Good evening/night/morning to you all!
Following up the environment explained earlier, I am now trying to connect
to a Windows 10 connection created by the Guacadmin User and assigned to a
user. The connection fails before showing the logs, here is a quick
overview of the environment:
Internet -- NGNIX Reverse Proxy --- Guacamole Server --- Win 10 connection.
Guacamole 1.5.0 running on ubuntu 20.04 and Tomcat 9.
The Guacamole Server IP is 10.X.14.254. <-- I change the second octet on
the IP to "X"
Tomcat running on port 8080.
Guacamole server is running over port 4822.
This environment was operating when I was not using database authentication.
In order to find the error I am running Guacamole Server in DEBUG mode and
I can see several obvious errors which I may know the answer to but I
really need the group's assistance on this.
Errors found:
- To simplify reading this email, the logs are at the bottom of it.
- As I am running Guacamole as the daemon user, its home directory is
/usr/sbin which obviously the guacamole daemon does not have permissions to
write to.
- Please refer to the logs marked below in *BOLD*.
- After several messages on the log, the error now changes to: unable to
read file "/" which I believe has to do with the files and certificates the
daemon was unable to write.
- Please refer a little bit below to the final section of logs marked
as *BOLD*.
What I have looked for so far:
- I believe my problem is that the daemon user cannot write on the path
so I won't be able to connect.
- This should be fixed by running guacamole with another user.
- I did try to find some instructions on this list on how to
configure the daemon to run as a different user but I could not find the
instructions I believe I saw a few weeks ago on this list.
- Looking around past posts, I found this from @ivanmarcus on the list:
- https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0
- On his instructions, he adds a step to set the location of the
freedrp shared objects to what I think is a world writable
directory but I
may be wrong:
-
ln -s /usr/share/java/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/
mkdir -p /usr/lib/$(dpkg-architecture -qDEB_BUILD_GNU_TYPE)/freerdp
ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/$(dpkg-architecture
-qDEB_BUILD_GNU_TYPE)/freerdp/
-
ldconfig
- Problem is that when I try to replicate his instructions, I cannot
find any freerdp shared objects on my Guacamole installation, only
reference to some "rdp" files and directories but not any reference to
"freerdp"
- This makes me think I may be looking at the wrong side of things.
HELP NEEDED:
- How would you solve this?
- Do you have any instructions on how to install and run guacamole not
as root/daemon?
Thanks a lot for the help!
Below are the log entries for the above comments.
Thanks again for the help.
David.
*Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: WARNING:#011FreeRDP
initialization may fail: The current user's home directory ("/usr/sbin") is
not writable, but FreeRDP generally requires a writable home directory for
storage of configuration files and certificates.*Mar 9 22:54:06 devpod-1
guacd[2754]: guacd[2754]: INFO:#011No security mode specified. Defaulting
to security mode negotiation with server.
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Resize method:
none
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011No clipboard
line-ending normalization specified. Defaulting to preserving the format of
all line endings.
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011User
"@d7306d3b-6613-4500-b22c-c40d54f8389d" joined connection
"$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" (1 users now present)
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Loading keymap
"base"
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Loading keymap
"en-us-qwerty"
*Mar 9 22:54:06 devpod-1 guacd[2754]: FreeRDP initialization may fail: The
current user's home directory ("/usr/sbin") is not writable, but FreeRDP
generally requires a writable home directory for storage of configuration
files and certificates.*
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public
org.apache.guacamole.net.GuacamoleTunnel
org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser,org.apache.guacamole.auth.jdbc.connection.ModeledConnection,org.apache.guacamole.protocol.GuacamoleClientInformation,java.util.Map<java.lang.String,
java.lang.String>) throws org.apache.guacamole.GuacamoleException] -
SqlSession not set for thread: 23, creating a new one
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1225840338
from pool.
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1225840338 ...
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1225840338 is GOOD!
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3]
DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC
Connection [com.mysql.cj.jdbc.ConnectionImpl@4910d6d2]
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.950 [http-nio-8080-exec-3]
DEBUG o.a.g.a.j.c.C.insert - ==> Preparing: INSERT INTO
guacamole_connection_history ( connection_id, connection_name, remote_host,
sharing_profile_id, sharing_profile_name, user_id, username, start_date,
end_date ) VALUES ( ?, ?, ?, ?, ?, (SELECT user_id FROM guacamole_user JOIN
guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name = ? AND guacamole_entity.type = 'USER'), ?, ?,
? )
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.950 [http-nio-8080-exec-3]
DEBUG o.a.g.a.j.c.C.insert - ==> Parameters: 1(String), Win10(String), 10.
*X*.14.254(String), null, null, Threatwise(String), Threatwise(String),
2023-03-09 22:54:05.949(Timestamp), null
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.951 [http-nio-8080-exec-3]
DEBUG o.a.g.a.j.c.C.insert - <== Updates: 1
Mar 9 22:54:06 devpod-1 guacd[2754]: No security mode specified.
Defaulting to security mode negotiation with server.
[...]
*Mar 9 22:54:06 devpod-1 guacd[2754]: Unable to read file "/"Mar 9
22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Unable to read file
"/"Mar 9 22:54:06 devpod-1 guacd[2754]: RDP server closed/refused
connection: Security negotiation failed (wrong security type?)Mar 9
22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011RDP server
closed/refused connection: Security negotiation failed (wrong security
type?)*Mar 9 22:54:06 devpod-1 guacd[2754]: User
"@d7306d3b-6613-4500-b22c-c40d54f8389d" disconnected (0 users remain)
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011User
"@d7306d3b-6613-4500-b22c-c40d54f8389d" disconnected (0 users remain)
Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Last user of
connection "$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" disconnected
Mar 9 22:54:06 devpod-1 guacd[2754]: Last user of connection
"$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" disconnected
Mar 9 22:54:06 devpod-1 guacd[2568]: Connection
"$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" removed.
Mar 9 22:54:06 devpod-1 guacd[2568]: guacd[2568]: INFO:#011Connection
"$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" removed.
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.507 [http-nio-8080-exec-8]
INFO o.a.g.tunnel.TunnelRequestService - User "myusername" disconnected
from connection "1". Duration: 490 milliseconds
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.508 [http-nio-8080-exec-8]
DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.
Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.508 [Thread-8] DEBUG
o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Connection to guacd closed.
Mar 9 22:54:06 devpod-1 tomcat9[643]:
org.apache.guacamole.GuacamoleConnectionClosedException: Connection to
guacd is closed.
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:183)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.io.ReaderGuacamoleReader.readInstruction(ReaderGuacamoleReader.java:195)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:80)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:80)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.protocol.FilteredGuacamoleReader.read(FilteredGuacamoleReader.java:63)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:246)
Mar 9 22:54:06 devpod-1 tomcat9[643]: Caused by: java.net.SocketException:
Socket closed
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/java.net.SocketInputStream.read(SocketInputStream.java:183)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
java.base/java.io.InputStreamReader.read(InputStreamReader.java:181)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at
org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:169)
Mar 9 22:54:06 devpod-1 tomcat9[643]: #011... 5 common frames omitted
