Re: Pb with oznu/guacamole image on raspberry
I forgot to mention that Oznu's image (and its derivatives too), are self contained, meaning they include guacd, guacamole client, and postgresql all-in-one. No need to add guacd and postgresql in your docker compose. Cheers Antoine Le jeudi 30 mai 2024 à 15:17:46 UTC+2, Antoine Besnier a écrit : HI, I don't think you will get support from the Guacamole team for unofficial images. More over, Oznu's image has been abandoned more than 3 years ago. There are plenty of replacements. The most popular one was Max Waldorf's, now handed over to flcontainers (flcontainers/guacamole but it has nothing in common with Oznu's). I maintain one (abesnier/guacamole, trying to keep it as close as possible to Oznu's image, and keeping it up to date with latest guacamole, tomcat, postgres jdbc and s6 overlay). Try also targeting arm64 images for a Raspeberry pi 5. CheersAntoine Le jeudi 30 mai 2024 à 15:02:33 UTC+2, obiwan kenobi a écrit : Hello, I have been stuck for several days on an installation of Guacamole in Docker (via openmediavault) on an ARM architecture (raspberry PI 5)I tried several imagesI use the “oznu/guacamole:armhf” image which seems to support ARM, but I always see the same error message in the logs, despite the different configurations. A problem accessing the libsystemd.so library guacamole | postgres: error while loading shared libraries:libsystemd.so.0: ELF load command alignment not page-aligned guacamole | /var/run/postgresql:5432 - no response Here is my yml file: services: guacamole: image: oznu/guacamole:armhf container_name: guacamole restart: always ports: -"8082:8080" environment: -GUACD_HOSTNAME=guacd -POSTGRES_HOSTNAME=postgres -POSTGRES_DATABASE=guacamole_db -POSTGRES_USER=guacamole_user -POSTGRES_PASSWORD= password -GUACAMOLE_HOME=/config volumes: -./config:/config -./logs:/logs depends_on: -postgres -guacd postgres: image: postgres:latest container_name: guacamole-postgres restart:always environment: POSTGRES_DB: guacamole_db POSTGRES_USER: guacamole_user POSTGRES_PASSWORD: password volumes: -./postgres:/var/lib/postgresql/data platform: linux/arm64 guacd: image: guacd-arm container_name: guacd platform: linux/arm64 restart: always Can you help me ? What are good Guacamole, Postgre and guacd images to use for an ARM architecture ? Thanks, Best Regards, O.K.
Re: Pb with oznu/guacamole image on raspberry
HI, I don't think you will get support from the Guacamole team for unofficial images. More over, Oznu's image has been abandoned more than 3 years ago. There are plenty of replacements. The most popular one was Max Waldorf's, now handed over to flcontainers (flcontainers/guacamole but it has nothing in common with Oznu's). I maintain one (abesnier/guacamole, trying to keep it as close as possible to Oznu's image, and keeping it up to date with latest guacamole, tomcat, postgres jdbc and s6 overlay). Try also targeting arm64 images for a Raspeberry pi 5. CheersAntoine Le jeudi 30 mai 2024 à 15:02:33 UTC+2, obiwan kenobi a écrit : Hello, I have been stuck for several days on an installation of Guacamole in Docker (via openmediavault) on an ARM architecture (raspberry PI 5)I tried several imagesI use the “oznu/guacamole:armhf” image which seems to support ARM, but I always see the same error message in the logs, despite the different configurations. A problem accessing the libsystemd.so library guacamole | postgres: error while loading shared libraries:libsystemd.so.0: ELF load command alignment not page-aligned guacamole | /var/run/postgresql:5432 - no response Here is my yml file: services: guacamole: image: oznu/guacamole:armhf container_name: guacamole restart: always ports: -"8082:8080" environment: -GUACD_HOSTNAME=guacd -POSTGRES_HOSTNAME=postgres -POSTGRES_DATABASE=guacamole_db -POSTGRES_USER=guacamole_user -POSTGRES_PASSWORD= password -GUACAMOLE_HOME=/config volumes: -./config:/config -./logs:/logs depends_on: -postgres -guacd postgres: image: postgres:latest container_name: guacamole-postgres restart:always environment: POSTGRES_DB: guacamole_db POSTGRES_USER: guacamole_user POSTGRES_PASSWORD: password volumes: -./postgres:/var/lib/postgresql/data platform: linux/arm64 guacd: image: guacd-arm container_name: guacd platform: linux/arm64 restart: always Can you help me ? What are good Guacamole, Postgre and guacd images to use for an ARM architecture ? Thanks, Best Regards, O.K.
