RE: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[MARTINEZ, ARIEL]

I have both .jar files in their respective locations in the extensions and lib 
directories.

My DB is mariadb and I have added the authentication settings to 
guacamole.properties. I’m able to connect to the Guacamole database running the 
command  mysql –user=guacamole_user –-password guacamole_db –h localhost  on 
the database server, but not from the Guacamole Client server.

Since the database is on another server, other than firewall rules to allow 
communication over port 3306, is anything else required on the Guacamole Client 
server to connect to the remote database?

From: Neumen - Juan Prigoshin 
Sent: Tuesday, June 2, 2020 8:06 PM
To: user@guacamole.apache.org
Subject: [Suspected SPAM] RE: [EXTERNAL] Re: Guacamole Installation with 
separate servers for DMZ and Internal Setup
Importance: Low

Have you copy guacamole-auth-jdbc-mysql-1.1.0.jar to extensions directory? And 
mysql-connector-java-8.0.20.jar to lib directory?
In the guacamole.properties you add the auth for the database??

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: 

In the terminal, using this parameters, work the conection?
mysql –user=guacamole_user –-password guacamole_db –h localhost

Sorry if my questions are simple, sometimes happines it’s in simple things

Juan

De: MARTINEZ, ARIEL [mailto:amarti...@hostos.cuny.edu]
Enviado el: martes, 02 de junio de 2020 08:46 p.m.
Para: user@guacamole.apache.org<mailto:user@guacamole.apache.org>
Asunto: RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ 
and Internal Setup

In configuring the database authentication after going through all the steps I 
am now getting an error in the guacamole login page. Disabling the database 
connection info in the guacamole.properties file removes the error, so I know 
it is a db issue.

I tried looking at the catalina.out file to see what the issue is but nothing 
is being logged. Is logging enabled by default or do I need to add something 
somewhere to get the debug logging?

Thanks again.

From: Nick Couchman mailto:vn...@apache.org>>
Sent: Tuesday, June 2, 2020 4:54 PM
To: user@guacamole.apache.org<mailto:user@guacamole.apache.org>
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for 
DMZ and Internal Setup

On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL 
mailto:amarti...@hostos.cuny.edu>> wrote:
Thanks. I am making progress and have moved on to the database authentication 
extension. I want to be sure I am configuring things in the right place. The 
instructions outlined in Chapter 6 of the instructions, all of this is 
happening on the server with tomcat or is it happening on the server with guacd?


The authentication is done by the Guacamole Client piece, which runs in Tomcat 
or a comparable Java container.  So, all of the configuration related to 
database and authentication will be done on the server running Guacamole Client 
(Tomcat).

-nick

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[Neumen - Juan Prigoshin]

Have you copy guacamole-auth-jdbc-mysql-1.1.0.jar to extensions directory? And 
mysql-connector-java-8.0.20.jar to lib directory?

In the guacamole.properties you add the auth for the database??

 

# MySQL properties

mysql-hostname: localhost

mysql-port: 3306

mysql-database: guacamole_db

mysql-username: guacamole_user

mysql-password: 

 

In the terminal, using this parameters, work the conection?

mysql –user=guacamole_user –-password guacamole_db –h localhost

 

Sorry if my questions are simple, sometimes happines it’s in simple things

 

Juan

 

De: MARTINEZ, ARIEL [mailto:amarti...@hostos.cuny.edu] 
Enviado el: martes, 02 de junio de 2020 08:46 p.m.
Para: user@guacamole.apache.org
Asunto: RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ 
and Internal Setup

 

In configuring the database authentication after going through all the steps I 
am now getting an error in the guacamole login page. Disabling the database 
connection info in the guacamole.properties file removes the error, so I know 
it is a db issue. 

 

I tried looking at the catalina.out file to see what the issue is but nothing 
is being logged. Is logging enabled by default or do I need to add something 
somewhere to get the debug logging? 

 

Thanks again.

 

From: Nick Couchman  
Sent: Tuesday, June 2, 2020 4:54 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for 
DMZ and Internal Setup

 

On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL  
wrote:

Thanks. I am making progress and have moved on to the database authentication 
extension. I want to be sure I am configuring things in the right place. The 
instructions outlined in Chapter 6 of the instructions, all of this is 
happening on the server with tomcat or is it happening on the server with guacd?

 

 

The authentication is done by the Guacamole Client piece, which runs in Tomcat 
or a comparable Java container.  So, all of the configuration related to 
database and authentication will be done on the server running Guacamole Client 
(Tomcat).

 

-nick

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[MARTINEZ, ARIEL]

In configuring the database authentication after going through all the steps I 
am now getting an error in the guacamole login page. Disabling the database 
connection info in the guacamole.properties file removes the error, so I know 
it is a db issue.

I tried looking at the catalina.out file to see what the issue is but nothing 
is being logged. Is logging enabled by default or do I need to add something 
somewhere to get the debug logging?

Thanks again.

