Since I just pull the guacamole-client code to my repo, I use the guacamole-client Dockerfile:
# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # # # Dockerfile for guacamole-client # # Use args for Tomcat image label to allow image builder to choose alternatives # such as `--build-arg TOMCAT_JRE=jre8-alpine` # ARG TOMCAT_VERSION=8.5 ARG TOMCAT_JRE=jdk8 # Use official maven image for the build FROM maven:3-eclipse-temurin-8-focal AS builder # Use Mozilla's Firefox PPA (newer Ubuntu lacks a "firefox-esr" package and # provides only a transitional "firefox" package that actually requires Snap # and thus can't be used within Docker) RUN apt-get update \ && apt-get upgrade -y \ && apt-get install -y software-properties-common \ && add-apt-repository -y ppa:mozillateam/ppa # Explicitly prefer packages from the Firefox PPA COPY guacamole-docker/mozilla-firefox.pref /etc/apt/preferences.d/ # Install firefox browser for sake of JavaScript unit tests RUN apt-get update && apt-get install -y firefox # Arbitrary arguments that can be passed to the maven build. By default, an # argument will be provided to explicitly unskip any skipped tests. To, for # example, allow the building of the RADIUS auth extension, pass a build profile # as well: `--build-arg MAVEN_ARGUMENTS="-P lgpl-extensions -DskipTests=false"`. ARG MAVEN_ARGUMENTS="-DskipTests=false" # Versions of JDBC drivers to bundle within image ARG MSSQL_JDBC_VERSION=9.4.1 ARG MYSQL_JDBC_VERSION=8.3.0 ARG PGSQL_JDBC_VERSION=42.7.2 # Build environment variables ENV \ BUILD_DIR=/tmp/guacamole-docker-BUILD # Add configuration scripts COPY guacamole-docker/bin/ /opt/guacamole/bin/ # Copy source to container for sake of build COPY . "$BUILD_DIR" # Run the build itself RUN /opt/guacamole/bin/build-guacamole.sh "$BUILD_DIR" /opt/guacamole # For the runtime image, we start with the official Tomcat distribution FROM tomcat:${TOMCAT_VERSION}-${TOMCAT_JRE} # Install XMLStarlet for server.xml alterations and unzip for LOGBACK_LEVEL case RUN apt-get update -qq \ && apt-get install -y xmlstarlet unzip\ && rm -rf /var/lib/apt/lists/* # This is where the build artifacts go in the runtime image WORKDIR /opt/guacamole # Copy artifacts from builder image into this image COPY --from=builder /opt/guacamole/ . # Create a new user guacamole ARG UID=1001 ARG GID=1001 RUN groupadd --gid $GID guacamole RUN useradd --system --create-home --shell /usr/sbin/nologin --uid $UID --gid $GID guacamole # Run with user guacamole USER guacamole # Start Guacamole under Tomcat, listening on 0.0.0.0:8080 EXPOSE 8080 CMD ["/opt/guacamole/bin/start.sh" ] Get Outlook for Mac <https://aka.ms/GetOutlookForMac> From: Anakien Skywalker <njuhaand...@gmail.com> Date: Monday, 10 March 2025 at 12:13 To: user@guacamole.apache.org <user@guacamole.apache.org> Subject: Re: Parameter prompting RDP - guacd 1.5.5 This is URL to client repo. Are you building docker image yourself? If yes, do you use branch with tag 1.5.5? пн, 10 мар. 2025 г., 12:04 Gal Sabas <gal...@checkpoint.com.invalid>: This is the URL I use: ssh://g...@github.com:apache/guacamole-client.git Get Outlook for Mac <https://protect.checkpoint.com/v2/r02/___https://aka.ms/GetOutlookForMac___.YzJlOmNwYWxsOmM6bzo3YjMwNjJiOGU2NTExOTBlNmJhZDk1YWFmNzI1YmYyOTo3OmQwOGU6MDliODhkYTVlNzUxMjY2ZGU1YjU5OGFlOTgyZDA1Mzg2MjU2NGIxYzcwZmY1MzczMjg3NmMyOWYwYjc0OTc1MTpoOlQ6Tg> From: Anakien Skywalker <njuhaand...@gmail.com<mailto:njuhaand...@gmail.com>> Date: Monday, 10 March 2025 at 11:43 To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> <user@guacamole.apache.org<mailto:user@guacamole.apache.org>> Subject: Re: Parameter prompting RDP - guacd 1.5.5 Can you provide the docker image url you use for client? пн, 10 мар. 2025 г., 10:26 Gal Sabas <gal...@checkpoint.com.invalid>: The thing is that I use guacamole-client version 1.5.5 as well. I use guacamole client as a submodule of another docker container and I didn’t make any changes to the guacamole-client code, so I don’t know why the protocol_version if less than 1.3.0. Get Outlook for Mac <https://protect.checkpoint.com/v2/r02/___https://aka.ms/GetOutlookForMac___.YzJlOmNwYWxsOmM6bzo0MjI0NzQ4OTc3MzM2ZDM3MzM3NDZmZmUyMGYzYjRhNjo3OjZlMzk6NjU3NTVlMjU1NjljYWI0YjI0NmY4NTZiNDY5Y2QwMzg0ZDYxZDZiMWI4OGQxMjlmMTM3MDk0NGViNzFhMWYxYzpoOlQ6Tg> From: Anakien Skywalker <njuhaand...@gmail.com<mailto:njuhaand...