On Fri, Mar 26, 2021 at 3:56 AM Passerini Marco <[email protected]> wrote:
> Hi, > > Ok I did a bit of a cleanup and those errors are now gone. But I still > cannot authenticate.. this is what I get: > > [root@mfa-guacamole guacamole]# find /etc/guacamole/ > /etc/guacamole/ > /etc/guacamole/guacamole-1.3.0.war > /etc/guacamole/lib > /etc/guacamole/extensions > /etc/guacamole/guacd.conf > /etc/guacamole/logback.xml > /etc/guacamole/guacamole.properties > > Looks okay. > > [root@mfa-guacamole guacamole]# ls -lah /usr/share/tomcat/.guacamole > lrwxrwxrwx. 1 root root 14 Mar 25 10:13 /usr/share/tomcat/.guacamole -> > /etc/guacamole > > This should not be necessary in recent versions of Guacamole. /etc/guacamole is already considered the default location for Guacamole configuration. > [root@mfa-guacamole guacamole]# ls -lah > /var/lib/tomcat/webapps/guacamole-1.3.0.war > lrwxrwxrwx. 1 root root 34 Mar 25 14:56 > /var/lib/tomcat/webapps/guacamole-1.3.0.war -> > /etc/guacamole/guacamole-1.3.0.war > > Okay, this should be fine. Not really necessary - the WAR file is expendable, and I don't know that there's any reason not to just place the file directly into the webapps directory? > # this might not be the conventional location for these.. but it seem to > work? > > [root@mfa-guacamole guacamole]# ls -lah > /var/lib/tomcat/webapps/guacamole-1.3.0/WEB-INF/lib/guacamole-auth-jdbc-postgresql-1.3.0.jar > > -rw-r--r--. 1 tomcat tomcat 5.5M Mar 26 08:14 > /var/lib/tomcat/webapps/guacamole-1.3.0/WEB-INF/lib/guacamole-auth-jdbc-postgresql-1.3.0.jar > [root@mfa-guacamole guacamole]# ls -lah > /var/lib/tomcat/webapps/guacamole-1.3.0/WEB-INF/lib/postgresql-42.2.19.jar > -rw-r--r--. 1 tomcat tomcat 982K Mar 25 15:23 > /var/lib/tomcat/webapps/guacamole-1.3.0/WEB-INF/lib/postgresql-42.2.19.jar > > I would not do this, and, no, I do not think it's working. First, if Tomcat ever decides to re-deploy the Guacamole WAR file, you *WILL* lose all of this. Second, I don't think Guacamole will pick up the authentication extensions, here (see below). > > Mar 26 08:47:36 mfa-guacamole server: 08:47:36.962 [http-bio-8080-exec-7] > DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file > "/usr/share/tomcat/.guacamole/user-mapping.xml" does not exist and will not > be read. > Mar 26 08:47:36 mfa-guacamole server: 08:47:36.964 [http-bio-8080-exec-7] > DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt > from 148.187.134.75 failed. > Mar 26 08:47:36 mfa-guacamole server: 08:47:36.964 [http-bio-8080-exec-7] > DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Permission > Denied. > Mar 26 08:47:41 mfa-guacamole server: 08:47:41.456 [http-bio-8080-exec-1] > DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file > "/usr/share/tomcat/.guacamole/user-mapping.xml" does not exist and will not > be read. > Mar 26 08:47:41 mfa-guacamole server: 08:47:41.472 [http-bio-8080-exec-1] > WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from > 148.187.134.75 for user "guacadmin" failed. > Mar 26 08:47:41 mfa-guacamole server: 08:47:41.472 [http-bio-8080-exec-1] > DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Permission > Denied. > > > There is no indication in the log file, here, that the JDBC module is actually getting loaded or processed - I don't see any references, here, to the module. You should place the JDBC extension JAR in /etc/guacamole/extensions, and the PostgreSQL JDBC driver JAR in /etc/guacamole/lib. You're doing a lot of extra stuff, here - I highly suggest you follow the instructions in the manual a little more closely and avoid some of the extras, here, at least until you get a working configuration. http://guacamole.apache.org/doc/gug/jdbc-auth.html -Nick >
