Using that alternative connector did the trick (thank you!). Any idea why that worked while the previous one did not?
On 3/6/25 2:21 PM, Anakien Skywalker wrote: Can you try this one: https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-$MYSQL_JDBC_VERSION.tar.gz MYSQL_JDBC_VERSION=8.3.0 Remove the rest of drivers and in guacamole config set driver mysql чт, 6 мар. 2025 г., 22:51 Jason Bailey <jbai...@emerytelcom.com.invalid><mailto:jbai...@emerytelcom.com.invalid>: This is what I have: echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat9 echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/profile.d/tomcat9.sh Also... root@guac:/etc/guacamole# ls -l total 20 drwxrwxr-x 2 tomcat tomcat 4096 Mar 5 15:15 extensions -rw-r--r-- 1 tomcat tomcat 2847 Mar 6 11:14 guacamole.properties -rw-r--r-- 1 tomcat tomcat 212 Mar 3 15:55 guacd.conf drwxrwxr-x 2 tomcat tomcat 4096 Mar 5 17:14 lib root@guac:/etc/guacamole/lib# ll total 3896 -rw-r--r-- 1 tomcat tomcat 627652 Mar 5 17:14 mariadb-java-client-2.7.12.jar -rw-r--r-- 1 tomcat tomcat 743409 Feb 21 11:27 mariadb-java-client-3.5.2.jar -rw-r--r-- 1 tomcat tomcat 2609733 Mar 5 17:04 mysql-connector-java-9.2.0.jar On 3/6/25 1:44 PM, Anakien Skywalker wrote: Oh yeah, And by the way: Any of the following MySQL-compatible JDBC drivers are supported for connecting Guacamole with MySQL or MariaDB: MySQL Connector/J MariaDB Connector/J Did you install them both? Because you have to install them both. чт, 6 мар. 2025 г., 22:39 Anakien Skywalker <njuhaand...@gmail.com<mailto:njuhaand...@gmail.com>>: Hello, Did you set GUACAMOLE_HOME env var? The Guacamole extension .jar will ultimately need to be placed within GUACAMOLE_HOME/extensions, while the JDBC driver must be downloaded separately from the database vendor and placed within GUACAMOLE_HOME/lib. Please, check both directories and permissions. If guacamole home env var is not set, this could be an issue. At least I had such problem deploying with docker. чт, 6 мар. 2025 г., 22:26 Jason Bailey <jbai...@emerytelcom.com.invalid><mailto:jbai...@emerytelcom.com.invalid>: Okay... LDAP works now. Progress! I still can't get MariaDB/MySQL to work, however. This is what I'm seeing in the logs. 12:09:07.428 [http-nio-8080-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection 12:09:07.429 [http-nio-8080-exec-1] DEBUG o.a.g.a.j.DynamicallyAuthenticatedDataSource - Creating new database connection for pool. 12:09:07.429 [http-nio-8080-exec-1] WARN o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpe> 12:09:07.430 [http-nio-8080-exec-1] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error: ### Error querying database. Cause: java.sql.SQLException: No suitable driver found for jdbc:mysql://127.0.0.1:3306/guacamole ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne ### The error occurred while executing a query ### Cause: java.sql.SQLException: No suitable driver found for jdbc:mysql://127.0.0.1:3306/guacamole 12:09:07.430 [http-nio-8080-exec-1] DEBUG o.a.g.rest.RESTExceptionMapper - Unexpected error in REST endpoint. org.apache.ibatis.exceptions.PersistenceException: ### Error querying database. Cause: java.sql.SQLException: No suitable driver found for jdbc:mysql://127.0.0.1:3306/guacamole ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne ### The error occurred while executing a query ### Cause: java.sql.SQLException: No suitable driver found for jdbc:mysql://127.0.0.1:3306/guacamole The mariadb jdbc driver is in /etc/guacamole/lib and the folder is owned by the tomcat user with 755 permissions. Suggestions? Thank you! On 3/6/25 4:16 AM, Anakien Skywalker wrote: Hello, Please, look higher up in the logs, during the startup of Tomcat (or deployment of the guacamole WAR file) to make sure it's loading the expected extensions, and see if there are any other errors there. The error you are referring to may be related with mysql driver not getting loaded. ср, 5 мар. 2025 г. в 21:12, Jason Bailey <jbai...@emerytelcom.com.invalid><mailto:jbai...