Re: Aw: Re: Major bug message log in guacd 1.5.4
Hi, On Alpine, openssl1.1-compat-dev is available for 3.17, 3.18 and Edge, but not 3.19 (which is the version for the 'latest' tag). You could try by changing the version of Alpine. CheersAntoine Le vendredi 9 février 2024 à 07:35:42 UTC+1, michael böhm a écrit : Hi everyone I'd gladly test in our environment. However, the docker build does not work for me: /tmp/guacamole-server ‹staging/1.5.5› » git checkout staging/1.5.5 1 ↵ Switched to branch 'staging/1.5.5' Your branch is up to date with 'origin/staging/1.5.5'. /tmp/guacamole-server ‹staging/1.5.5› » docker build -t guac_test . [+] Building 0.9s (6/13) docker:default => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 6.10kB 0.0s => [internal] load metadata for docker.io/library/alpine:latest 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 681B 0.0s => CACHED [builder 1/5] FROM docker.io/library/alpine:latest 0.0s => [internal] load build context 0.0s => => transferring context: 28.84kB 0.0s => ERROR [builder 2/5] RUN apk add --no-cache autoconf automake build-base cairo-dev cmake git 0.8s -- > [builder 2/5] RUN apk add --no-cache autoconf automake build-base cairo-dev cmake git grep libjpeg-turbo-dev libpng-dev libtool libwebp-dev make openssl1.1-compat-dev pango-dev pulseaudio-dev util-linux-dev: 0.285 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz 0.475 fetch
Re: [ANNOUNCE] Apache Guacamole 1.5.4
Hi, I have the same issue with Bullseye. I build Docker images for various platforms, with Alpine Edge or Ubuntu 22.04 bases, those build succeed.But if fails with the same error with a Bullseye base, and on my own machine which runs Bullseye too. I use the source file from guacamole.apache.org/releases/1.5.4/ for all builds. Something with time.h versions? They are a bit different between Bullseye, Bookworm and Jammy, but the references for the functions in question are there and signatures look the same, and I am not familiar enough with linux/c headers to dig more. Cheers Antoine Le samedi 9 décembre 2023 à 15:06:34 UTC+1, sam g a écrit : Same error after "make distclean;autoreconf -fi;./configure;make" I'm using a freshly installed Ubuntu 20.04.6.I've tested with an Ubuntu 22.04.3 and no problems in this case. Sam Le samedi 9 décembre 2023 à 14:46:16 UTC+1, Nick Couchman a écrit : On Sat, Dec 9, 2023 at 4:36 AM sam g wrote: Hi, Small issue in compiling guac 1.5.4:/usr/bin/ld: /home/sam/guacamole-server-1.5.4/src/libguac/.libs/libguac.so: undefined reference to `timer_delete' /usr/bin/ld: /home/sam/guacamole-server-1.5.4/src/libguac/.libs/libguac.so: undefined reference to `timer_settime' /usr/bin/ld: /home/sam/guacamole-server-1.5.4/src/libguac/.libs/libguac.so: undefined reference to `timer_create' collect2: error: ld returned 1 exit status make[2]: *** [Makefile:563: guacd] Error 1 make[2]: Leaving directory '/home/sam/guacamole-server-1.5.4/src/guacd' I built the 1.5.3 on the exact same machine without troubles. Could you try doing the following in the 1.5.4 source directory:make distcleanautoreconf -fi and then re-run configure and make? I just pulled the source code from the web site and built on my EL8 system without any issues. If you're still having trouble, please provide some more detail on the environment you're building in. -Nick
Re: Health check uri
Depends on what image you are using.You can try HEALTHCHECK --timeout=3s CMD wget --no-verbose --tries=1 --spider http://localhost:8080/guacamole || exit 1 if you are using the official Guacamole images. Le jeudi 16 novembre 2023 à 07:51:53 UTC+1, miao a écrit : Seems the uri will get 404, I test "/api/languages” also get 404. So … any suggestion 2023年11月14日 17:56,Antoine Besnier 写道: HEALTHCHECK --timeout=3s CMD wget --no-verbose --tries=1 --spider http://localhost:8080 || exit 1 should do it. If either guacd or the client are not properly loaded, wget will return a server error, so it would report a bad health check. CheersAntoine Le mardi 14 novembre 2023 à 08:22:46 UTC+1, miao a écrit : Hi , Is there some health check uri for guacamole and guacd when run it as docker container? Thx Regards - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Health check uri
Forgot to mention this command needs to be baked in the image, it cannot be added when starting the container.You can add a healthcheck when starting the container (see Docker run reference | Docker Docs) or in docker compose (Compose file version 3 reference | Docker Docs). CheersAntoine Le mardi 14 novembre 2023 à 10:57:05 UTC+1, Antoine Besnier a écrit : HEALTHCHECK --timeout=3s CMD wget --no-verbose --tries=1 --spider http://localhost:8080 || exit 1 should do it. If either guacd or the client are not properly loaded, wget will return a server error, so it would report a bad health check. CheersAntoine Le mardi 14 novembre 2023 à 08:22:46 UTC+1, miao a écrit : Hi , Is there some health check uri for guacamole and guacd when run it as docker container? Thx Regards - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Health check uri
HEALTHCHECK --timeout=3s CMD wget --no-verbose --tries=1 --spider http://localhost:8080 || exit 1 should do it. If either guacd or the client are not properly loaded, wget will return a server error, so it would report a bad health check. CheersAntoine Le mardi 14 novembre 2023 à 08:22:46 UTC+1, miao a écrit : Hi , Is there some health check uri for guacamole and guacd when run it as docker container? Thx Regards - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Show TOTP secret in User detail page
Hi, I have a feature request, but before opening a probably useless JIRA issue, I'd like to discuss this here. Let's assume that TOTP is activated and an user wants to change his TOTP device, or wants to use different apps, for example one on their phone and one on their computer. In Guacamole, once the TOTP secret has been confirmed, the only way to show it again is to go to the database and query it with something like SELECT * FROM guacamole_user_attribute WHERE attribute_name='guac-totp-key-secret' AND user_id = (SELECT entity_id FROM guacamole_entity WHERE name = 'username' AND type ='USER'); or SELECT guacamole_user.user_id, guacamole_user.entity_id, name, attribute_value FROM guacamole_entity,guacamole_user,guacamole_user_attribute WHERE guacamole_user_attribute.user_id = guacamole_user.user_id AND guacamole_user.entity_id = guacamole_entity.entity_id AND attribute_name = 'guac-totp-key-secret' and name like 'username'; which first, is not avaible to generic users, and two, requires you to know the database schema. Or to ask an admin to reset the TOTP confirmation, and make sure you have all your devices ready when re-enrolling. Would it be practical to have the option to show the secret key somewhere, probably in the Settings > Preference tab, only for the currently logged in user of course? I am an amateur user, and use Guacamole on a home network. What would be the larger implications if the secret key could be displayed? In my opinion, because username/password is something-you-know, and TOTP is something-you-have, and because you need both to log in, I don't believe begin able to see the secret key when you are already logged in is big security issue. Looking forward to reading your ideas. Thanks you Antoine
Re: When enabling the gfx (Graphics Pipeline Extension), the mouse cursor isn't updated.
