Good evening/night/morning to you all! Following up the environment explained earlier, I am now trying to connect to a Windows 10 connection created by the Guacadmin User and assigned to a user. The connection fails before showing the logs, here is a quick overview of the environment:
Internet -- NGNIX Reverse Proxy --- Guacamole Server --- Win 10 connection. Guacamole 1.5.0 running on ubuntu 20.04 and Tomcat 9. The Guacamole Server IP is 10.X.14.254. <-- I change the second octet on the IP to "X" Tomcat running on port 8080. Guacamole server is running over port 4822. This environment was operating when I was not using database authentication. In order to find the error I am running Guacamole Server in DEBUG mode and I can see several obvious errors which I may know the answer to but I really need the group's assistance on this. Errors found: - To simplify reading this email, the logs are at the bottom of it. - As I am running Guacamole as the daemon user, its home directory is /usr/sbin which obviously the guacamole daemon does not have permissions to write to. - Please refer to the logs marked below in *BOLD*. - After several messages on the log, the error now changes to: unable to read file "/" which I believe has to do with the files and certificates the daemon was unable to write. - Please refer a little bit below to the final section of logs marked as *BOLD*. What I have looked for so far: - I believe my problem is that the daemon user cannot write on the path so I won't be able to connect. - This should be fixed by running guacamole with another user. - I did try to find some instructions on this list on how to configure the daemon to run as a different user but I could not find the instructions I believe I saw a few weeks ago on this list. - Looking around past posts, I found this from @ivanmarcus on the list: - https://lists.apache.org/thread/fhtrvf0vyhqbd0th4y81w9zfsbor1cd0 - On his instructions, he adds a step to set the location of the freedrp shared objects to what I think is a world writable directory but I may be wrong: - ln -s /usr/share/java/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/ mkdir -p /usr/lib/$(dpkg-architecture -qDEB_BUILD_GNU_TYPE)/freerdp ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/$(dpkg-architecture -qDEB_BUILD_GNU_TYPE)/freerdp/ - ldconfig - Problem is that when I try to replicate his instructions, I cannot find any freerdp shared objects on my Guacamole installation, only reference to some "rdp" files and directories but not any reference to "freerdp" - This makes me think I may be looking at the wrong side of things. HELP NEEDED: - How would you solve this? - Do you have any instructions on how to install and run guacamole not as root/daemon? Thanks a lot for the help! Below are the log entries for the above comments. Thanks again for the help. David. *Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: WARNING:#011FreeRDP initialization may fail: The current user's home directory ("/usr/sbin") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates.*Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011No security mode specified. Defaulting to security mode negotiation with server. Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Resize method: none Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011User "@d7306d3b-6613-4500-b22c-c40d54f8389d" joined connection "$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" (1 users now present) Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Loading keymap "base" Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Loading keymap "en-us-qwerty" *Mar 9 22:54:06 devpod-1 guacd[2754]: FreeRDP initialization may fail: The current user's home directory ("/usr/sbin") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates.* Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public org.apache.guacamole.net.GuacamoleTunnel org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser,org.apache.guacamole.auth.jdbc.connection.ModeledConnection,org.apache.guacamole.protocol.GuacamoleClientInformation,java.util.Map<java.lang.String, java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession not set for thread: 23, creating a new one Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1225840338 from pool. Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1225840338 ... Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1225840338 is GOOD! Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.949 [http-nio-8080-exec-3] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.cj.jdbc.ConnectionImpl@4910d6d2] Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.950 [http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.C.insert - ==> Preparing: INSERT INTO guacamole_connection_history ( connection_id, connection_name, remote_host, sharing_profile_id, sharing_profile_name, user_id, username, start_date, end_date ) VALUES ( ?, ?, ?, ?, ?, (SELECT user_id FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE guacamole_entity.name = ? AND guacamole_entity.type = 'USER'), ?, ?, ? ) Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.950 [http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.C.insert - ==> Parameters: 1(String), Win10(String), 10. *X*.14.254(String), null, null, Threatwise(String), Threatwise(String), 2023-03-09 22:54:05.949(Timestamp), null Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:05.951 [http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.C.insert - <== Updates: 1 Mar 9 22:54:06 devpod-1 guacd[2754]: No security mode specified. Defaulting to security mode negotiation with server. [...] *Mar 9 22:54:06 devpod-1 guacd[2754]: Unable to read file "/"Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Unable to read file "/"Mar 9 22:54:06 devpod-1 guacd[2754]: RDP server closed/refused connection: Security negotiation failed (wrong security type?)Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011RDP server closed/refused connection: Security negotiation failed (wrong security type?)*Mar 9 22:54:06 devpod-1 guacd[2754]: User "@d7306d3b-6613-4500-b22c-c40d54f8389d" disconnected (0 users remain) Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011User "@d7306d3b-6613-4500-b22c-c40d54f8389d" disconnected (0 users remain) Mar 9 22:54:06 devpod-1 guacd[2754]: guacd[2754]: INFO:#011Last user of connection "$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" disconnected Mar 9 22:54:06 devpod-1 guacd[2754]: Last user of connection "$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" disconnected Mar 9 22:54:06 devpod-1 guacd[2568]: Connection "$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" removed. Mar 9 22:54:06 devpod-1 guacd[2568]: guacd[2568]: INFO:#011Connection "$d0d2f0de-b9a3-4bfa-809e-303ced9cc0e5" removed. Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.507 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService - User "myusername" disconnected from connection "1". Duration: 490 milliseconds Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.508 [http-nio-8080-exec-8] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd. Mar 9 22:54:06 devpod-1 tomcat9[643]: 22:54:06.508 [Thread-8] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Connection to guacd closed. Mar 9 22:54:06 devpod-1 tomcat9[643]: org.apache.guacamole.GuacamoleConnectionClosedException: Connection to guacd is closed. Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:183) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at org.apache.guacamole.io.ReaderGuacamoleReader.readInstruction(ReaderGuacamoleReader.java:195) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:80) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:80) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at org.apache.guacamole.protocol.FilteredGuacamoleReader.read(FilteredGuacamoleReader.java:63) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:246) Mar 9 22:54:06 devpod-1 tomcat9[643]: Caused by: java.net.SocketException: Socket closed Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at java.base/java.net.SocketInputStream.read(SocketInputStream.java:183) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at java.base/sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at java.base/sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at java.base/sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at java.base/java.io.InputStreamReader.read(InputStreamReader.java:181) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011at org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:169) Mar 9 22:54:06 devpod-1 tomcat9[643]: #011... 5 common frames omitted