guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Wolfheimer <f.wolfhei...@googlemail.com>
Subject Re: Problems with basic authentication
Date Wed, 18 Oct 2017 12:30:09 GMT
Hi Nick,

thanks for your help and your suggestions. I created /etc/guacamole and put
guacamole.properties into this directory. The file has the following
content:

guacd-hostname: localhost
guacd-port:     4822
user-mapping: /etc/guacamole/user-mapping.xml

I also put my user-mapping.xml file into this directory (same content as
before). I added the line "guacamole.home=/etc/guacamole" to
/etc/tomcat/catalina.properties and restarted tomcat. The permissions of
the /etc/guacamole directory and its files were set such that tomcat can
access all files (tomcat.root, 400). Looking at /var/log/messages after the
restart reveals the following lines which might be related to the issue:

 Oct 18 12:00:46 server: 12:00:46.936 [localhost-startStop-1] INFO
o.a.g.environment.LocalEnvironment - No guacamole.properties file found
within GUACAMOLE_HOME or the classpath. Using defaults.
Oct 18 12:00:47 server: 12:00:47.030 [localhost-startStop-1] INFO
o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes
of inactivity.
Oct 18 12:00:47 server: 12:00:47.153 [localhost-startStop-1] INFO
o.a.g.environment.LocalEnvironment - No guacamole.properties file found
within GUACAMOLE_HOME or the classpath. Using defaults.
Oct 18 12:00:47 server: 12:00:47.273 [localhost-startStop-1] INFO
o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
Oct 18 12:00:47 server: Oct 18, 2017 12:00:47 PM
com.google.inject.internal.ProxyFactory <init>
Oct 18 12:00:47 server: WARNING: Method [public void
org.apache.guacamole.rest.user.UserResource.updateObject(java.lang.Object)
throws org.apache.guacamole.GuacamoleException] is synthetic and is being
intercepted by [org.apache.guacamole.rest.RESTExceptionWrapper@64eba1f3].
This could indicate a bug.  The method may be intercepted twice, or may not
be intercepted at all.

So first it doesn't seem to find the guacamole.properties file for some
reason and then an exception occurs in "UserResource" which may indicate
that there's something wrong with the user settings. I now also added the
environment variable GUACAMOLE_HOME to /etc/sysconfig/tomcat such that it
is in the environment of tomcat as follows:

[root@test-guacamole ~]# cat /proc/2469/environ | tr '\0' '\n'
TOMCATS_BASE=/var/lib/tomcats/
GUACAMOLE_HOME=/etc/guacamole
SHELL=/sbin/nologin
CATALINA_HOME=/usr/share/tomcat
OLDPWD=/
NAME=
USER=tomcat
TOMCAT_CFG_LOADED=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
PWD=/usr/share/tomcat
JAVA_HOME=/usr/lib/jvm/jre
LANG=en_US.UTF-8
SHLVL=0
HOME=/usr/share/tomcat
SECURITY_MANAGER=false
LOGNAME=tomcat
CATALINA_TMPDIR=/var/cache/tomcat/temp

After a restart of tomcat, again the same messages occur, i.e., Guacamole
claims that guacamole.properties can't be found. BTW: I looked through the
logs and this set of messages occurred also when I put the files into
CATALINA_HOME (my original try).
I'm puzzled why it can't find the files. Any idea how to solve this (or
just get more output to find out what guacamole tries to do) are greatly
appreciated.


2017-10-17 4:26 GMT+02:00 Nick Couchman <vnick@apache.org>:

> On Mon, Oct 16, 2017 at 2:21 PM, Felix Wolfheimer <
> f.wolfheimer@googlemail.com> wrote:
>
>>
>> Hi,
>>
>> I'm trying to get a VNC connection working using Guacamole. I built and
>> installed the guacd and the client without issues, started guacd and
>> tomcat, and can see the login page of Guacamole when connecting with the
>> browser, but whatever I try with the user-mapping.xml file, I can't log in.
>> I installed the "user-mapping.xml" file to /usr/share/tomcat/.guacamole
>> (the HOME of the tomcat user is /usr/share/tomcat) and the user-mapping.xml
>> file is the one and only file in this directory. It has the following
>> content:
>>
>> <user-mapping>
>>   <authorize username="testuser" password="testing">
>>     <connection name="Cloud Workstation">
>>        <protocol>vnc</protocol>
>>        <param name="hostname">localhost</param>
>>        <param name="port">5901</param>
>>    </connection>
>>   </authorize>
>> </user-mapping>
>>
>> The only message I can find on the server about the failed login is the
>> following line in /var/log/messages:
>>
>> WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from
>> x.x.x.x for user "testuser" failed.
>>
>> I've entered the password multiple times to make sure that I just made a
>> typo.
>>
>> Is there anything I'm missing and are there other places where I can find
>> debugging information about the login process which could help
>> understanding what goes wrong?
>>
>> Thanks!
>>
>> Everything you've done looks fine to me, but I'd suggest doing the
> following:
> - Edit your catalina.properties file (stored in the same place as the rest
> of the Tomcat configs, like server.xml) and add the following line:
> guacamole.home=/etc/guacamole
> - Create the /etc/guacamole directory and set up permissions such that the
> user running Tomcat can access it.
> - Put your user-mapping.xml file in /etc/guacamole and restart Tomcat.
> Verify permissions on that file, too, to make sure the Tomcat user has read
> access.
>
> See if that works - like I said, what you've done seems like it should
> work, so not sure what's going on, but maybe this will help.
>
> -Nick
>

Mime
View raw message