> On 2025 Mar 10, at 18:06, Jason Bailey <jbai...@emerytelcom.com.INVALID> > wrote: > > I'm running Tomcat 9 on Debian 12 to run Apache Guacamole and am trying > to get the tomcat-users.xml file to take so that I can manage the > service from the Tomcat Manager. So far I have not had luck getting the > login dialog to the manager to accept any xml file I give it. > > First, where should I be putting the tomcat-users.xml file? Is there a > special place I should be putting this file?
The location of tomcat-users.xml is specified in Tomcat’s server.xml file. On a real Tomcat distribution (one downloaded from tomcat.apache.org <http://tomcat.apache.org/>), both server.xml and tomcat-users.xml are located in the conf directory, which itself is inside the directory in which you installed Tomcat. If you’re using a Debian-provided package, you may have to hunt for them, since such packages do not use Tomcat’s standard directory layout and may modify the standard settings in the server.xml file. Note that it’s best to modify the provided tomcat-users.xml file rather than trying to generate your own from scratch. > Second, what is wrong with this config? > > <?xml version="1.0" encoding="UTF-8"?> > > <tomcat-users xmlns="http://tomcat.apache.org/xml"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://tomcat.apache.org/xml > tomcat-users.xsd" > version="1.0"> > > <role rolename="admin-gui" /> “admin-gui” is not a role used by the Tomcat manager webapp; why is it here? > <role rolename="manager-gui"/> The “manager-gui” role is built-in, so you don’t have to specify it in the tomcat-users.xml file. > <user username="admin" password="admin" roles="manager-gui,admin-gui"/> The roles used by any webapp are declared in the app’s WEB-INF/web.xml file; there’s no “admin-gui” role for the manager webapp. > </tomcat-users> > > The above isn't what I would call ideal credentials -- it's just > something to test with, to get going, etc. If any of you have advice for > getting this working I'd sure appreciate it. Look in the catalina.out log file to see if you’re getting any errors during Tomcat initialization, which is when the tomcat-users.xml file is read. For real Tomcat downloads, catalina.out is in Tomcat’s logs directory; for package distributions, you’ll have to hunt for it. - Chuck
