Guacamole Installation with separate servers for DMZ and Internal Setup

classic Classic list List threaded Threaded
30 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Guacamole Installation with separate servers for DMZ and Internal Setup

MARTINEZ, ARIEL
Hello,

From reviewing the documentation, I gather it is possible to install the tomcat Guacamole component on one server and have the guacd proxy on another. But I am unsure how to configure it as such. Can anyone provide some pointers or more detailed info how to get this done?

Thanks.

________________________________
This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Eco-Tip: Think green before you print.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Guacamole Installation with separate servers for DMZ and Internal Setup

vnick
On Wed, May 27, 2020 at 7:10 PM MARTINEZ, ARIEL <[hidden email]> wrote:
Hello,

From reviewing the documentation, I gather it is possible to install the tomcat Guacamole component on one server and have the guacd proxy on another. But I am unsure how to configure it as such. Can anyone provide some pointers or more detailed info how to get this done?


Yes, the components have been designed precisely to facilitate these kinds of configurations.  In my day job, I run Guacamole configured in this way - with multiple Guacamole Client systems pointed at the same internal guacd host, and some of those Guacamole Client systems sitting in DMZ configurations.

Configuring this is quite simple - you just need to install the various components where you want them, and make sure the correct firewall ports are opened (Guacamole Client -> guacd on TCP/4822 by default, and guacd -> RDP, SSH, Telnet, Kubernetes, and/or VNC).  On the system where guacd is running configure guacd.conf such that it is listening on the appropriate interface.

On the systems running the Guacamole Client components (Tomcat), edit guacamole.properties and set guacd-hostname to the host name or IP of the system running guacd, and guacd-port to the port you've configured for guacd.

I also highly recommend using the SSL options to encrypt traffic between Guacamole Client and guacd if you're operating them on separate systems, else you will see full traffic (keystrokes, images, text, etc.) in plaintext on the wire, which is an unnecessary risk.  Configuring SSL is quite simple between Guacamole Client and guacd, as documented in the manual.

If you run into any issues with it do not hesitate to post back here with specific questions.

-Nick
Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

MARTINEZ, ARIEL

Hi Nick,

 

Thank you for this information. Does the Guacamole client and guacd have the same required dependencies?  In other words do I need to install  Cairo, libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, should I install all of the dependencies on both servers?

 

Thanks.

From: Nick Couchman <[hidden email]>
Sent: Wednesday, May 27, 2020 8:24 PM
To: [hidden email]
Subject: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

 

WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: [hidden email]

 

On Wed, May 27, 2020 at 7:10 PM MARTINEZ, ARIEL <[hidden email]> wrote:

Hello,

From reviewing the documentation, I gather it is possible to install the tomcat Guacamole component on one server and have the guacd proxy on another. But I am unsure how to configure it as such. Can anyone provide some pointers or more detailed info how to get this done?

 

Yes, the components have been designed precisely to facilitate these kinds of configurations.  In my day job, I run Guacamole configured in this way - with multiple Guacamole Client systems pointed at the same internal guacd host, and some of those Guacamole Client systems sitting in DMZ configurations.

 

Configuring this is quite simple - you just need to install the various components where you want them, and make sure the correct firewall ports are opened (Guacamole Client -> guacd on TCP/4822 by default, and guacd -> RDP, SSH, Telnet, Kubernetes, and/or VNC).  On the system where guacd is running configure guacd.conf such that it is listening on the appropriate interface.

 

On the systems running the Guacamole Client components (Tomcat), edit guacamole.properties and set guacd-hostname to the host name or IP of the system running guacd, and guacd-port to the port you've configured for guacd.

 

I also highly recommend using the SSL options to encrypt traffic between Guacamole Client and guacd if you're operating them on separate systems, else you will see full traffic (keystrokes, images, text, etc.) in plaintext on the wire, which is an unnecessary risk.  Configuring SSL is quite simple between Guacamole Client and guacd, as documented in the manual.

 

If you run into any issues with it do not hesitate to post back here with specific questions.

