Re: Telnet/SSH buffer size

[Mike Jumper]

On Thu, Oct 19, 2017 at 8:14 AM, Nick Couchman  wrote:
> On Thu, Oct 19, 2017 at 9:24 AM, McRoy, Jeffrey (GE Healthcare)
>  wrote:
>>
>> Hi Everyone,
>>
>> Does anyone know what the buffer size is for Guac’s Telnet and SSH
>> sessions?
>>
>
> For SSH, looks like 8192:
>
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/ssh/ssh.c#L157
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/ssh/ssh.c#L177
>
> For telnet, looks probably 8192 for most things, but there are a couple of
> operations that are slightly different:
>
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/telnet/telnet.c#L92
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/telnet/telnet.c#L263
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/telnet/telnet.c#L386
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/telnet/telnet.c#L465
>

In case you meant the size of the scrollback buffer, the answer is 1000 lines:

https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/terminal/terminal.c#L327-L328

- Mike

Re: Assistance on creating jar file from directory

[Nick Couchman]

On Thu, Oct 19, 2017 at 5:27 PM, Charles Mccrea 
wrote:

> Hello Nick and thank you for this explanation.
>
> I've searched my guacamole server for a guacamole.properties location.  I
> found two:
>
> /etc/guacamole/guacamole.properties
> /usr/share/tomcat/.guacamole/guacamole.properties
>
> It would appear that one is a pointer to the other so basically I have
> found my guacamole.properties file.
>
> Looking within my guacamole.properties file I do not find an entry for
> GUACAMOLE_HOME.  Should this environment variable be there?
>
>
>- Will defining a Guacamole_home environment variable then tell
>guacamole where to find my new extension .jar file?
>- And my Guacamole does work as of now in that I can login and use
>Guacamole.  So how does my Guacamole currently work if it doesn't know
>where the Guacamole home is?
>
> Charles,
I think all you need to do is create the extensions directory inside the
/etc/guacamole and/or /usr/share/tomcat/.guacamole directory, then drop
your JAR file in there and restart Tomcat or redeploy the web app.

-Nick

Re: Error when query LDAPuser DN

[adrianz]

Thanks a lot! That worked.



--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Re: mySQL authentication issue.

[Nick Couchman]

On Thu, Oct 19, 2017 at 4:19 PM, Darch  wrote:

> Half a day trying to figure it out...and you're right.  I got all the files
> directly this time.  My mistake was using Maven to build my guacamole.war
> file initially.
>
>
You can definitely build it, but, if you do, make sure to grab all of the
extension JARs from the build directory, as well, to make sure the version
is the same.  There have been a few significant changes in the current git
master branch that will render mixed versions of extensions and the main
WAR file incompatible.

Glad you got it working - enjoy, and post back if you run into any other
issues!

-Nick

Re: Assistance on creating jar file from directory

[Charles Mccrea]

Hello Nick and thank you for this explanation.

I've searched my guacamole server for a guacamole.properties location.  I
found two:

/etc/guacamole/guacamole.properties
/usr/share/tomcat/.guacamole/guacamole.properties

It would appear that one is a pointer to the other so basically I have
found my guacamole.properties file.

Looking within my guacamole.properties file I do not find an entry for
GUACAMOLE_HOME.  Should this environment variable be there?


   - Will defining a Guacamole_home environment variable then tell
   guacamole where to find my new extension .jar file?
   - And my Guacamole does work as of now in that I can login and use
   Guacamole.  So how does my Guacamole currently work if it doesn't know
   where the Guacamole home is?


Thank you.



On Thu, Oct 19, 2017 at 2:49 PM, Nick Couchman  wrote:

> On Thu, Oct 19, 2017 at 2:40 PM, Charles Mccrea 
> wrote:
>
>> Hello,
>>
>> I'm attempting to make a custom icon on my login page.  I've installed
>> Guacamole on CentOS 7.
>>
>> I'm using information from this page - http://apache-guacamole-incu
>> bating-users.2363388.n4.nabble.com/Branding-the-login-page-td281.html
>>
>> I've created my jar file and put this into the following location:
>>
>> /var/lib/guacamole/extensions/
>>
>> I then restart my guacamole server and reload my guacamole website.  The
>> changes I've put into the new jar file I created are not showing up.  Do I
>> need to change anything else in Guacamole so it knows to use my jar file?
>>
>>
> Charles,
> Have you defined /var/lib/guacamole either in the GUACAMOLE_HOME
> environment variable or in the catalina.properties file under the
> guacamole.home property?  The default is a ".guacamole" directory in the
> Tomcat user's home directory, so you would need to override this if you
> wanted it elsewhere.
>
> http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#
> guacamole-home
>
> -Nick
>

Re: mySQL authentication issue.

