Hi,
Ok thanks, I did the cleanup you mentioned.. and I also disabled SELinux. After several attempts I got it to work, not sure what was wrong, possible a combination of things. Thanks! Marco Passerini ________________________________ From: Nick Couchman <[email protected]> Sent: Saturday, March 27, 2021 2:07:24 AM To: [email protected] Subject: Re: Problems with Postgres DB authentication On Fri, Mar 26, 2021 at 3:56 AM Passerini Marco <[email protected]<mailto:[email protected]>> wrote: Hi, Ok I did a bit of a cleanup and those errors are now gone. But I still cannot authenticate.. this is what I get: [root@mfa-guacamole guacamole]# find /etc/guacamole/ /etc/guacamole/ /etc/guacamole/guacamole-1.3.0.war /etc/guacamole/lib /etc/guacamole/extensions /etc/guacamole/guacd.conf /etc/guacamole/logback.xml /etc/guacamole/guacamole.properties Looks okay. [root@mfa-guacamole guacamole]# ls -lah /usr/share/tomcat/.guacamole lrwxrwxrwx. 1 root root 14 Mar 25 10:13 /usr/share/tomcat/.guacamole -> /etc/guacamole This should not be necessary in recent versions of Guacamole. /etc/guacamole is already considered the default location for Guacamole configuration. [root@mfa-guacamole guacamole]# ls -lah /var/lib/tomcat/webapps/guacamole-1.3.0.war lrwxrwxrwx. 1 root root 34 Mar 25 14:56 /var/lib/tomcat/webapps/guacamole-1.3.0.war -> /etc/guacamole/guacamole-1.3.0.war Okay, this should be fine. Not really necessary - the WAR file is expendable, and I don't know that there's any reason not to just place the file directly into the webapps directory? # this might not be the conventional location for these.. but it seem to work? [root@mfa-guacamole guacamole]# ls -lah /var/lib/tomcat/webapps/guacamole-1.3.0/WEB-INF/lib/guacamole-auth-jdbc-postgresql-1.3.0.jar -rw-r--r--. 1 tomcat tomcat 5.5M Mar 26 08:14 /var/lib/tomcat/webapps/guacamole-1.3.0/WEB-INF/lib/guacamole-auth-jdbc-postgresql-1.3.0.jar [root@mfa-guacamole guacamole]# ls -lah /var/lib/tomcat/webapps/guacamole-1.3.0/WEB-INF/lib/postgresql-42.2.19.jar -rw-r--r--. 1 tomcat tomcat 982K Mar 25 15:23 /var/lib/tomcat/webapps/guacamole-1.3.0/WEB-INF/lib/postgresql-42.2.19.jar I would not do this, and, no, I do not think it's working. First, if Tomcat ever decides to re-deploy the Guacamole WAR file, you *WILL* lose all of this. Second, I don't think Guacamole will pick up the authentication extensions, here (see below). Mar 26 08:47:36 mfa-guacamole server: 08:47:36.962 [http-bio-8080-exec-7] DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file "/usr/share/tomcat/.guacamole/user-mapping.xml" does not exist and will not be read. Mar 26 08:47:36 mfa-guacamole server: 08:47:36.964 [http-bio-8080-exec-7] DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from 148.187.134.75 failed. Mar 26 08:47:36 mfa-guacamole server: 08:47:36.964 [http-bio-8080-exec-7] DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Permission Denied. Mar 26 08:47:41 mfa-guacamole server: 08:47:41.456 [http-bio-8080-exec-1] DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file "/usr/share/tomcat/.guacamole/user-mapping.xml" does not exist and will not be read. Mar 26 08:47:41 mfa-guacamole server: 08:47:41.472 [http-bio-8080-exec-1] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 148.187.134.75 for user "guacadmin" failed. Mar 26 08:47:41 mfa-guacamole server: 08:47:41.472 [http-bio-8080-exec-1] DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Permission Denied. There is no indication in the log file, here, that the JDBC module is actually getting loaded or processed - I don't see any references, here, to the module. You should place the JDBC extension JAR in /etc/guacamole/extensions, and the PostgreSQL JDBC driver JAR in /etc/guacamole/lib. You're doing a lot of extra stuff, here - I highly suggest you follow the instructions in the manual a little more closely and avoid some of the extras, here, at least until you get a working configuration. http://guacamole.apache.org/doc/gug/jdbc-auth.html -Nick