Ok, everything makes more sense now. This is not the first time I forget to check the target release of an issue. And indeed, this works with a build from github. Thank you Michael (and Sean and Nick too). Cheers Antoine Le mercredi 11 octobre 2023 à 17:53:46 UTC+2, Michael Jumper a écrit : On 10/11/2023 6:22 AM, Antoine Besnier wrote: > Thanks, but where do I find this option? I turning my Guacamole Client > upside down, installing fresh ones in VMs, in Docker, and cannot find it > anywhere... > > I believe this should be in the Performance section of the RDP > connection setup, but I can't see it there. Am I missing something? > It is: https://github.com/apache/guacamole-client/blob/d1faaa9605c5eef668da8bf84279d7a88cad5af7/guacamole-ext/src/main/resources/org/apache/guacamole/protocols/rdp.json#L265-L319 You just won't find it in outside a build of the webapp from git, as support for RDPGFX has not been released. It's a work in progress that's planned for 1.6.0: https://issues.apache.org/jira/browse/GUACAMOLE-377 Similarly you won't find support for RDPGFX in a build of guacd that isn't from git. - Mike - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: When enabling the gfx (Graphics Pipeline Extension), the mouse cursor isn't updated.
Thanks, but where do I find this option? I turning my Guacamole Client upside down, installing fresh ones in VMs, in Docker, and cannot find it anywhere... I believe this should be in the Performance section of the RDP connection setup, but I can't see it there. Am I missing something? Cheers Antoine Le mardi 10 octobre 2023 à 17:54:04 UTC+2, Michael Jumper a écrit : On 10/10/2023 6:11 AM, Nick Couchman wrote: > On Tue, Oct 10, 2023 at 3:47 AM Antoine Besnier > wrote: > > Hi, > > I've had users complain about this issue, but had no idea what could > be the cause. > What do you mean by "when enabling the gfx"? Is it a compilation > option? A connection option? A RDP server option? > > > It's a connection parameter - as mentioned in the original post, > "enable-gfx" for the RDP connection. > The "enable-gfx" parameter became "disable-gfx" (with the RDP Graphics Pipeline Extension being enabled by default) as of: https://github.com/apache/guacamole-server/commit/da80163e24dbf728f5c2e1245c23ded5f629917e - Mike - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: When enabling the gfx (Graphics Pipeline Extension), the mouse cursor isn't updated.
Hi, I've had users complain about this issue, but had no idea what could be the cause.What do you mean by "when enabling the gfx"? Is it a compilation option? A connection option? A RDP server option? CheersAntoine Le jeudi 5 octobre 2023 à 10:39:29 UTC+2, Andrey Khramov a écrit : Hi, there While using Apache Guacamole (the latest "master" branch), I've found the issue that the mouse cursor isn't updated when enabling the gfx ("enable-gfx" is true). I've recorded the issue to a video file and attached it to this email.Please check the video. Please let me know how I can resolve this issue. Thanks. Regards. - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: otp auth can't scan qr code
That's most peculiar. Generation of QR Code is done by the package com.google.zxing.qrcode, Zxing being the most popular project for barcode generation, so the issue is most likely not there. Have you tried to use online decoders to see if they can read your QR codes, and that it matches the keys and options? I tried with the sample you posted originally, and it worked fine. Stupid question: have you tried adding a new user on your current instance, and see if the qr codes work? And probably the most stupid question ever: are you sure your monitor is working properly, and that the camera of the devices you try to read the codes on are not damaged? Damaged enough to make the error correction of the codes fail. For easy use of extensions with Docker, there are plenty of unofficial images where you just have to list the extensions you want in the docker-compose.With the official image, you'll need to mount a local directory, and then place the extensions in the appropriate place. See the documentation: Installing Guacamole with Docker — Apache Guacamole Manual v1.5.3. Extensions will go in the GUACAMOLE_HOME/extensions/ directory and guacamole.properties will be in GUACAMOLE_HOME Cheers Antoine Le vendredi 6 octobre 2023 à 08:49:22 UTC+2, Giacomo Marconi a écrit : Hi Antoine I have the same problem with defaults parameters (sha1) The problem is only while scanning, if I copy and paste the secret key manually in the apps, ALL apps are working. I am actually testing Guacamole 1.5.3 on 2 systems with the same problem: Ubuntu 22.0.4 host install from official docs Debian 12 using the script https://github.com/itiligent/Guacamole-Install I am also trying it on Alpine with docker, but I don’t understand how to right popolate the guacamole.properties with docker-compose (especially extensions). Next step is to test with Tomcat8. The production system (1.1.0) has been working since 2020 with about 500 users. I can’t migrate to the new and force people to use differents totp apps or telling them to copy 56 chars :) Giacomo > On 5 Oct 2023, at 16:44, Antoine Besnier > wrote: > > Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di > cui ti fidi. > Many TOTP code generation apps do not support anything else than SHA1 hash, > even if the RFC recommends the use of SHA2 (SHA-256 or SHA-512). > It is difficult to get the exact info by platform and by application. I found > this article on the subject but it does not say what kind of non-default > parameter makes an application fail: Laban Sköllermark | Mobile Authenticator > Apps Algorithm Support Review - 2023 Edition (labanskoller.se) > > For example, I could scan your code with Authy, MS Authenticator and Google > Authenticator on Android. Authy and MSA generated the same code, but not > Google. I do not know which one is correct (I could test on my Guacamole but > do not want to get locked out...) > > If you want maximum compatibility, stay with sha1. The expiration of the time > based codes more than compensates for the "lower" security of sha1. > > Cheers > Antoine > > (PS: if you see some connection attempts from France, blame me, I could not > resist giving it try...) > > Le jeudi 5 octobre 2023 à 14:53:00 UTC+2, Giacomo Marconi > a écrit : > > > hi Nick > > I’ve already tried default settings, and checked the time/date > > Giacomo > >> On 5 Oct 2023, at 14:38, Nick Couchman wrote: >> >> Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di >> cui ti fidi. >> On Thu, Oct 5, 2023 at 8:03 AM Giacomo Marconi >> wrote: >> Hi All >> >> in my last Guacamole installation ver 1.5.3), the QR Code generated seems to >> be wrong. >> The same TOTP App works only on one platform, for example Google >> Authenticator read the qr code in Android, but not in IOS. FreeOTP is >> working in IOS, but not in Android! >> As you can see in the attachment the Secret Key is strangely long. >> I’ve tried to change the plugin (1.5.3/1.5.2/1.5.1) and the java (Oracle JKD >> and openJDK) versions, without success. >> >> Is it already happened to someone ? >> >> >> I think the usual questions that come up are: >> * Are you trying to change any of the parameters related to TOTP, or are you >> using the defaults (digits, time, etc.)? >> * Have you verified that the clock on your Guacamole server(s) and your >> mobile devices are in sync? >> >> -Nick > - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: otp auth can't scan qr code