[Darch]

Half a day trying to figure it out...and you're right.  I got all the files
directly this time.  My mistake was using Maven to build my guacamole.war
file initially.  

Thanks!  

Now to figure out everything this nice little engine can do for me...



--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Re: Error when query LDAPuser DN

[Paul Cantle]

Hi,

If you're using AD and wasn’t to query from the root, then use this

ldap-port: 3268

That should sort it.

Rgds

paul

On 19/10/2017, 20:24, "adrianz"  wrote:

Hello,

I have LDAP authentication enabled and the following setting:

ldap-user-base-dn: DC=corp,DC=domain,DC=com

I am getting the following error when trying to login as a user that's part
of the domain:
[http-nio-8080-exec-10] ERROR o.a.g.a.l.AuthenticationProviderService -
Cannot bind with LDAP server: Error while query user DNs.

However, if I specify the actual OU inside the domain I am able to login
successfully.

Is there a way to allow searching through the entire AD structure? The
reason being that we have users part of different OU's. 

Or, is there a way to specify multiple OU's?



--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Re: mySQL authentication issue.

[Nick Couchman]

On Thu, Oct 19, 2017 at 3:27 PM, Darch  wrote:

> Trying out Guacamole, I've followed the instructions on the site.  First
> step, I got it to work without issues with a flat user-mapping.xml.
>
> Now, moving on, I'm trying to use with mysql auth.  Somehow, the
> authentication provider extension fails to start.  I have by java connector
> in lib.  I have my extension in extensions.  My GUACAMOLE_HOME is pointing
> to the right folder /usr/share/tomcat/.guacamole.
>
> Am setup on Fedora 26 with Tomcat 8
>
> Here is the error message I get, any ideas?
>
> ...
> Oct 19 13:59:13 docker server: 13:59:13.474 [localhost-startStop-1] ERROR
> o.a.g.extension.ProviderFactory - authentication provider extension failed
> to start: com.google.inject.internal.util.$ComputationException:
> java.lang.NoClassDefFoundError:
> org/apache/guacamole/net/auth/ConnectionRecordSet$SortableProperty
>
>
This error actually looks like a version mismatch between the MySQL
extension and the core Guacamole WAR.  It looks like maybe you used an
older version of the MySQL JAR with the newer Guacamole WAR file.  Are you
downloading/installing all of this from the Guacamole web page, or have you
custom built any of it?  If you're building from the git repo, I'd suggest
removing all of your WAR and JAR files, doing a clean build, and installing
everything from the clean build.

-Nick

mySQL authentication issue.

[Darch]

Trying out Guacamole, I've followed the instructions on the site.  First
step, I got it to work without issues with a flat user-mapping.xml.

Now, moving on, I'm trying to use with mysql auth.  Somehow, the
authentication provider extension fails to start.  I have by java connector
in lib.  I have my extension in extensions.  My GUACAMOLE_HOME is pointing
to the right folder /usr/share/tomcat/.guacamole.

Am setup on Fedora 26 with Tomcat 8

Here is the error message I get, any ideas?