From: Nick Couchman 
Sent: Tuesday, June 2, 2020 4:54 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for 
DMZ and Internal Setup

On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL 
mailto:amarti...@hostos.cuny.edu>> wrote:
Thanks. I am making progress and have moved on to the database authentication 
extension. I want to be sure I am configuring things in the right place. The 
instructions outlined in Chapter 6 of the instructions, all of this is 
happening on the server with tomcat or is it happening on the server with guacd?


The authentication is done by the Guacamole Client piece, which runs in Tomcat 
or a comparable Java container.  So, all of the configuration related to 
database and authentication will be done on the server running Guacamole Client 
(Tomcat).

-nick

Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[Nick Couchman]

On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL 
wrote:

> Thanks. I am making progress and have moved on to the database
> authentication extension. I want to be sure I am configuring things in the
> right place. The instructions outlined in Chapter 6 of the instructions,
> all of this is happening on the server with tomcat or is it happening on
> the server with guacd?
>
>
>

The authentication is done by the Guacamole Client piece, which runs in
Tomcat or a comparable Java container.  So, all of the configuration
related to database and authentication will be done on the server running
Guacamole Client (Tomcat).

-nick

>

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[MARTINEZ, ARIEL]

Thanks. I am making progress and have moved on to the database authentication 
extension. I want to be sure I am configuring things in the right place. The 
instructions outlined in Chapter 6 of the instructions, all of this is 
happening on the server with tomcat or is it happening on the server with guacd?

Thanks,


From: Mike Jumper 
Sent: Tuesday, June 2, 2020 2:00 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for 
DMZ and Internal Setup

On Tue, Jun 2, 2020, 09:07 MARTINEZ, ARIEL 
mailto:amarti...@hostos.cuny.edu>> wrote:
Got it. In the guacd.conf the bind host should be the server running guacd 
correct?

It should be the address that you want guacd to bind to. This will determine 
which network interface(s) can be used to connect to guacd.

Specifying 127.0.0.1 will cause guacd to bind to localhost, thus only allowing 
connections over the loopback interface. Specifying the wildcard address 
(0.0.0.0) will allow connections over any interface. Specifying the address of 
a specific interface will allow connections only through that interface and 
address.

Also, once I do something similar with the guacamole.properties file, if 
communication between the components is working properly, should I at least get 
the guacamole login page or will I need to also go through the 
users/authentication/db settings first?

You would need to try accessing a connection.

The login page and settings are all independent of guacd. The guacd service 
only comes into play when an remote desktop connection is being used.

- Mike

Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[Mike Jumper]

On Tue, Jun 2, 2020, 09:07 MARTINEZ, ARIEL 
wrote:

> Got it. In the guacd.conf the bind host should be the server running guacd
> correct?
>

It should be the address that you want guacd to bind to. This will
determine which network interface(s) can be used to connect to guacd.

Specifying 127.0.0.1 will cause guacd to bind to localhost, thus only
allowing connections over the loopback interface. Specifying the wildcard
address (0.0.0.0) will allow connections over any interface. Specifying the
address of a specific interface will allow connections only through that
interface and address.

Also, once I do something similar with the guacamole.properties file, if
> communication between the components is working properly, should I at least
> get the guacamole login page or will I need to also go through the
> users/authentication/db settings first?
>

You would need to try accessing a connection.

The login page and settings are all independent of guacd. The guacd service
only comes into play when an remote desktop connection is being used.

- Mike

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[MARTINEZ, ARIEL]

Got it. In the guacd.conf the bind host should be the server running guacd 
correct? Also, once I do something similar with the guacamole.properties file, 
if communication between the components is working properly, should I at least 
get the guacamole login page or will I need to also go through the 
users/authentication/db settings first?

Thanks

From: Nick Couchman 
Sent: Tuesday, June 2, 2020 11:15 AM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for 
DMZ and Internal Setup

On Tue, Jun 2, 2020 at 10:26 AM MARTINEZ, ARIEL 
mailto:amarti...@hostos.cuny.edu>> wrote:
Hello,

I installed guacd and the guacamole-client on different servers and am stuck at 
the step where I need to edit guacd.conf, because I cannot locate it. In what 
directory would this file be located on a standard installation?


You have to create the file, usually in the /etc/guacamole directory.

-Nick

Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[Nick Couchman]

On Tue, Jun 2, 2020 at 10:26 AM MARTINEZ, ARIEL 
wrote:

> Hello,
>
>
>
> I installed guacd and the guacamole-client on different servers and am
> stuck at the step where I need to edit guacd.conf, because I cannot locate
> it. In what directory would this file be located on a standard installation?
>
>
>

You have to create the file, usually in the /etc/guacamole directory.

-Nick

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[MARTINEZ, ARIEL]

Hello,

I installed guacd and the guacamole-client on different servers and am stuck at 
the step where I need to edit guacd.conf, because I cannot locate it. In what 
directory would this file be located on a standard installation?

