Oh yeah, And by the way: Any of the following MySQL-compatible JDBC drivers are supported for connecting Guacamole with MySQL or MariaDB:
MySQL Connector/J MariaDB Connector/J Did you install them both? Because you have to install them both. чт, 6 мар. 2025 г., 22:39 Anakien Skywalker <njuhaand...@gmail.com>: > Hello, > Did you set GUACAMOLE_HOME env var? > > The Guacamole extension .jar will ultimately need to be placed within > GUACAMOLE_HOME/extensions, while the JDBC driver must be downloaded > separately from the database vendor and placed within GUACAMOLE_HOME/lib. > Please, check both directories and permissions. > > If guacamole home env var is not set, this could be an issue. At least I > had such problem deploying with docker. > > чт, 6 мар. 2025 г., 22:26 Jason Bailey <jbai...@emerytelcom.com.invalid>: > >> Okay... LDAP works now. Progress! I still can't get MariaDB/MySQL to >> work, however. >> >> This is what I'm seeing in the logs. >> >> 12:09:07.428 [http-nio-8080-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - >> Opening JDBC Connection >> 12:09:07.429 [http-nio-8080-exec-1] DEBUG >> o.a.g.a.j.DynamicallyAuthenticatedDataSource - Creating new database >> connection for pool. >> 12:09:07.429 [http-nio-8080-exec-1] WARN >> o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider >> has encountered an internal error which will halt the authentication >> process. If this is unexpe> >> 12:09:07.430 [http-nio-8080-exec-1] ERROR o.a.g.rest.RESTExceptionMapper >> - Unexpected internal error: >> ### Error querying database. Cause: java.sql.SQLException: No suitable >> driver found for jdbc:mysql://127.0.0.1:3306/guacamole >> ### The error may exist in >> org/apache/guacamole/auth/jdbc/user/UserMapper.xml >> ### The error may involve >> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne >> ### The error occurred while executing a query >> ### Cause: java.sql.SQLException: No suitable driver found for jdbc: >> mysql://127.0.0.1:3306/guacamole >> 12:09:07.430 [http-nio-8080-exec-1] DEBUG o.a.g.rest.RESTExceptionMapper >> - Unexpected error in REST endpoint. >> org.apache.ibatis.exceptions.PersistenceException: >> ### Error querying database. Cause: java.sql.SQLException: No suitable >> driver found for jdbc:mysql://127.0.0.1:3306/guacamole >> ### The error may exist in >> org/apache/guacamole/auth/jdbc/user/UserMapper.xml >> ### The error may involve >> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne >> ### The error occurred while executing a query >> ### Cause: java.sql.SQLException: No suitable driver found for jdbc: >> mysql://127.0.0.1:3306/guacamole >> >> The mariadb jdbc driver is in /etc/guacamole/lib and the folder is owned >> by the tomcat user with 755 permissions. >> >> Suggestions? Thank you! >> >> >> >> >> On 3/6/25 4:16 AM, Anakien Skywalker wrote: >> >> Hello, >> Please, look higher up in the logs, during the startup of Tomcat (or >> deployment >> of the guacamole WAR file) to make sure it's loading the expected >> extensions, and see if there are any other errors there. The error you >> are referring to may be related with mysql driver not getting loaded. >> >> ср, 5 мар. 2025 г. в 21:12, Jason Bailey >> <jbai...@emerytelcom.com.invalid> <jbai...@emerytelcom.com.invalid>: >> >>> Did you enable auto creation of accounts in the mysql plugin? Yes. >>> >>> Did you create guacadmin user in mysql? I ran the >>> 000-create-admin-user.sql script against the database and I can see the >>> records present when I view the appropriate database tables. >>> >>> Set extension priority? I have not done so thus far. It isn't being used >>> in my old server, which is what I used as a template for the new server. >>> That said, I'll add it. >>> >>> Checking in the logs.... I see no mention of LDAP, so it must not be >>> loading. >>> >>> Nick, you were right, the permissions on the /etc/guacamole/lib and >>> /etc/guacamole/extensions folders were wrong. I'm actually trying to build >>> SaltStack state / provisioning that sets Apache Guacamole up, and I had >>> copied and pasted the wrong block of YAML. Long story short, the folder was >>> 644 instead of 755. That has been fixed. >>> >>> Unfortunately, even with all these changes, it's still not working. I'm >>> now getting "DEBUG o.a.g.rest.RESTExceptionMapper - Client request >>> rejected: Permission Denied". I get that even when I bypass the reverse >>> proxy config and