Oct 19 13:59:13 docker server: 19-Oct-2017 13:59:13.408 WARNING
[localhost-startStop-1] com.google.inject.internal.ProxyFactory.
Method [public void
org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.add(org.apache.guacamole.net.auth.Identifiable)
throws org.apache.guacamole.GuacamoleException] is synthetic and is being
intercepted by
[org.mybatis.guice.transactional.TransactionalMethodInterceptor@14c2a71d].
This could indicate a bug.  The method may be intercepted twice, or may not
be intercepted at all.
Oct 19 13:59:13 docker server: 19-Oct-2017 13:59:13.409 WARNING
[localhost-startStop-1] com.google.inject.internal.ProxyFactory.
Method [public void
org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.update(org.apache.guacamole.net.auth.Identifiable)
throws org.apache.guacamole.GuacamoleException] is synthetic and is being
intercepted by
[org.mybatis.guice.transactional.TransactionalMethodInterceptor@14c2a71d].
This could indicate a bug.  The method may be intercepted twice, or may not
be intercepted at all.
Oct 19 13:59:13 docker server: 19-Oct-2017 13:59:13.438 WARNING
[localhost-startStop-1] com.google.inject.internal.ProxyFactory.
Method [public void
org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory.add(org.apache.guacamole.net.auth.Identifiable)
throws org.apache.guacamole.GuacamoleException] is synthetic and is being
intercepted by
[org.mybatis.guice.transactional.TransactionalMethodInterceptor@14c2a71d].
This could indicate a bug.  The method may be intercepted twice, or may not
be intercepted at all.
Oct 19 13:59:13 docker server: 19-Oct-2017 13:59:13.439 WARNING
[localhost-startStop-1] com.google.inject.internal.ProxyFactory.
Method [public void
org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory.update(org.apache.guacamole.net.auth.Identifiable)
throws org.apache.guacamole.GuacamoleException] is synthetic and is being
intercepted by
[org.mybatis.guice.transactional.TransactionalMethodInterceptor@14c2a71d].
This could indicate a bug.  The method may be intercepted twice, or may not
be intercepted at all.
Oct 19 13:59:13 docker server: 13:59:13.474 [localhost-startStop-1] ERROR
o.a.g.extension.ProviderFactory - authentication provider extension failed
to start: com.google.inject.internal.util.$ComputationException:
java.lang.NoClassDefFoundError:
org/apache/guacamole/net/auth/ConnectionRecordSet$SortableProperty
Oct 19 13:59:13 docker server: 13:59:13.478 [localhost-startStop-1] INFO 
o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is
"/usr/share/tomcat/.guacamole".
Oct 19 13:59:13 docker server: 19-Oct-2017 13:59:13.519 WARNING
[localhost-startStop-1] com.google.inject.internal.ProxyFactory.
Method [public void
org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.add(org.apache.guacamole.net.auth.Identifiable)
throws org.apache.guacamole.GuacamoleException] is synthetic and is being
intercepted by
[org.mybatis.guice.transactional.TransactionalMethodInterceptor@2149ea97].
This could indicate a bug.  The method may be intercepted twice, or may not
be intercepted at all.
Oct 19 13:59:13 docker server: 19-Oct-2017 13:59:13.520 WARNING
[localhost-startStop-1] com.google.inject.internal.ProxyFactory.
Method [public void
org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.update(org.apache.guacamole.net.auth.Identifiable)
throws org.apache.guacamole.GuacamoleException] is synthetic and is being
intercepted by
[org.mybatis.guice.transactional.TransactionalMethodInterceptor@2149ea97].
This could indicate a bug.  The method may be intercepted twice, or may not
be intercepted at all.
Oct 19 13:59:13 docker server: 19-Oct-2017 13:59:13.521 WARNING
[localhost-startStop-1] com.google.inject.internal.ProxyFactory.
Method [public void
org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory.add(org.apache.guacamole.net.auth.Identifiable)
throws org.apache.guacamole.GuacamoleException] is synthetic and is being
intercepted by
[org.mybatis.guice.transactional.TransactionalMethodInterceptor@2149ea97].
This could indicate a bug.  The method may be intercepted twice, or may not
be intercepted at all.
Oct 19 13:59:13 docker server: 19-Oct-2017 13:59:13.521 WARNING
[localhost-startStop-1] com.google.inject.internal.ProxyFactory.
Method [public void
org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory.update(org.apache.guacamole.net.auth.Identifiable)
throws org.apache.guacamole.GuacamoleException] is synthetic and is 

Error when query LDAPuser DN

[adrianz]

Hello,

I have LDAP authentication enabled and the following setting:

ldap-user-base-dn: DC=corp,DC=domain,DC=com

I am getting the following error when trying to login as a user that's part
of the domain:
[http-nio-8080-exec-10] ERROR o.a.g.a.l.AuthenticationProviderService -
Cannot bind with LDAP server: Error while query user DNs.

However, if I specify the actual OU inside the domain I am able to login
successfully.

Is there a way to allow searching through the entire AD structure? The
reason being that we have users part of different OU's. 

Or, is there a way to specify multiple OU's?



--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Re: Assistance on creating jar file from directory

[Nick Couchman]

On Thu, Oct 19, 2017 at 2:40 PM, Charles Mccrea 
wrote:

> Hello,
>
> I'm attempting to make a custom icon on my login page.  I've installed
> Guacamole on CentOS 7.
>
> I'm using information from this page - http://apache-guacamole-
> incubating-users.2363388.n4.nabble.com/Branding-the-login-page-td281.html
>
> I've created my jar file and put this into the following location:
>
> /var/lib/guacamole/extensions/
>
> I then restart my guacamole server and reload my guacamole website.  The
> changes I've put into the new jar file I created are not showing up.  Do I
> need to change anything else in Guacamole so it knows to use my jar file?
>
>
Charles,
Have you defined /var/lib/guacamole either in the GUACAMOLE_HOME
environment variable or in the catalina.properties file under the
guacamole.home property?  The default is a ".guacamole" directory in the
Tomcat user's home directory, so you would need to override this if you
wanted it elsewhere.