Many TOTP code generation apps do not support anything else than SHA1 hash, even if the RFC recommends the use of SHA2 (SHA-256 or SHA-512).It is difficult to get the exact info by platform and by application. I found this article on the subject but it does not say what kind of non-default parameter makes an application fail: Laban Sköllermark | Mobile Authenticator Apps Algorithm Support Review - 2023 Edition (labanskoller.se) For example, I could scan your code with Authy, MS Authenticator and Google Authenticator on Android. Authy and MSA generated the same code, but not Google. I do not know which one is correct (I could test on my Guacamole but do not want to get locked out...) If you want maximum compatibility, stay with sha1. The expiration of the time based codes more than compensates for the "lower" security of sha1. CheersAntoine (PS: if you see some connection attempts from France, blame me, I could not resist giving it try...) Le jeudi 5 octobre 2023 à 14:53:00 UTC+2, Giacomo Marconi a écrit : hi Nick I’ve already tried default settings, and checked the time/date Giacomo On 5 Oct 2023, at 14:38, Nick Couchman wrote: | Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di cui ti fidi. | On Thu, Oct 5, 2023 at 8:03 AM Giacomo Marconi wrote: Hi All in my last Guacamole installation ver 1.5.3), the QR Code generated seems to be wrong.The same TOTP App works only on one platform, for example Google Authenticator read the qr code in Android, but not in IOS. FreeOTP is working in IOS, but not in Android!As you can see in the attachment the Secret Key is strangely long.I’ve tried to change the plugin (1.5.3/1.5.2/1.5.1) and the java (Oracle JKD and openJDK) versions, without success. Is it already happened to someone ? I think the usual questions that come up are:* Are you trying to change any of the parameters related to TOTP, or are you using the defaults (digits, time, etc.)?* Have you verified that the clock on your Guacamole server(s) and your mobile devices are in sync? -Nick
Re: Docker Guacamole Radius Support
The extension needs to be built separately (license issue).But follow the documentation, and you're good to go:RADIUS Authentication — Apache Guacamole Manual v1.5.3 RegardsAntoine Le mercredi 27 septembre 2023 à 05:45:29 UTC+2, Mark Rupright a écrit : Does the guacamole docker container natively support radius? If not, would someone kindly point me in the right direction to get it configured? I have added the variables for radius thinking it was supported to my compose file and receive the following error(s) referencing each variable: services.guacamole Additional property RADIUS_HOSTNAME is not allowed I appreciate the help.
Re: Show only 1 screen
That's something you would have to configure on the remote desktop server side. For Windows Remote Desktop Connection for example, you would open the application, go to the options, go to the 'Display' tab, and uncheck 'Use all monitors for the remote session' (and do that for all machines via a policy I guess). Other RDP/VNC servers should have the same kind of setting. Guacamole gets the video stream from the server, Antoine Le vendredi 18 août 2023 à 15:27:48 UTC+3, Tifaine RIVOIRE OPTI Sécurité a écrit : Hi guys, I’m using Guacamole in order to connect on servers or computers with multiple screen. Do you know if it’s possible to show only one screen at a time ? maybe have a button for switching from one to another ? Thanks. T. RIVOIRE
Re: French Canadian Translation missing from guacamole-1.5.x.war
>They are on Github, in the master branch, but they are not in the >1.5.3 (or 1.5.x) source at all. That's peculiar, I double checked yesterday, and they were there. I must have made an oopsie and confused it with the tarball generated after the build. My mistake then. Thanks for your reply and clarifications. CheersAntoine Le mercredi 9 août 2023 à 15:43:56 UTC+2, Nick Couchman a écrit : On Wed, Aug 9, 2023 at 3:48 AM Antoine Besnier wrote: > > Quick follow up, I decided to build from github, and noticed two new > extensions auth-ban and display-statistics. > > They can be found on Github and in the downloadable source for 1.5.3, and > there is no mention of them in the change log for 1.5.3. They are on Github, in the master branch, but they are not in the 1.5.3 (or 1.5.x) source at all. I just downloaded a clean copy of the source from the website: [vnick@vguac Downloads]$ tar tf guacamole-client-1.5.3.tar.gz |grep display-statistics [vnick@vguac Downloads]$ tar tf guacamole-client-1.5.3.tar.gz |grep auth-ban [vnick@vguac Downloads]$ and also switched to the 1.5.3 tag on Github (screenshot attached), and verified that neither extension exists in either of those source locations. > > There are explanations in the relevant PRs (here and here mostly), but not a > lot more, and they are both flagged for 1.6.0. Yes, these two extensions have been added to the git repo, but were not included in any of the 1.5.x releases. They will be included in 1.6.0 when it is released. > > So, my two and a half questions are: > > Are those extensions officially supported, safe and ready to use with 1.5.3 ? > (they do work well for what I quickly tested) No. In general things should be compatible across the 1.x versions, so they may work, but they are not "officially supported" with the 1.5.x releases. > Is there documentation apart from the PR comments? (there is comment in a PR > that documentation will be issued later) > And if not, shouldn't they be removed from the source archive for 1.5.3 and > only be released with 1.6.0? > Documentation will show up when we actually release it (and the documentation gets written). -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: French Canadian Translation missing from guacamole-1.5.x.war