connect to tomcat directly with my browser. >>> >>> This is what I have in my guacamole.properties file: >>> >>> guacd-hostname: ::1 >>> guacd-port: 4822 >>> >>> mysql-hostname: 127.0.0.1 >>> mysql-database: guacamole >>> mysql-username: guacamole >>> mysql-password: LongGuacamolePassword >>> mysql-driver: mariadb >>> mysql-auto-create-accounts: true >>> mysql-server-timezone: America/Denver >>> >>> ldap-hostname: corp.myorganization.com >>> ldap-port: 389 >>> ldap-encryption-method: none >>> ldap-username-attribute: sAMAccountName >>> ldap-search-bind-dn: cn=OBS Manager >>> LDAP,OU=Services,DC=corp,DC=myorganization,DC=com >>> ldap-search-bind-password: MyReallyLongLdapPassword >>> ldap-user-base-dn: dc=corp,dc=myorganization,dc=com >>> ldap-user-search-filter: (memberOf=CN=OBS >>> Users,OU=Services,DC=corp,DC=myorganization,DC=com) >>> ldap-max-search-results: 400 >>> >>> auth-provider: >>> net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider >>> >>> Thanks >>> >>> >>> >>> On 3/5/25 4:41 AM, Anakien Skywalker wrote: >>> >>> Hello, >>> Just a few things to check: >>> 1. Did you enable auto creation accounts in mysql plugin? >>> https://guacamole.apache.org/doc/gug/jdbc-auth.html#auto-creating-database-users >>> >>> >>>> mysql-auto-create-accounts: true >>> >>> 2. Did you create guacadmin user in mysql? You need to execute the >>> following schema migration 002-create-admin-user.sql in your db in order to >>> create admin user. Make sure all queries from migration are executed. >>> 3. Set extension priority. In your log, I don't see any evidence you use >>> ldap. But you could use ldap, mysql where mysql is fallback for guacadmin. >>> >>>> extension-priority: mysql, ldap >>> >>> I am not sure of the correct naming. Please, check it yourself in your >>> logs: >>> >>>> 23:32:06.468 [main] INFO o.a.g.extension.ExtensionModule - - >>>> [postgresql] "PostgreSQL Authentication" >>>> (/etc/guacamole/extensions/guacamole-auth-jdbc-postgresql-1.5.5.jar) >>>> 23:32:06.468 [main] INFO o.a.g.extension.ExtensionModule - - [ldap] >>>> "LDAP Authentication" >>>> (/etc/guacamole/extensions/guacamole-auth-ldap-1.5.5.jar) >>>> >>>> According to these logs, it would be: >>> >>>> >>>> extension-priority: postgresql, ldap >>> >>> >>> >>> ср, 5 мар. 2025 г. в 03:37, Nick Couchman <vn...@apache.org>: >>> >>>> On Tue, Mar 4, 2025 at 7:00 PM Jason Bailey >>>> <jbai...@emerytelcom.com.invalid> <jbai...@emerytelcom.com.invalid> >>>> wrote: >>>> >>>>> Replying to my own email here, but I did get debug logging working. >>>>> I'm seeing a few extra things now when I try to login: >>>>> >>>>> DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication >>>>> attempt from [10.0.0.86, 127.0.0.1] failed. >>>>> >>>>> DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: >>>>> Permission Denied. >>>>> >>>>> WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from >>>>> [10.0.0.86, 127.0.0.1] for user "guacadmin" failed >>>>> >>>>> DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file >>>>> "/etc/guacamole/user-mapping.xml" does not exist and will not be read >>>>> >>>>> I don't have a user-mapping.xml anymore -- not since going to >>>>> LDAP/MSAD authentication. >>>>> >>>> >>>> It does not appear to me that the LDAP authentication extension is >>>> loading at all. Are there other messages, prior to this, that indicate that >>>> it is loading successfully? >>>> >>>> The message about the user-mapping.xml file is relatively benign - it's >>>> just warning you that it isn't there. >>>> >>>> >>>>> >>>>> Is this an indication that the reverse proxy through Apache might be >>>>> the issue? >>>>> >>>> >>>> Nope, don't think this has anything to do with reverse proxy - I think >>>> your Guacamole install is not picking up the LDAP extension at all. Maybe >>>> check that permissions are correct on all of the files/folders, such that >>>> the user running Tomcat has access to /etc/guacamole and all of the files >>>> and folders under it? >>>> >>>> -Nick >>>> >>> *Confidentiality Notice* This email message may contain legally >>> privileged and/or confidential information. If you are not the intended >>> recipient(s), you are hereby notified that any dissemination, distribution >>> or copying of this email message is strictly prohibited. If you have >>> received this email in error, please immediately notify the sender and >>> delete this email message from your computer. >>> >>