 

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

vnick
On Thu, May 28, 2020 at 11:57 AM MARTINEZ, ARIEL <[hidden email]> wrote:

Hi Nick,

 

Thank you for this information. Does the Guacamole client and guacd have the same required dependencies?  In other words do I need to install  Cairo, libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, should I install all of the dependencies on both servers?

 


No, the dependencies are not the same.  Guacamole Client basically just requires Java and Tomcat, and then a web server if you want to reverse proxy through that.

The guacd dependencies include the items you mentioned - various libraries depending on the required protocols.
 
-Nick
Reply | Threaded
Open this post in threaded view
|

AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

Joachim Lindenberg

I am wondering why the docker containers are not more popular – they are ideal for not having to worry about dependencies.

Probably better documentation could help, like how to use extensions with docker, how to map volumes for extensions int guacamole, or RDP drive directories into guacd, etc..

Regards,

Joachim

 

Von: Nick Couchman <[hidden email]>
Gesendet: Donnerstag, 28. Mai 2020 18:21
An: [hidden email]
Betreff: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

 

On Thu, May 28, 2020 at 11:57 AM MARTINEZ, ARIEL <[hidden email]> wrote:

Hi Nick,

 

Thank you for this information. Does the Guacamole client and guacd have the same required dependencies?  In other words do I need to install  Cairo, libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, should I install all of the dependencies on both servers?

 

 

No, the dependencies are not the same.  Guacamole Client basically just requires Java and Tomcat, and then a web server if you want to reverse proxy through that.

 

The guacd dependencies include the items you mentioned - various libraries depending on the required protocols.

 

-Nick

Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

MARTINEZ, ARIEL
In reply to this post by vnick

Ok just double checking to try to get everything right on the first try, the server running guacd will need to have cairo, libjpeg, libpng, OSSP uuid library and any of the protocols that we need to support and the guacamole client server will just need java, tomcat and a web server installed, correct?

 

Thanks

 

 

From: Nick Couchman <[hidden email]>
Sent: Thursday, May 28, 2020 12:21 PM
To: [hidden email]
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

 

On Thu, May 28, 2020 at 11:57 AM MARTINEZ, ARIEL <[hidden email]> wrote:

Hi Nick,

 

Thank you for this information. Does the Guacamole client and guacd have the same required dependencies?  In other words do I need to install  Cairo, libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, should I install all of the dependencies on both servers?

 

 

No, the dependencies are not the same.  Guacamole Client basically just requires Java and Tomcat, and then a web server if you want to reverse proxy through that.

 

The guacd dependencies include the items you mentioned - various libraries depending on the required protocols.

 

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

sciUser
In reply to this post by Joachim Lindenberg
Docker is popular however it comes with a serious security risk, its always
better to build your own Guacamole instance over using Docker.  The risk is
in exploiting the host server through Docker container.  I have actually
done this and it can be pretty nasty if someone wanted to be malicious.  

I agree that documentation could be better, its lacks the show and tell
aspect with explanation.
I plan on fixing that gap once I complete this project in August, to give
proper instructional guides.
Don't get me wrong, Mike and Nick have done an outstanding job in
maintaining this project and if it wasn't for them Guacamole wouldn't be as
tasty as it is now.

This is why I will make this pledge, once my company hits $1MM revenue, I
will donate to the project $20k.  

Keep up the good work!
 



-----
A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
Known good Guacamole  installations

--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
Known good Guacamole installations
Reply | Threaded
Open this post in threaded view
|

AW: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

Joachim Lindenberg
Can you please elaborate a little to what risk you are referring? Have you
been able to escape a guacd or guacamole or some other container?  Via the
network interfaces exposed or how? Is there some thing to be done by the
project to improve container security? Actually I´d be willing to spend time
on it.
Imho the biggest issue with docker is which images to trust. For many
projects there is a plethora of users providing some container.
Thanks, Joachim

-----Ursprüngliche Nachricht-----
Von: sciUser <[hidden email]>
Gesendet: Donnerstag, 28. Mai 2020 19:08
An: [hidden email]
Betreff: Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers
for DMZ and Internal Setup

Docker is popular however it comes with a serious security risk, its always
better to build your own Guacamole instance over using Docker.  The risk is
in exploiting the host server through Docker container.  I have actually
done this and it can be pretty nasty if someone wanted to be malicious.  