Quick follow up, I decided to build from github, and noticed two new extensions auth-ban and display-statistics. They can be found on Github and in the downloadable source for 1.5.3, and there is no mention of them in the change log for 1.5.3. There are explanations in the relevant PRs (here and here mostly), but not a lot more, and they are both flagged for 1.6.0. So, my two and a half questions are: - Are those extensions officially supported, safe and ready to use with 1.5.3 ? (they do work well for what I quickly tested) - Is there documentation apart from the PR comments? (there is comment in a PR that documentation will be issued later) - And if not, shouldn't they be removed from the source archive for 1.5.3 and only be released with 1.6.0? CheersAntoine Le lundi 7 août 2023 à 14:08:37 UTC+2, Antoine Besnier a écrit : Hi Nick, Thanks for the quick reply. I did not notice the 1.6.0 mention in the JIRA page, my bad.IIRC, the list of tickets to be included in 1.5.0 was quite short (in quantity, not in amount of work), so I can understand this one went below the radar. Best regardsAntoine Le lundi 7 août 2023 à 14:00:42 UTC+2, Nick Couchman a écrit : On Mon, Aug 7, 2023 at 5:14 AM Antoine Besnier wrote: > > Hello, > > I maintain a small unofficial Guacamole docker image, and one user raised an > issue about missing French Canadian layout in RDP options. > > Indeed, there was an Jira ticket with an approved PR > (https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1312?filter=allissues > and > https://github.com/apache/guacamole-server/pull/376/commits/9cbd768210a7b2330b16012748d980cb987ea728), > and the layout is found on github for Guacamole server.** > > There also have been updates to translation files to add the fr_ca mapping to > the user interface of Guacamole Client > (https://github.com/apache/guacamole-client/blame/master/guacamole/src/main/frontend/src/translations/en.json#L678) > > The modification to the translation files was added in March 2022, meaning it > could have been implemented since the 1.5.0 release, but none of the official > WAR files (guacamole-1.5.x.war from > https://guacamole.apache.org/releases/1.5.x/) contain this line, making this > option invisible to users. > > In a similar manner, the Czech translations were approved in the master > branch in November 2022, but are also not included in 1.5.x. > > Would it be possible to have the updated translations files included in the > next release of Guacamole, and in the mean time, is my only option to build > the client from github? Hello, Antoine, The Jira issue that you linked, GUACAMOLE-1312, is tagged for the 1.6.0 release. I'm not entirely sure why it didn't make it into 1.5.0, but the releases since 1.5.0 have been bugfix releases where we've not added any features, however minor they may be. I think we may have a 1.5.4 release to fix a minor bug, but I would expect we'll head toward 1.6.0 relatively soon, and it should be included in that. -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: French Canadian Translation missing from guacamole-1.5.x.war
Hi Nick, Thanks for the quick reply. I did not notice the 1.6.0 mention in the JIRA page, my bad.IIRC, the list of tickets to be included in 1.5.0 was quite short (in quantity, not in amount of work), so I can understand this one went below the radar. Best regardsAntoine Le lundi 7 août 2023 à 14:00:42 UTC+2, Nick Couchman a écrit : On Mon, Aug 7, 2023 at 5:14 AM Antoine Besnier wrote: > > Hello, > > I maintain a small unofficial Guacamole docker image, and one user raised an > issue about missing French Canadian layout in RDP options. > > Indeed, there was an Jira ticket with an approved PR > (https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1312?filter=allissues > and > https://github.com/apache/guacamole-server/pull/376/commits/9cbd768210a7b2330b16012748d980cb987ea728), > and the layout is found on github for Guacamole server.** > > There also have been updates to translation files to add the fr_ca mapping to > the user interface of Guacamole Client > (https://github.com/apache/guacamole-client/blame/master/guacamole/src/main/frontend/src/translations/en.json#L678) > > The modification to the translation files was added in March 2022, meaning it > could have been implemented since the 1.5.0 release, but none of the official > WAR files (guacamole-1.5.x.war from > https://guacamole.apache.org/releases/1.5.x/) contain this line, making this > option invisible to users. > > In a similar manner, the Czech translations were approved in the master > branch in November 2022, but are also not included in 1.5.x. > > Would it be possible to have the updated translations files included in the > next release of Guacamole, and in the mean time, is my only option to build > the client from github? Hello, Antoine, The Jira issue that you linked, GUACAMOLE-1312, is tagged for the 1.6.0 release. I'm not entirely sure why it didn't make it into 1.5.0, but the releases since 1.5.0 have been bugfix releases where we've not added any features, however minor they may be. I think we may have a 1.5.4 release to fix a minor bug, but I would expect we'll head toward 1.6.0 relatively soon, and it should be included in that. -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
French Canadian Translation missing from guacamole-1.5.x.war
Hello, I maintain a small unofficial Guacamole docker image, and one user raised an issue about missing French Canadian layout in RDP options. Indeed, there was an Jira ticket with an approved PR (https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1312?filter=allissues and https://github.com/apache/guacamole-server/pull/376/commits/9cbd768210a7b2330b16012748d980cb987ea728), and the layout is found on github for Guacamole server.** There also have been updates to translation files to add the fr_ca mapping to the user interface of Guacamole Client (https://github.com/apache/guacamole-client/blame/master/guacamole/src/main/frontend/src/translations/en.json#L678) The modification to the translation files was added in March 2022, meaning it could have been implemented since the 1.5.0 release, but none of the official WAR files (guacamole-1.5.x.war from https://guacamole.apache.org/releases/1.5.x/) contain this line, making this option invisible to users. In a similar manner, the Czech translations were approved in the master branch in November 2022, but are also not included in 1.5.x. Would it be possible to have the updated translations files included in the next release of Guacamole, and in the mean time, is my only option to build the client from github? By the way, I'll never thank you enough for this great piece of software, Best regardsAntoine **: the source archive that can be downloaded at https://apache.org/dyn/closer.lua/guacamole/1.5.3/source/guacamole-server-1.5.3.tar.gz?action=download do not contain the fr_ca_qwerty.keymap file, but for the server, I always build it from github.