@gmail.com>> Date: Sunday, 9 March 2025 at 17:21 To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> <user@guacamole.apache.org<mailto:user@guacamole.apache.org>> Subject: Re: Parameter prompting RDP - guacd 1.5.5 In the case of Guacamole clients that support the "required" instruction, this function will send any of the three unpopulated RDP authentication parameters back to the client so that the connection owner can provide the required information. If the values have been provided in the original connection parameters the user will not be prompted for updated parameters. If the version of Guacamole Client in use by the connection owner does not support the "required" instruction then the connection will fail. This function always returns true. The client is deemed to be not supporting required when: return (user->info.protocol_version >= GUAC_PROTOCOL_VERSION_1_3_0); How can you use old protocol? Actually, I see in title you are using guacd 1.5.5 But what is your client? вс, 9 мар. 2025 г. в 16:45, Gal Sabas <gal...@checkpoint.com.invalid>: I changed the configuration I sent to guacd and now I get the following error message: Client does not support the "required" instruction. No authentication parameters will be requested. To which client does this error refer to? Are you familiar with a solution to this issue? Thanks! Get Outlook for Mac <https://protect.checkpoint.com/v2/r02/___https://aka.ms/GetOutlookForMac___.YzJlOmNwYWxsOmM6bzozZDE0NmNkYzRjY2JlZTc3OGMxN2ZhOWE5NzYxNzYzMDo3OjFiODA6NTI4OTQ4YTNjYTRjYzkzM2M5NThmNGQ5OTRjYWYzMDQ4NTljNGNhYzcyYzRjMTM2YWQxMjk3YzFjOWNhNzQ4NjpoOlQ6Tg> From: Gal Sabas <gal...@checkpoint.com.INVALID> Date: Thursday, 6 March 2025 at 15:09 To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> <user@guacamole.apache.org<mailto:user@guacamole.apache.org>> Subject: Re: Parameter prompting RDP - guacd 1.5.5 Hi, I don’t use any specific config, if there is a specific thing you need to know, let me know. Some more info - my guacamole-client is running as a submodule of one docker container, and Guacd runs on a different container (I use Dockerfile). These are the guacd logs: guacd[1]: INFO: Creating new client for protocol "rdp" guacd[1]: INFO: Connection ID is "$b014292d-f7ef-45ff-9b90-d898e27f4cc3" guacd[14]: DEBUG: Processing instruction: size guacd[14]: DEBUG: Processing instruction: audio guacd[14]: DEBUG: Processing instruction: video guacd[14]: DEBUG: Processing instruction: image guacd[14]: DEBUG: Parameter "console" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "console-audio" omitted. Using default value of 0. guacd[14]: INFO: Security mode: Negotiate (ANY) guacd[14]: DEBUG: User resolution is 3440x1226 at 96 DPI guacd[14]: DEBUG: Parameter "dpi" omitted. Using default value of 96. guacd[14]: DEBUG: Using resolution of 3440x1226 at 96 DPI guacd[14]: DEBUG: Parameter "force-lossless" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "read-only" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "client-name" omitted. Using default value of "Guacamole RDP". guacd[14]: DEBUG: Parameter "enable-wallpaper" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "enable-theming" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "enable-font-smoothing" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "enable-full-window-drag" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "enable-desktop-composition" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "enable-menu-animations" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "disable-bitmap-caching" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "disable-offscreen-caching" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "color-depth" omitted. Using default value of 16. guacd[14]: DEBUG: Parameter "disable-audio" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "enable-drive" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "drive-name" omitted. Using default value of "Guacamole Filesystem". guacd[14]: DEBUG: Parameter "drive-path" omitted. Using default value of "". guacd[14]: DEBUG: Parameter "create-drive-path" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "disable-download" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "disable-upload" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "sftp-hostname" omitted. Using default value of "34.236.191.6". guacd[14]: DEBUG: Parameter "sftp-port" omitted. Using default value of "22". guacd[14]: DEBUG: Parameter "sftp-username" omitted. Using default value of "". guacd[14]: DEBUG: Parameter "sftp-password" omitted. Using default value of "". guacd[14]: DEBUG: Parameter "sftp-passphrase" omitted. Using default value of "". guacd[14]: DEBUG: Parameter "sftp-root-directory" omitted. Using default value of "/". guacd[14]: DEBUG: Parameter "sftp-server-alive-interval" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "sftp-disable-download" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "sftp-disable-upload" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "recording-name" omitted. Using default value of "recording". guacd[14]: DEBUG: Parameter "recording-exclude-output" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "recording-exclude-mouse" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "recording-exclude-touch" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "recording-include-keys" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "create-recording-path" omitted. Using default value of 0. guacd[14]: INFO: Resize method: display-update guacd[14]: DEBUG: Parameter "enable-touch" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "gateway-port" omitted. Using default value of 443. guacd[14]: DEBUG: Parameter "disable-copy" omitted. Using default value of 0. guacd[14]: DEBUG: Parameter "disable-paste" omitted. Using default value of 0. guacd[14]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. guacd[14]: DEBUG: Parameter "wol-send-packet" omitted. Using default value of 0. guacd[14]: INFO: User "@11a37d03-f80c-4774-9e42-c0750e2e3f93" joined connection "$b014292d-f7ef-45ff-9b90-d898e27f4cc3" (1 users now present) guacd[14]: DEBUG: Client has not defined its protocol version. guacd[14]: INFO: Loading keymap "base" guacd[14]: INFO: Loading keymap "en-us-qwerty" guacd[14]: DEBUG: Support for CLIPRDR (clipboard redirection) registered. Awaiting channel connection. guacd[14]: DEBUG: Support for static channel "rdpdr" loaded. guacd[14]: DEBUG: Support for static channel "rdpsnd" loaded. guacd[14]: DEBUG: Local framebuffer format PIXEL_FORMAT_BGRX32 guacd[14]: DEBUG: Remote framebuffer format PIXEL_FORMAT_RGB16 guacd[14]: DEBUG: creating directory /root/.config/freerdp guacd[14]: DEBUG: creating directory [/root/.config/freerdp/certs] guacd[14]: DEBUG: created directory [/root/.config/freerdp/server] guacd[14]: DEBUG: BIO_read returned an error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error guacd[14]: DEBUG: transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] guacd[14]: DEBUG: BIO_read returned an error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error guacd[14]: DEBUG: transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] guacd[14]: DEBUG: freerdp_post_connect failed guacd[14]: DEBUG: SVC "rdpdr" disconnected. guacd[14]: DEBUG: SVC "rdpsnd" disconnected. guacd[14]: INFO: RDP server closed/refused connection: Server refused connection (wrong security type?) guacd[14]: INFO: User "@11a37d03-f80c-4774-9e42-c0750e2e3f93" disconnected (0 users remain) guacd[14]: INFO: Last user of connection "$b014292d-f7ef-45ff-9b90-d898e27f4cc3" disconnected guacd[14]: DEBUG: Requesting termination of client... guacd[14]: DEBUG: Client terminated successfully. guacd[1]: INFO: Connection "$b014292d-f7ef-45ff-9b90-d898e27f4cc3" removed. guacd[1]: DEBUG: Unable to request termination of client process: No such process guacd[1]: DEBUG: All child processes for connection "$b014292d-f7ef-45ff-9b90-d898e27f4cc3" have been terminated. Get Outlook for Mac <https://protect.checkpoint.com/v2/r02/___https://aka.ms/GetOutlookForMac___.YzJlOmNwYWxsOmM6bzozYjJhODkwMTJmODUxOWJkYjQ4ODk5M2U1YTRhMjMwZTo3OjllNDc6YTVhMWUzMDAwNGUwOGZiM2U0N2I5YzE2NDQ0YzNhZDg4MWYxNTQ0ZjFkNjVkNTk0NWEzMGJhYTM3ZmUwNTA1YTpoOlQ6Tg> From: Anakien Skywalker <njuhaand...@gmail.com<mailto:njuhaand...@gmail.com>> Date: Thursday, 6 March 2025 at 14:58 To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> <user@guacamole.apache.org<mailto:user@guacamole.apache.org>> Subject: Re: Parameter prompting RDP - guacd 1.5.5 Hi, Would appreciate it if you provide raw config and full logs. For me, prompting is working out of the box in 1.5.5. чт, 6 мар. 2025 г. в 12:26, Gal Sabas <gal...@checkpoint.com.invalid>: Hi, I'm working with guacamole to connect to an RDP app. I was working with guacd version 1.4.0 and once I upgraded my guacd version to 1.5.5 I strated experiencing issues with my RDP connections. When I connect to an RDP app the has security mode 'any' and no authentication, I get an error and the connection fails with this error message: 'RDP server closed/refused connection: Server refused connection (wrong security type?)'. From what I understand, this change of behaviour is caused by the addition of parameter prompting. Can you please explain what should I change in the configuration of my guacamole-client/guacd in order to support parameter prompting? Do I need to provide a UI for the prompting message or is it native in your code? For now without any changes, I don't see and prompt for username/password. Thanks!