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#guacamole-home

-Nick

Re: Websockets not working

[Nick Couchman]

On Thu, Oct 19, 2017 at 1:36 PM, Colin McGuigan <
colin_guacam...@walkingshadows.org> wrote:

> Update: Without changing any configuration (only working on my extension),
> this problem resolved itself and I now see the websocket tunnel in use.
>
> I have no idea what caused it to change, other than the possibility of
> tomcat restarts.
>
>
Colin,
I did notice something in the following line:

> GET
ws://:8080/guacamole/websocket-tunnel?token=
943D0910D316FE59C5C110AD800DFF7FBDFD7529000C1D7503719FD9828D
B69B_DATA_SOURCE=saml_ID=_TYPE=
c_WIDTH=948_HEIGHT=998_DPI=120_AUDIO=
audio%2FL8_AUDIO=audio%2FL16_IMAGE=image%2Fjpeg&
GUAC_IMAGE=image%2Fpng_IMAGE=image%2Fwebp

The GUAC_DATA_SOURCE=saml is a bit interesting.  I'm guessing that your
SAML extension is only doing authentication, it's not providing any
computer data, correct?  If so, this line indicates the issue, that it
is/was trying to retrieve the connection from the SAML data source, when it
is actually in another data source.  Perhaps the change you made caused it
to correct this parameter??

-Nick

Assistance on creating jar file from directory

[Charles Mccrea]

Hello,

I'm attempting to make a custom icon on my login page.  I've installed
Guacamole on CentOS 7.

I'm using information from this page -
http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Branding-the-login-page-td281.html

I've created my jar file and put this into the following location:

/var/lib/guacamole/extensions/

I then restart my guacamole server and reload my guacamole website.  The
changes I've put into the new jar file I created are not showing up.  Do I
need to change anything else in Guacamole so it knows to use my jar file?

Thank you.

Re: Websockets not working

[Colin McGuigan]

Update: Without changing any configuration (only working on my extension),
this problem resolved itself and I now see the websocket tunnel in use.

I have no idea what caused it to change, other than the possibility of
tomcat restarts.



--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Telnet/SSH buffer size

[McRoy, Jeffrey (GE Healthcare)]

Hi Everyone,

 

Does anyone know what the buffer size is for Guac’s Telnet and SSH sessions?

 

 

Thanks,

Jeff

 



smime.p7s
Description: S/MIME cryptographic signature

Re: Problems with basic authentication

[Felix Wolfheimer]

Argh, indeed this was a permission problem. I used "chmod -R 0400
/etc/guacamole" to set permissions which is sufficient for the
configuration files but not for the directory itself of course. This
basically locked out the tomcat user and the messages in /var/log/messages
then confused me. Maybe it would be a good idea to just add some output in
the code which checks for the Guacamole home issuing a warning that a
directory is present but can't be opened because access is denied.

BTW: Is there a way to file a bug regarding the documentation issue you
mentioned? Things like this can be quite confusing and fixing them is quite
easy. ;-)

Thanks for your great help!

2017-10-19 0:57 GMT+02:00 Mike Jumper :

> On Wed, Oct 18, 2017 at 5:30 AM, Felix Wolfheimer
>  wrote:
> > Hi Nick,
> >
> > thanks for your help and your suggestions. I created /etc/guacamole and
> put
> > guacamole.properties into this directory. The file has the following
> > content:
> >
> > guacd-hostname: localhost
> > guacd-port: 4822
> > user-mapping: /etc/guacamole/user-mapping.xml
> >
>
> Beware that:
>
> 1) The property "user-mapping" is a typo in the manual, and should
> actually be "basic-user-mapping"
> 2) The "basic-user-mapping" property was deprecated in 0.9.10-incubating
> [1]
>
> Though the property "basic-user-mapping" should still work, its use is
> no longer recommended. The default location of
> "GUACAMOLE_HOME/user-mapping.xml" should be used instead.
>
> It's worth noting that "/etc/guacamole" was recently added to the
> default search locations for GUACAMOLE_HOME [2], so the locations
> you're using for everything here is actually the default on git and
> for future releases.
>
> - Mike
>
> [1] http://guacamole.incubator.apache.org/releases/0.9.10-
> incubating/#deprecation-of-the-basic-user-mapping-property
> [2] https://issues.apache.org/jira/browse/GUACAMOLE-335
>