Comments on How to install the web-based Guacamole Remote Desktop Client on Ubuntu 18.04 LTS

Hi,

Why does the machine need to have a root password set?

Thanks,

Alan.

I'd like to know why this isn't behind a https reverse proxy? In this day and age, it is very poor practice to expose login processes and data streams over unencrypted network connections. The author should know better since he claims 8 years of experience.

I'd like to point out you missed a backslash in the "Configure Guacamole" part in the user mapping.xml file. Also you didn't end usermapping at the end. I think the following piece of code is correct, as it worked for me.

<user-mapping> <authorize username="admin" password="55b38b03e7587a45fd886977842ff9b8" encoding="md5"> <connection name="Ubuntu-Server"> <protocol>ssh</protocol> <param name="hostname">192.168.0.150</param> <param name="port">22</param> <param name="username">root</param> </connection> <connection name="Windows Server"> <protocol>rdp</protocol> <param name="hostname">192.168.0.100</param> <param name="port">3389</param> </connection> </authorize></user-mapping>

* Your user-mapping.xml is missing the closing root tag and thus will fail to load.

* You do not need to set GUACAMOLE_HOME to /etc/guacamole. This is the default.

* You do not need to set the "guacd-hostname" property to "localhost". This is the default.

* You do not need to set the "guacd-port" property to "4822". This is the default.

* There is no "user-mapping" property. The property you're thinking of is "basic-user-mapping", but that property was deprecated and finally removed in 1.0.0. The value you're specifying ("/etc/guacamole/user-mapping.xml") is the value that will always be used. Specifying this in older releases would have produced a warning, and continued use of the property after 1.0.0 has no effect.

* You do not need to create or use /etc/guacamole/guacamole.properties if the values of all your properties would be the defaults.

* You do not need to create the "/etc/guacamole/extensions" directory if you are not installing extensions.

* You do not need to create the "/etc/guacamole/lib" directory if you are not installing Java libraries that will be used by extensions.

* I would not recommend putting guacamole.war within /etc/guacamole, as it makes no sense for binaries to reside within /etc (the standard base directory for configuration files). A more standard location would be /usr/share/guacamole or /var/lib/guacamole.

* It would be best to not point users at a specific mirror, but rather the main download page: http://guacamole.apache.org/releases/1.1.0/

This is insane.

Installing the Apache guacamole for SSH login without HTTPS connection is readlly bad idea and bad opsec.

shame for the author with 8 years experience.

Hello, could explain how to install the libraries for RDP?

'Cause I can see that in your example they are not installed. 

Thanks!

For those people who have no control over their reverse DNS configuration setting (which is managed by their ISP), it is not possible to setup HTTPS. While their ISP should not make this difficult, it is not a given that the ISP will cooperate. Or charge extra, which the customer either can't or won't pay.So yes, you are right about having/enabling HTTPS when you can. But again, not all ISPs manage their stuff as well as your ISP does. Besides that, HTTPS is only useful against 1 form of attack, so do not think for one moment the internet has become that much safer since more and more websites have it enabled. The Google hype regarding HTTPS is exaggerated (because it isn't difficult to game the certification system behind it and a lot of certificate vendors are too lax).

It is TOTALLY possible to setup SSL/HTTPS for DDNS using Let's Encrypt scripting.  Asus Routers do it with *.asuscomm.com, and you can also script it via noip.com domains into things like OpenVPN and other services.  You wouldn't want to do this with crucial data like an website or an exchange server, but there are some use cases that are extremely effective and easy to secure, especially when using 2FA.

The required depedency for RDP is freerdp2-dev, not libfreerdp-dev as this article states.

Was following the steps listed above. All was going well. I am stuck at signing into the apache gaucamole log on page. Went back an verified the user name and password. Cannot get logged on. What should I look at to troubleshot this issue?

Hi Donald,

I was also in your category, tried many times but stuck on same page. "Invalid Login" Every time not sure why.

I Have checked everything in log /var/log/tomcat8/catalina.out then i noticed one line in log "23:47:17.162 [http-nio-8080-exec-9] WARN  o.a.g.a.f.FileAuthenticationProvider - User mapping file "/etc/guacamole/user-mapping.xml" is not valid: The 'param' tag can contain no elements."

Then i again checked user-mapping.xml file and found closing '/' of param tag was missing. after makeing it correct. it's started working and i am able to login.

Note: Please do not forget to restart tomcat8 and guacd service.

Thank you.

At first step i get only

 

Paket gcc-6 ist nicht verfügbar, wird aber von einem anderen Paket referenziert. Das kann heißen, dass das Paket fehlt, dass es abgelöst wurde oder nur aus einer anderen Quelle verfügbar ist. Paket g++-6 ist nicht verfügbar, wird aber von einem anderen Paket referenziert. Das kann heißen, dass das Paket fehlt, dass es abgelöst wurde oder nur aus einer anderen Quelle verfügbar ist. E: Für Paket »gcc-6« existiert kein Installationskandidat. E: Für Paket »g++-6« existiert kein Installationskandidat.

Can anyone help me?

 Hi,I am using Ubuntu 18.04 LTS VM in azure and tried this setup in the VM.But while opening it in browser http://myip:8080/guacamole It shows 

This page isn’t working

52.188.115.16 didn’t send any data.

 

ERR_EMPTY_RESPONSE I am using version 1.2.0 for guacamole client and server.

can you help here?

Thank you very much Hitesh! It was very helpful.

I would like to highlight two things:

1. Missing Backslash in param tag

Others have also pointed this.

In user-mapping.xml there is a missing backslash in the closing param tag.

<param name="port">22<param>

This produces a "Invalid Login" message in the UI as the user-mapping.xml is invalid.

 

2. Ignore Certificate for RDP

In my case I had to add the below parameter for RDP connection.

<param name="ignore-cert">true</param>

Without this I was getting a message "Host is unreachable in UI" and  "Message will not be sent because the WebSocket session has been closed" in catalina.out.

I was trying to RDP into Ubuntu 18.04 LXC container with XRDP (ubuntu-desktop).