Re: 2fa - email authentication
It's available on github: https://github.com/apache/guacamole-client CheersAntoine Le mardi 27 juin 2023 à 06:24:05 UTC+2, Eby Mani a écrit : Many thanks, Where can i find source code for totp and other extension to see how it is plugged into Guacamole ?. Thanks, On Monday, 26 June, 2023 at 06:33:47 pm IST, Nick Couchman wrote: On Mon, Jun 26, 2023 at 7:21 AM Eby Mani wrote: > > Hello Mike, > > Many thanks, there are few java based 2fa email projects on github, is there > a how to guide/documentation on adapting these for guacamole-ext ?. The best place to start would be the following, which covers guacamole-ext and how to build an extension. It doesn't necessarily cover the specifics of "Authentication system xyz exists on github, here's how you plug it into Guacamole" - it's more a general reference on the guacamole-ext framework. https://guacamole.apache.org/doc/gug/guacamole-ext.html If it's something you're interested in doing, and contributing to the community, I'd suggest that you request a Jira account and create an issue to track it, and then submit a pull request so that the changes can be reviewed and merged. -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Error 404 with Guacamole 1.5.2
Stupid guess, but can you also check the content of your guacamole/extensions directory? Some extensions (looking at you, TOTP) will make Tomcat crash with this exact error if multiple versions are loaded. CheersAntoine Le lundi 19 juin 2023 à 20:13:53 UTC+2, Xuo a écrit : Hello, I'll try what you suggest but probably not before 2 or 3 days as my Internet connection is down and I'm not at home. I'll keep you inform of what I could get. Regards. Xuo. Le 18/06/2023 à 21:50, Nick Couchman a écrit : On Sun, Jun 18, 2023 at 2:28 PM Xuo wrote: Hi, I'm trying to run Guacamole 1.5.2 on Mageia8 but I get the following error message : HTTP Status 404 - not Found The origin server did not find a current representation for the target resource or is not willing to disclose that one exists. Here are some trials I did to debug : Guacamole 1.4, Tomcat-9.0.41-1.mga8 => works fine. Guacamole 1.4, Tomcat-9.0.73-1.1.mga8 => works fine. Guacamole 1.5.2, Tomcat-9.0.73-1.1.mga8 => when trying to connect to Guacamole, I get the following error message in my browser : What version of Java? HTTP Status 404 - not Found The origin server did not find a current representation for the target resource or is not willing to disclose that one exists. and in Tomcat logs : 18-Jun-2023 18:04:10.670 GRAVE [main] org.apache.catalina.core.StandardContext.startInternal Un ou plusieurs écouteurs n'ont pas pu démarrer, les détails sont dans le fichier de log du conteneur ### Translated from French : ### One or more listener could not start, details are in the container logs. 18-Jun-2023 18:04:10.699 GRAVE [main] org.apache.catalina.core.StandardContext.startInternal Erreur de démarrage du contexte [/guacamole] suite aux erreurs précédentes ### Translated from French : ### Starting error of context [/guacamole] because of previous errors 18-Jun-2023 18:04:10.794 INFOS [14] org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading Impossible de charger [com.google.common.collect.AbstractMapBasedMultimap$AsMap$AsMapIterator], ce chargeur de classes a déjà été arrêté ### Translated from French : ### Impossible to load [com.google.common.collect.AbstractMapBasedMultimap$AsMap$AsMapIterator], this class loader is already stopped. java.lang.IllegalStateException: Impossible de charger [com.google.common.collect.AbstractMapBasedMultimap$AsMap$AsMapIterator], ce chargeur de classes a déjà été arrêté at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading(WebappClassLoaderBase.java:1432) ... You'll probably need to enable additional debugging in the Guacamole web application and try, again, and see if you get any more useful messages: https://guacamole.apache.org/doc/gug/configuring-guacamole.html#logging-within-the-web-application I don't know if this can help but here is my apache guacamole.conf file (/etc/httpd/conf/sites.d/guacamole.conf) I think the error you're seeing indicates it's more basic than this - this would be the Apache httpd configuration for the proxying Guacamole, but it seems like Tomcat is failing to load it for some reason. -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Tomcat 10
I was curious and checked, and here are the fixes for each CVE: CVE Fixed in CVE-2020-11996 9.0.36 CVE-2020-13934 9.0.37 CVE-2020-13935 9.0.37 CVE-2020-13943 9.0.38 CVE-2020-17527 9.0.40 CVE-2021-24122 9.0.40 CVE-2021-25122 9.0.43 CVE-2021-25329 9.0.43 CVE-2021-30640 9.0.46 CVE-2021-33037 9.0.48 CVE-2020-9484 9.0.58 CVE-2021-43980 9.0.62 CVE-2022-29885 9.0.63 CVE-2022-34305 9.0.65 CVE-2022-42252 9.0.68 So the any version equal or above 9.0.68 contains all the required fixes. By the way, Tomcat has a security page for that: https://tomcat.apache.org/security-9.html CheersAntoine Le mardi 31 janvier 2023 à 22:56:52 UTC+1, Nick Couchman a écrit : On Tue, Jan 31, 2023 at 4:34 PM Sean Hulbert wrote: > > Hello, > > > > Are there any special requirements for Guacamole 1.4.0 to update Tomcat > 9.0.31 to Tomcat 10 or reasons not to do this? > Yes, Tomcat 10 makes some servlet API changes that require code changes to Guacamole. It's documented, here: https://issues.apache.org/jira/browse/GUACAMOLE-1325 > To resolve the CVE below, and are there any procedural steps documented? WIthout looking at each individual CVE you mentioned, I would say that most, if not all, are probably also fixed in a version of Tomcat 9.0, which will still work with Guacamole. For example, CVE-2021-43980 only impacts 9.0.47 to 9.0.60, and is fixed in current 9.0 releases. I would venture a guess that many/most/all of the rest are the same. So, updating to the latest version of Tomcat 9.x should be a perfectly acceptable procedural step. -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: SSH to Ubuntu 22.04 machine fails