@emerytelcom.com.invalid>: Did you enable auto creation of accounts in the mysql plugin? Yes. Did you create guacadmin user in mysql? I ran the 000-create-admin-user.sql script against the database and I can see the records present when I view the appropriate database tables. Set extension priority? I have not done so thus far. It isn't being used in my old server, which is what I used as a template for the new server. That said, I'll add it. Checking in the logs.... I see no mention of LDAP, so it must not be loading. Nick, you were right, the permissions on the /etc/guacamole/lib and /etc/guacamole/extensions folders were wrong. I'm actually trying to build SaltStack state / provisioning that sets Apache Guacamole up, and I had copied and pasted the wrong block of YAML. Long story short, the folder was 644 instead of 755. That has been fixed. Unfortunately, even with all these changes, it's still not working. I'm now getting "DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Permission Denied". I get that even when I bypass the reverse proxy config and connect to tomcat directly with my browser. This is what I have in my guacamole.properties file: guacd-hostname: ::1 guacd-port: 4822 mysql-hostname: 127.0.0.1 mysql-database: guacamole mysql-username: guacamole mysql-password: LongGuacamolePassword mysql-driver: mariadb mysql-auto-create-accounts: true mysql-server-timezone: America/Denver ldap-hostname: corp.myorganization.com<http://corp.myorganization.com> ldap-port: 389 ldap-encryption-method: none ldap-username-attribute: sAMAccountName ldap-search-bind-dn: cn=OBS Manager LDAP,OU=Services,DC=corp,DC=myorganization,DC=com ldap-search-bind-password: MyReallyLongLdapPassword ldap-user-base-dn: dc=corp,dc=myorganization,dc=com ldap-user-search-filter: (memberOf=CN=OBS Users,OU=Services,DC=corp,DC=myorganization,DC=com) ldap-max-search-results: 400 auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider Thanks On 3/5/25 4:41 AM, Anakien Skywalker wrote: Hello, Just a few things to check: 1. Did you enable auto creation accounts in mysql plugin? https://guacamole.apache.org/doc/gug/jdbc-auth.html#auto-creating-database-users mysql-auto-create-accounts: true 2. Did you create guacadmin user in mysql? You need to execute the following schema migration 002-create-admin-user.sql in your db in order to create admin user. Make sure all queries from migration are executed. 3. Set extension priority. In your log, I don't see any evidence you use ldap. But you could use ldap, mysql where mysql is fallback for guacadmin. extension-priority: mysql, ldap I am not sure of the correct naming. Please, check it yourself in your logs: 23:32:06.468 [main] INFO o.a.g.extension.ExtensionModule - - [postgresql] "PostgreSQL Authentication" (/etc/guacamole/extensions/guacamole-auth-jdbc-postgresql-1.5.5.jar) 23:32:06.468 [main] INFO o.a.g.extension.ExtensionModule - - [ldap] "LDAP Authentication" (/etc/guacamole/extensions/guacamole-auth-ldap-1.5.5.jar) According to these logs, it would be: extension-priority: postgresql, ldap ср, 5 мар. 2025 г. в 03:37, Nick Couchman <vn...@apache.org<mailto:vn...@apache.org>>: On Tue, Mar 4, 2025 at 7:00 PM Jason Bailey <jbai...@emerytelcom.com.invalid><mailto:jbai...@emerytelcom.com.invalid> wrote: Replying to my own email here, but I did get debug logging working. I'm seeing a few extra things now when I try to login: DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from [10.0.0.86, 127.0.0.1] failed. DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Permission Denied. WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [10.0.0.86, 127.0.0.1] for user "guacadmin" failed DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file "/etc/guacamole/user-mapping.xml" does not exist and will not be read I don't have a user-mapping.xml anymore -- not since going to LDAP/MSAD authentication. It does not appear to me that the LDAP authentication extension is loading at all. Are there other messages, prior to this, that indicate that it is loading successfully? The message about the user-mapping.xml file is relatively benign - it's just warning you that it isn't there. Is this an indication that the reverse proxy through Apache might be the issue? Nope, don't think this has anything to do with reverse proxy - I think your Guacamole install is not picking up the LDAP extension at all. Maybe check that permissions are correct on all of the files/folders, such that the user running Tomcat has access to /etc/guacamole and all of the files and folders under it? -Nick *Confidentiality Notice* This email message may contain legally privileged and/or confidential information. If you are not the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this email message is strictly prohibited. If you have received this email in error, please immediately notify the sender and delete this email message from your computer.
