Thanks for the help. I have deleted the “hostname …” material from guacamole.properties and deleted user-mapping.xml. I restarted both apache and vncserver@1.service <mailto:vncserver@1.service>. I then attempted to connect to the VNC service, but experienced similar results:
Dec 22 16:24:24 Mount guacd[1312]: Creating new client for protocol "vnc" Dec 22 16:24:24 Mount guacd[1312]: Connection ID is "$54197cc4-d180-4cea-b87b-8692d796a46b" Dec 22 16:24:24 Mount guacd[7491]: Cursor rendering: local Dec 22 16:24:24 Mount guacd[7491]: User "@43ac8895-c254-47e7-9b7c-1ce132ae6a2b" joined connection "$54197cc4-d180-4cea-b87b-8692d796a46b" (1 users now present) Dec 22 16:24:24 Mount tomcat9[4413]: 16:24:24.489 [http-nio-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService - User "dnessett" connected to connection "2". Dec 22 16:24:24 Mount tomcat9[4413]: 16:24:24.489 [http-nio-8080-exec-4] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Dec 22 16:24:24 Mount guacd[7491]: VNC server supports protocol version 3.8 (viewer 3.8) Dec 22 16:24:24 Mount guacd[7491]: We have 2 security types to read Dec 22 16:24:24 Mount guacd[7491]: 0) Received security type 2 Dec 22 16:24:24 Mount guacd[7491]: Selecting security type 2 (0/2 in the list) Dec 22 16:24:24 Mount guacd[7491]: 1) Received security type 16 Dec 22 16:24:24 Mount guacd[7491]: Selected Security Scheme 2 Dec 22 16:24:24 Mount guacd[7491]: VNC connection failed: Authentication failed Dec 22 16:24:24 Mount guacd[7491]: Unable to connect to VNC server. Dec 22 16:24:24 Mount guacd[7491]: User "@43ac8895-c254-47e7-9b7c-1ce132ae6a2b" disconnected (0 users remain) Dec 22 16:24:24 Mount guacd[7491]: Last user of connection "$54197cc4-d180-4cea-b87b-8692d796a46b" disconnected Dec 22 16:24:24 Mount guacd[1312]: Connection "$54197cc4-d180-4cea-b87b-8692d796a46b" removed. Dec 22 16:24:39 Mount tomcat9[4413]: 16:24:39.554 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "dnessett" disconnected from connection "2". Duration: 15065 milliseconds Dec 22 16:24:39 Mount tomcat9[4413]: 16:24:39.559 [http-nio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Connection to guacd timed out. The only log that seems to have information about the attempted guard -> VNC server connection attempt is syslog. As I stated in my previous email, I don’t know if the username and password associated with the VNC connection should be the guacamole user and pw, the vnc user and pw or the user on the remote host’s username and password. > On Dec 22, 2022, at 2:25 PM, Michael Jumper <mjum...@apache.org> wrote: > > On Thu, Dec 22, 2022 at 1:12 PM Dan Nessett <dness...@yahoo.com.invalid> > wrote: > Now that I have apache configured properly, I am trying to get guacamole to > connect to a vnc server (tightvnc) running on the remote machine. Here is the > listen toplogy: > ... > This shows that tightvnc is listening on 5901, guacd is listening on 4822, > and tomcat on 8080. > > In /etc/guacamole, the guacamole properties are: > > # MySQL properties > mysql-hostname: 127.0.0.1 > mysql-port: 3306 > mysql-database: guacamole_db > mysql-username: guacamole_user > mysql-password: xxxxxxxxxxxxx > > This looks fine but ... > > hostname: 127.0.0.1 > port: 5901 > color-depth: 8 > > None of these are properties - they are connection parameters. Placing these > parameters here as if they were properties will have no effect. > > And user-mapping.xml is: > > You should not use "user-mapping.xml" if you are using a MySQL database. If > you have a database set up, then that's all you need to use and the > "user-mapping.xml" file is no longer needed. You are actually maintaining two > distinct accounts by doing this, and this will lead to further confusion. > > The "user-mapping.xml" file and the database are two separate and independent > authentication mechanisms. Defining a user within "user-mapping.xml" AND > within the database via the UI will mean that you have two distinct accounts: > one with the credentials noted in the XML that will have access to only the > connections defined in the XML, and another with the credentials defined via > the admin UI that will have access only to the connections you have granted > in the UI. > > If the VNC connection itself is not working when you attempt to use it, the > thing to check would be the guacd logs. These should be in syslog (or > systemd's "journalctl" tool). If the VNC connection is being successfully > established but is being rejected by the VNC server due to auth, check your > VNC server's logs. > > - Mike >