This is a known issue, related to libssh2. have a look at this ticket https://issues.apache.org/jira/browse/GUACAMOLE-1619 and this PR https://github.com/libssh2/libssh2/pull/626#event-5853667761 It has been merged in the master branch of libssh2 end of last year, but depending on your OS, the available package may not have been build after those changes (for example Ubuntu Jammy libssh2-1-dev has been released in March 2022, and for Debian Bullseye, it was released in Dec 2020), so you may have to build it yourself. Cheers Antoine Le vendredi 9 décembre 2022 à 05:56:26 UTC+1, Krishna Pramod a écrit : Hello everyone, We see that with guacamole version 1.4.0, SSH to an Ubuntu 22.04 machine fails and the following log is seen in guacd logs. ERROR: SSH handshake failed. It looks to be an issue related to supported HostKeyAlgorithms on the SSH server side. Is there a plan to support newer HostKey algorithms (e.g. EC based) in guacd? Is there a workaround/solution that can be used without enabling RSA, DSA on the Ubuntu SSH server? Regards,Pramod
Re: Issue with users in behind ZScaler
My two cents on the subject: I have the same issue. I host a Guacamole server at home, and I have a few SSH connections setup. When I connect from my work place, behind ZScaler, the ssh sessions drop, usually between 30 seconds and 1 minute. Connecting from any other network works fine. It did not use to be so unstable, though. But there must have been an update recently (either on my company's network, or on ZScaler side) that created this issue. Definitely not an issue on Guacamole's side though. CheersAntoine Le lundi 14 novembre 2022 à 04:09:10 UTC+1, Michael Jumper a écrit : On Sun, Nov 13, 2022, 6:33 PM Lockhart, Roland wrote: Hi This is a follow on from the previous email Our Guacamole logs are recording two public addresses for these users that experience intermittent disconnections. One address is their Businesses external egress address and the other one the Zscaler network. Could this be making their connection reliability lower for the Guac sessions? Sure. It's not impossible that their corporate network is interfering. If they have no issue outside that network, that would be pretty conclusive. - Mike
Re: Web analytics
Indeed, the branding extension need a CSS selector, so it will not work for the head section.Maybe you can unzip guacamole-1.4.0.war, modifiy the file app/element/templates/blank.html, and repackage and re-deploy the war file. Antoine Le mercredi 7 septembre 2022, 12:36:33 UTC+2, Lee Doughty a écrit : I don't think the head section is modifiable in that way.. you could probably use "body" selector and get it to load early in the page. On Wed, Sep 7, 2022, 2:16 AM Kiel Hurley wrote: We have multiple Guacamole servers and I’d like to do web analytics to see how much they’re being used, and when. umami (and it would be similar for Google Analytics) requires adding a script into the section (https://umami.is/docs/collect-data). I created an extension with the following html file, and was hoping it would work: https://analytics.example.com/umami.js"> The Tomcat log says the extension loaded but it didn’t appear to work, as meta is trying to insert the line before the children of a CSS tag called “head” (https://guacamole.apache.org/doc/gug/guacamole-ext.html#updating-existing-html), which doesn’t exist. I considered using the js extension resource instead of html, to copy the JavaScript file, but I need to include the GUID for the website so I’m not sure this would work. Is there a way to insert the script line into the head using an extension? Or could there another way to achieve something similar? Thanks
Re: Update French translations
Hi All, If any one wants to proof read my proposed modifications, please have a look at https://github.com/abesnier/guacamole-clientA self contained Docker image (server+client abesnier/guacamole:frTranslations) is available for test docker push. RegardsAntoine Le jeudi 19 mai 2022, 15:44:15 UTC+2, Antoine Besnier a écrit : Hi Nick, Will do.Look for it in the coming days after I double and triple check them! CheersAntoine Le jeudi 19 mai 2022, 15:13:43 UTC+2, Nick Couchman a écrit : On Thu, May 19, 2022 at 5:19 AM Antoine Besnier wrote: Hi, I wanted to update the French translations, as they have not been corrected for a long time, and some sections have not been translated at all.Would the issue GUACAMOLE-1159 ( https://issues.apache.org/jira/browse/GUACAMOLE-1159?jql=project%20%3D%20GUACAMOLE%20AND%20text%20~%20french), which is closed, be suitable if I submit a PR, or would I have to open a new issue? Antoine,We always welcome help with making the translations more complete and accurate. You'll want to open a new Jira issue and commit against that - don't use the closed one. Thanks, looking forward to seeing the pull request! -Nick
Re: Update French translations
Hi Nick, Will do.Look for it in the coming days after I double and triple check them! CheersAntoine Le jeudi 19 mai 2022, 15:13:43 UTC+2, Nick Couchman a écrit : On Thu, May 19, 2022 at 5:19 AM Antoine Besnier wrote: Hi, I wanted to update the French translations, as they have not been corrected for a long time, and some sections have not been translated at all.Would the issue GUACAMOLE-1159 ( https://issues.apache.org/jira/browse/GUACAMOLE-1159?jql=project%20%3D%20GUACAMOLE%20AND%20text%20~%20french), which is closed, be suitable if I submit a PR, or would I have to open a new issue? Antoine,We always welcome help with making the translations more complete and accurate. You'll want to open a new Jira issue and commit against that - don't use the closed one. Thanks, looking forward to seeing the pull request! -Nick