Thanks

From: Nick Couchman 
Sent: Thursday, May 28, 2020 12:21 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for 
DMZ and Internal Setup

On Thu, May 28, 2020 at 11:57 AM MARTINEZ, ARIEL 
mailto:amarti...@hostos.cuny.edu>> wrote:
Hi Nick,

Thank you for this information. Does the Guacamole client and guacd have the 
same required dependencies?  In other words do I need to install  Cairo, 
libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server 
and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, 
should I install all of the dependencies on both servers?


No, the dependencies are not the same.  Guacamole Client basically just 
requires Java and Tomcat, and then a web server if you want to reverse proxy 
through that.

The guacd dependencies include the items you mentioned - various libraries 
depending on the required protocols.

-Nick

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[MARTINEZ, ARIEL]

Ok just double checking to try to get everything right on the first try, the 
server running guacd will need to have cairo, libjpeg, libpng, OSSP uuid 
library and any of the protocols that we need to support and the guacamole 
client server will just need java, tomcat and a web server installed, correct?

Thanks


From: Nick Couchman 
Sent: Thursday, May 28, 2020 12:21 PM
To: user@guacamole.apache.org
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for 
DMZ and Internal Setup

On Thu, May 28, 2020 at 11:57 AM MARTINEZ, ARIEL 
mailto:amarti...@hostos.cuny.edu>> wrote:
Hi Nick,

Thank you for this information. Does the Guacamole client and guacd have the 
same required dependencies?  In other words do I need to install  Cairo, 
libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server 
and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, 
should I install all of the dependencies on both servers?


No, the dependencies are not the same.  Guacamole Client basically just 
requires Java and Tomcat, and then a web server if you want to reverse proxy 
through that.

The guacd dependencies include the items you mentioned - various libraries 
depending on the required protocols.

-Nick

Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[Nick Couchman]

On Thu, May 28, 2020 at 11:57 AM MARTINEZ, ARIEL 
wrote:

> Hi Nick,
>
>
>
> Thank you for this information. Does the Guacamole client and guacd have
> the same required dependencies?  In other words do I need to install
>  Cairo, libjpeg, libpng, and the OSSP UUID library only on the Guacamole
> Client server and things like ffmpeg, freerdp, pango, etc. only on the
> guacd server? Or, should I install all of the dependencies on both servers?
>
>
>

No, the dependencies are not the same.  Guacamole Client basically just
requires Java and Tomcat, and then a web server if you want to reverse
proxy through that.

The guacd dependencies include the items you mentioned - various libraries
depending on the required protocols.

-Nick

>

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

[MARTINEZ, ARIEL]

Hi Nick,

Thank you for this information. Does the Guacamole client and guacd have the 
same required dependencies?  In other words do I need to install  Cairo, 
libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server 
and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, 
should I install all of the dependencies on both servers?

Thanks.
From: Nick Couchman 
Sent: Wednesday, May 27, 2020 8:24 PM
To: user@guacamole.apache.org
Subject: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ 
and Internal Setup

WARNING: This email originated outside the Hostos campus. Do not click links or 
open attachments unless you recognize the sender and know the content is safe. 
Never provide login credentials, financial or sensitive details in response to 
an email or by clicking on a link. Report suspicious emails to: 
reports...@hostos.cuny.edu

On Wed, May 27, 2020 at 7:10 PM MARTINEZ, ARIEL 
mailto:amarti...@hostos.cuny.edu>> wrote:
Hello,

From reviewing the documentation, I gather it is possible to install the tomcat 
Guacamole component on one server and have the guacd proxy on another. But I am 
unsure how to configure it as such. Can anyone provide some pointers or more 
detailed info how to get this done?

Yes, the components have been designed precisely to facilitate these kinds of 
configurations.  In my day job, I run Guacamole configured in this way - with 
multiple Guacamole Client systems pointed at the same internal guacd host, and 
some of those Guacamole Client systems sitting in DMZ configurations.

Configuring this is quite simple - you just need to install the various 
components where you want them, and make sure the correct firewall ports are 
opened (Guacamole Client -> guacd on TCP/4822 by default, and guacd -> RDP, 
SSH, Telnet, Kubernetes, and/or VNC).  On the system where guacd is running 
configure guacd.conf such that it is listening on the appropriate interface.

On the systems running the Guacamole Client components (Tomcat), edit 
guacamole.properties and set guacd-hostname to the host name or IP of the 
system running guacd, and guacd-port to the port you've configured for guacd.

I also highly recommend using the SSL options to encrypt traffic between 
Guacamole Client and guacd if you're operating them on separate systems, else 
you will see full traffic (keystrokes, images, text, etc.) in plaintext on the 
wire, which is an unnecessary risk.  Configuring SSL is quite simple between 
Guacamole Client and guacd, as documented in the manual.

If you run into any issues with it do not hesitate to post back here with 
specific questions.

-Nick