Guacamole 0.8.3

From Linuxintro
Hello! baceakd interesting baceakd site! I'm really like it! Very, very baceakd good!

Quickstart

This will show you

  • how to install guacamole 0.8.3 on Ubuntu (tested with 10.04 and 12.04)
  • how to make this configuration survive a reboot
  • how to secure transmission with SSL
  • how to make the website accessible from behind a firewall (port 80 or 443)

Here's what you do as root user:

  • install software that we will need later:
apt-get update
apt-get install tomcat6 tightvncserver make xterm

configure VNC server

Guacamole does the communication between a VNC server and the web browser. So whatever you see in VNC will be in the browser. Let's use gnome as desktop environment:

  • install gnome:
apt-get install gnome-session
  • activate gnome for your VNC:
cd
mkdir .vnc
cat >> .vnc/xstartup <<EOF
#!/bin/sh
gnome-session || xterm
EOF
chmod 777 .vnc/xstartup

deploy guacamole client

# mv guacamole-0.8.3.war /var/lib/tomcat6/webapps/
  • surf to http://localhost:8080/guacamole-0.8.3. A folder /var/lib/tomcat6/webapps/guacamole-0.8.3 will be created with some content. We will need that later.
  • although login is not yet possible your browser will show a login screen like that:

Guacamole-login.png

install guacamole server

  • install some dependencies that the server will need to build with vnc support:
apt-get install libvncserver-dev libpng-dev libcairo-dev
tar xvzf guacamole-server-0.8.3.tar.gz
  • build the server:
cd guacamole-server-0.8.3
./configure && make -j8 && make install
  • the following step is ugly; installation and binary do not completely fit so we must do that:
ln -s /usr/local/lib/libguac.so* /lib
ln -s /usr/local/lib/libguac-client-vnc.so* /lib/
  • now we start the guacamole daemon
# guacd 
guacd[11581]: INFO:  Guacamole proxy daemon (guacd) version 0.8.3
guacd[11581]: INFO:  Successfully bound socket to host ::1, port 4822
guacd[11581]: INFO:  Exiting and passing control to PID 11582

configure guacamole

  • create a folder for guacamole's configuration:
mkdir /etc/guacamole
  • create a file /etc/guacamole/guacamole.properties with the content
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port:     4822

# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole-0.8.3/WEB-INF/classes

# Authentication provider class
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

# Properties used by BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
  • create a file /etc/guacamole/user-mapping.xml with the content
<user-mapping>
   <authorize username="user" password="password">
      <protocol>vnc</protocol>
         <param name="hostname">localhost</param>
         <param name="port">5901</param>
         <param name="password">password</param>
    </authorize>
</user-mapping>

configure tomcat

  • find out your tomcat's user directory:
# cat /etc/passwd|grep tomcat
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
in this case it is /usr/share/tomcat6
  • create a folder .guacamole in your tomcat's user directory:
mkdir /usr/share/tomcat6/.guacamole
  • link guacamole.properties into your tomcat's user directories' guacamole folder
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole

finishing

  • start a vnc server, as password set password (the vnc password given in user-mappings.xml)
vncserver
  • restart your tomcat server
/etc/init.d/tomcat6 restart

Guacamole-after-login.png

  • next steps: SSL
  • next steps: proxypass

Persist it

Add the following lines to /etc/crontab:

@reboot root /usr/local/sbin/guacd &
@reboot root USER=root /usr/bin/vncserver

TroubleShooting

invalid login

  • now the problem is that tomcat does not know where to find the Authentication class:

/var/lib/tomcat6/webapps/guacamole/WEB-INF/classes/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.class

is not in /etc/guacamole/guacamole.properties

  • so add it
  • cat /etc/passwd gives me a line
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
ll /usr/share/tomcat6/.guacamole/
total 8
drwxr-xr-x 2 root root 4096 Nov 26 07:58 ./
drwxr-xr-x 6 root root 4096 Nov 26 07:57 ../
lrwxrwxrwx 1 root root   35 Nov 26 07:58 guacamole.properties -> /etc/guacamole/guacamole.properties
  • works now. So the thing is:
    • take care that it is called guacamole and not guacamole-0.8.3 (sure?)
    • make sure the classpath in /etc/guacamole/guacamole.properties is correct, e.g.
# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole/WEB-INF/classes

Server error

  • now I got a server error so I straced guacd:
strace -p 15332

and saw

[pid 20344] open("/usr/lib/x86_64-linux-gnu/libguac-client-vnc.so", O_RDONLY) = -1 ENOENT (No such file or directory)

so the problem is that libguac-client-vnc.so is missing.

  • downloaded java version 1.7.45 and compiled guacamole-client using mvn. But there was no *.so* file in it
  • so installed libvncserver-dev and rebuild and reinstalled guacamole-server
  • and there it is, libguac-client-vnc.so
  • now the error message changed from "server error" to "unauthorized"

See also