Update French translations
Hi, I wanted to update the French translations, as they have not been corrected for a long time, and some sections have not been translated at all.Would the issue GUACAMOLE-1159 ( https://issues.apache.org/jira/browse/GUACAMOLE-1159?jql=project%20%3D%20GUACAMOLE%20AND%20text%20~%20french), which is closed, be suitable if I submit a PR, or would I have to open a new issue? Thanks in advance, Antoine
Re: Error 404 with Guacamole 1.4.0 / Tomcat 9 / Ubuntu 21.10
This line in the tutorial you followed may be the culprit: sudo ln -s /etc/guacamole/guacamole.war /opt/tomcat/tomcatapp/webapps check the value of $CATALINA_HOME, and confirm your guacamole.war is present in the directory $CATALINA_HOME/webapps. Don't know if tomcat can work with links? safer to just copy guacamole.war directly. See the doc: https://guacamole.apache.org/doc/gug/installing-guacamole.html#deploying-guacamole Cheers Le mardi 1 mars 2022, 12:59:32 UTC+1, Adam Cherrett a écrit : I need some help troubleshooting my attempt to get 1.4.0 running (for use on my local network). I am working with a clean installation of Ubuntu 21.10, and have been following the steps in https://computingforgeeks.com/install-and-use-guacamole-on-ubuntu/ Tomcat 9 appears to be running fine (and I can access the manager app through the browser): > systemctl status tomcat● tomcat.service - Tomcat 9 servlet container Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor prese t: enabled) Active: active (running) since Mon 2022-02-28 13:28:23 CET; 23h ago Process: 13902 ExecStart=/opt/tomcat/tomcatapp/bin/startup.sh (code=exited , status=0/SUCCESS) Main PID: 13909 (java) Tasks: 39 (limit: 38299) Memory: 340.4M CPU: 1min 44.670s CGroup: /system.slice/tomcat.service └─13909 /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Djava.util.l ogging.config.file=/opt/tomcat/tomcatapp/conf/logging.properties -Djava.util.l ogging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.egd=file: ///dev/urandom -Djava.awt.headless=true -Djdk.tls.ephemeralDHKeySize=2048 -Dja va.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalin a.security.SecurityListener.UMASK=0027 -Xms512M -Xmx1024M -server -XX:+UsePara llelGC -Dignore.endorsed.dirs= -classpath /opt/tomcat/tomcatapp/bin/bootstrap. jar:/opt/tomcat/tomcatapp/bin/tomcat-juli.jar -Dcatalina.base=/opt/tomcat/tomc atapp -Dcatalina.home=/opt/tomcat/tomcatapp -Djava.io.tmpdir=/opt/tomcat/tomca tapp/temp org.apache.catalina.startup.Bootstrap start Feb 28 13:28:23 blackbox systemd[1]: Starting Tomcat 9 servlet container... Feb 28 13:28:23 blackbox startup.sh[13902]: Tomcat started. Feb 28 13:28:23 blackbox systemd[1]: Started Tomcat 9 servlet container. guacd appears to be fine:● guacd.service - LSB: Guacamole proxy daemon Loaded: loaded (/etc/init.d/guacd; generated) Active: active (running) since Mon 2022-02-28 13:28:41 CET; 23h ago Docs: man:systemd-sysv-generator(8) Process: 13992 ExecStart=/etc/init.d/guacd start (code=exited, status=0/SU CCESS) Tasks: 1 (limit: 38299) Memory: 9.4M CPU: 15ms CGroup: /system.slice/guacd.service └─13996 /usr/local/sbin/guacd -p /var/run/guacd.pid Feb 28 13:28:41 blackbox systemd[1]: Starting LSB: Guacamole proxy daemon... Feb 28 13:28:41 blackbox guacd[13994]: Guacamole proxy daemon (guacd) version 1.4.0 started Feb 28 13:28:41 blackbox guacd[13992]: Starting guacd: Feb 28 13:28:41 blackbox guacd[13994]: guacd[13994]: INFO: Guacamole pr oxy daemon (guacd) version 1.4.0 started Feb 28 13:28:41 blackbox guacd[13992]: SUCCESS Feb 28 13:28:41 blackbox guacd[13996]: Listening on host 127.0.0.1, port 4822 Feb 28 13:28:41 blackbox systemd[1]: Started LSB: Guacamole proxy daemon. I can restart both tomcat and guacd without problems. I suspect the problem lies with the guacamole client. I have tried prerolled versions and compiling my own - neither of them works. Browsing to http://127.0.0.1:8080/guacamole gives a 404 error. The Tomcat manager shows a number of applications running, and shows guacamole is not. Trying to start it from the browser gives the error "FAIL - Application at context path [/guacamole] could not be started". Here are some log entries: in catalina.-MM-DD.log (duplicated in catalina.out): 01-Mar-2022 12:27:33.610 INFO [http-nio-8080-exec-18] org.apache.jasper.servle t.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no T LDs. Enable debug logging for this logger for a complete list of JARs that wer e scanned but no TLDs were found in them. Skipping unneeded JARs during scanni ng can improve startup time and JSP compilation time. 01-Mar-2022 12:27:33.611 SEVERE [http-nio-8080-exec-18] org.apache.catalina.co re.StandardContext.startInternal One or more listeners failed to start. Full d etails will be found in the appropriate container log file 01-Mar-2022 12:27:33.612 SEVERE [http-nio-8080-exec-18] org.apache.catalina.co re.StandardContext.startInternal Context [/guacamole] startup failed due to pr evious errors in localhost_access_log.-MM-DD.txt:192.168.0.50 - - [01/Mar/2022:12:26:54 +0100] "GET /guacamole HTTP/1.1" 404 76 1 192.168.0.50 - - [01/Mar/2022:12:26:54 +0100] "GET /favicon.ico HTTP/1.1" 200 8192 192.168.0.50 - - [01/Mar/2022:12:27:01 +0100] "GET / HTTP/1.1" 200 11165 192.168.0.50 - - [01/Mar/2022:12:27:01 +0100] "GET