I agree that documentation could be better, its lacks the show and tell
aspect with explanation.
I plan on fixing that gap once I complete this project in August, to give
proper instructional guides.
Don't get me wrong, Mike and Nick have done an outstanding job in
maintaining this project and if it wasn't for them Guacamole wouldn't be as
tasty as it is now.

This is why I will make this pledge, once my company hits $1MM revenue, I
will donate to the project $20k.  

Keep up the good work!
 



-----
A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
Known good Guacamole  installations

--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

mjumper
Administrator
On Thu, May 28, 2020, 10:29 Joachim Lindenberg <[hidden email]> wrote:
Can you please elaborate a little to what risk you are referring? Have you
been able to escape a guacd or guacamole or some other container?  Via the
network interfaces exposed or how? Is there some thing to be done by the
project to improve container security?

If there is such an issue with the images, please remember to follow responsible disclosure practices and report the issue privately via [hidden email]:


The other mailing lists are public, including user@, dev@, anything in JIRA, etc.

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

Peter De Tender
In reply to this post by sciUser
All,

I agree on optimizing documentation could be a good project; maybe it can be moved to a GitHub alike scenario where "anyone" can contribute to it and improve it?

That said, Mike and Nick are indeed of great help here, and fast in answering our questions. 

I used Guacamole as a 'user' for quite some time, and now started looking into using it myself from the setup to managing it, automation with REST API,... and going good so far. 

Since my core space is Azure, I obviously run it here; my setup got extended with Azure App Gateway and Azure Front Door (multiple region LB), and I am about to publish a blog post on how to set this all up.

BTW, does anyone know what platform this mail-list is working on? as in how to set up something similar?

Talk to you soon,

thx, Peter


From: sciUser <[hidden email]>
Sent: Thursday, May 28, 2020 19:07
To: [hidden email] <[hidden email]>
Subject: Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup
 
Docker is popular however it comes with a serious security risk, its always
better to build your own Guacamole instance over using Docker.  The risk is
in exploiting the host server through Docker container.  I have actually
done this and it can be pretty nasty if someone wanted to be malicious. 

I agree that documentation could be better, its lacks the show and tell
aspect with explanation.
I plan on fixing that gap once I complete this project in August, to give
proper instructional guides.
Don't get me wrong, Mike and Nick have done an outstanding job in
maintaining this project and if it wasn't for them Guacamole wouldn't be as
tasty as it is now.

This is why I will make this pledge, once my company hits $1MM revenue, I
will donate to the project $20k. 

Keep up the good work!
 



-----
A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
Known good Guacamole  installations

--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

vnick
On Thu, May 28, 2020 at 5:10 PM Peter De Tender <[hidden email]> wrote:
All,

I agree on optimizing documentation could be a good project; maybe it can be moved to a GitHub alike scenario where "anyone" can contribute to it and improve it?


It already is :-)


And we certainly welcome any contributions.  They need to follow the overall project guidelines for contributions - JIRA issue, style guidelines, pull requests, etc.
 
That said, Mike and Nick are indeed of great help here, and fast in answering our questions. 


Some days :-).
 
I used Guacamole as a 'user' for quite some time, and now started looking into using it myself from the setup to managing it, automation with REST API,... and going good so far. 

Since my core space is Azure, I obviously run it here; my setup got extended with Azure App Gateway and Azure Front Door (multiple region LB), and I am about to publish a blog post on how to set this all up.

BTW, does anyone know what platform this mail-list is working on? as in how to set up something similar?


I can't remember what Apache uses for the mailing list, but it's one of the big open source ones.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

mjumper
Administrator
On Thu, May 28, 2020, 14:18 Nick Couchman <[hidden email]> wrote:
On Thu, May 28, 2020 at 5:10 PM Peter De Tender <[hidden email]> wrote:
All,

I agree on optimizing documentation could be a good project; maybe it can be moved to a GitHub alike scenario where "anyone" can contribute to it and improve it?


It already is :-)


And we certainly welcome any contributions.  They need to follow the overall project guidelines for contributions - JIRA issue, style guidelines, pull requests, etc.

