' On Wed, Nov 22, 2017 at 5:09 AM, loumt wrote: When i open a remote app, the disk 'Guacamole RDP G' will appear . It's Guacamole RDP setting for this phenomenon ? i cant determine ,but this name is so similarity with Guacamole RDP Yes, that's Guacamole's virtual drive to allow you to transfer files from and to the remote desktop. Can i hide this disk with Guacamole Setting or disappear it with code's modification You should be able to disable it using the connection's configuration. Look for 'enable-drive' under RDP section: http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#rdp