I think the idea of using a system like Read the Docs has been floated before. If that would help foster greater community involvement in documentation, perhaps we should look further into migrating.

I believe there is a way to remove the ads that would otherwise be shown through paying for a membership of some kind with Read the Docs. If that platform does seem the way to go, my dayjob would be happy to pay for it (though I'm personally unfamiliar with the ASF procedures for a company sponsoring project resources).

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

vnick
On Sat, May 30, 2020 at 3:13 AM Mike Jumper <[hidden email]> wrote:
On Thu, May 28, 2020, 14:18 Nick Couchman <[hidden email]> wrote:
On Thu, May 28, 2020 at 5:10 PM Peter De Tender <[hidden email]> wrote:
All,

I agree on optimizing documentation could be a good project; maybe it can be moved to a GitHub alike scenario where "anyone" can contribute to it and improve it?


It already is :-)


And we certainly welcome any contributions.  They need to follow the overall project guidelines for contributions - JIRA issue, style guidelines, pull requests, etc.

I think the idea of using a system like Read the Docs has been floated before. If that would help foster greater community involvement in documentation, perhaps we should look further into migrating.


Yeah, it would be nice to have a friendlier way for the community to contribute to documentation.  Read the Docs may be a good option.  The other thing we could consider is some sort of way of decoupling the documentation update process from the official software release process?  So, if we still wanted to follow JIRA issues, pull requests, etc., for documentation, we could do that, but allow documentation to be more "living" and less tied to the version release? Throwing that out there...

Also, I think we've also talked about leveraging the Apache Confluence system for the project before, but I seem to recall there were some limitations, there, though I'm fuzzy on the details.  Not sure if that's a place we could create a publicly-editable page (subject to review, etc.), or if there's a way to tie  that in with a Git repo??
 
I believe there is a way to remove the ads that would otherwise be shown through paying for a membership of some kind with Read the Docs. If that platform does seem the way to go, my dayjob would be happy to pay for it (though I'm personally unfamiliar with the ASF procedures for a company sponsoring project resources).


That would be quite generous - looks like they have a couple of "For Business" plans, but if we decide to go that route it might be worth reaching out to them, explaining the situation, and asking them what they recommend for an open source project that wants to avoid advertising.  After we ask ASF, of course...

-Nick 
Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

MARTINEZ, ARIEL
In reply to this post by vnick

Hello,

 

I installed guacd and the guacamole-client on different servers and am stuck at the step where I need to edit guacd.conf, because I cannot locate it. In what directory would this file be located on a standard installation?

 

Thanks

 

From: Nick Couchman <[hidden email]>
Sent: Thursday, May 28, 2020 12:21 PM
To: [hidden email]
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

 

On Thu, May 28, 2020 at 11:57 AM MARTINEZ, ARIEL <[hidden email]> wrote:

Hi Nick,

 

Thank you for this information. Does the Guacamole client and guacd have the same required dependencies?  In other words do I need to install  Cairo, libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, should I install all of the dependencies on both servers?

 

 

No, the dependencies are not the same.  Guacamole Client basically just requires Java and Tomcat, and then a web server if you want to reverse proxy through that.

 

The guacd dependencies include the items you mentioned - various libraries depending on the required protocols.

 

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

vnick
On Tue, Jun 2, 2020 at 10:26 AM MARTINEZ, ARIEL <[hidden email]> wrote:

Hello,

 

I installed guacd and the guacamole-client on different servers and am stuck at the step where I need to edit guacd.conf, because I cannot locate it. In what directory would this file be located on a standard installation?

 


You have to create the file, usually in the /etc/guacamole directory.

-Nick 
Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

MARTINEZ, ARIEL

Got it. In the guacd.conf the bind host should be the server running guacd correct? Also, once I do something similar with the guacamole.properties file, if communication between the components is working properly, should I at least get the guacamole login page or will I need to also go through the users/authentication/db settings first?

 

Thanks

 

From: Nick Couchman <[hidden email]>
Sent: Tuesday, June 2, 2020 11:15 AM
To: [hidden email]
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

 

On Tue, Jun 2, 2020 at 10:26 AM MARTINEZ, ARIEL <[hidden email]> wrote:

Hello,

 

I installed guacd and the guacamole-client on different servers and am stuck at the step where I need to edit guacd.conf, because I cannot locate it. In what directory would this file be located on a standard installation?

 

 

You have to create the file, usually in the /etc/guacamole directory.

 

-Nick 

Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

mjumper
Administrator
On Tue, Jun 2, 2020, 09:07 MARTINEZ, ARIEL <[hidden email]> wrote:

Got it. In the guacd.conf the bind host should be the server running guacd correct?


It should be the address that you want guacd to bind to. This will determine which network interface(s) can be used to connect to guacd.

Specifying 127.0.0.1 will cause guacd to bind to localhost, thus only allowing connections over the loopback interface. Specifying the wildcard address (0.0.0.0) will allow connections over any interface. Specifying the address of a specific interface will allow connections only through that interface and address.

Also, once I do something similar with the guacamole.properties file, if communication between the components is working properly, should I at least get the guacamole login page or will I need to also go through the users/authentication/db settings first?


You would need to try accessing a connection.

The login page and settings are all independent of guacd. The guacd service only comes into play when an remote desktop connection is being used.

- Mike

Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

MARTINEZ, ARIEL

Thanks. I am making progress and have moved on to the database authentication extension. I want to be sure I am configuring things in the right place. The instructions outlined in Chapter 6 of the instructions, all of this is happening on the server with tomcat or is it happening on the server with guacd?

 

Thanks,  

 

 

From: Mike Jumper <[hidden email]>
Sent: Tuesday, June 2, 2020 2:00 PM
To: [hidden email]
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

 

On Tue, Jun 2, 2020, 09:07 MARTINEZ, ARIEL <[hidden email]> wrote:

Got it. In the guacd.conf the bind host should be the server running guacd correct?

 

It should be the address that you want guacd to bind to. This will determine which network interface(s) can be used to connect to guacd.

 

Specifying 127.0.0.1 will cause guacd to bind to localhost, thus only allowing connections over the loopback interface. Specifying the wildcard address (0.0.0.0) will allow connections over any interface. Specifying the address of a specific interface will allow connections only through that interface and address.

 

Also, once I do something similar with the guacamole.properties file, if communication between the components is working properly, should I at least get the guacamole login page or will I need to also go through the users/authentication/db settings first?

 

You would need to try accessing a connection.

 

The login page and settings are all independent of guacd. The guacd service only comes into play when an remote desktop connection is being used.

 

- Mike

 

Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

vnick
On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL <[hidden email]> wrote:

Thanks. I am making progress and have moved on to the database authentication extension. I want to be sure I am configuring things in the right place. The instructions outlined in Chapter 6 of the instructions, all of this is happening on the server with tomcat or is it happening on the server with guacd?

 


The authentication is done by the Guacamole Client piece, which runs in Tomcat or a comparable Java container.  So, all of the configuration related to database and authentication will be done on the server running Guacamole Client (Tomcat).

-nick
Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

MARTINEZ, ARIEL

In configuring the database authentication after going through all the steps I am now getting an error in the guacamole login page. Disabling the database connection info in the guacamole.properties file removes the error, so I know it is a db issue.

 

I tried looking at the catalina.out file to see what the issue is but nothing is being logged. Is logging enabled by default or do I need to add something somewhere to get the debug logging?

 

Thanks again.

 

From: Nick Couchman <[hidden email]>
Sent: Tuesday, June 2, 2020 4:54 PM
To: [hidden email]
Subject: Re: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup

 

On Tue, Jun 2, 2020 at 4:26 PM MARTINEZ, ARIEL <[hidden email]> wrote:

Thanks. I am making progress and have moved on to the database authentication extension. I want to be sure I am configuring things in the right place. The instructions outlined in Chapter 6 of the instructions, all of this is happening on the server with tomcat or is it happening on the server with guacd?

 

 

The authentication is done by the Guacamole Client piece, which runs in Tomcat or a comparable Java container.  So, all of the configuration related to database and authentication will be done on the server running Guacamole Client (Tomcat).

 

-nick

12