Getting Database Authentication to work on Apache Guacamole

Question

Got Apache Guacamole and Tomcat working between two laptops and a PC under LAN.

However, was always updating user and connection details through user-mapping.xml

I decided to then set up Database Authentication for easier changing of user-mapping,

setup and had active SQLServer, MYSQL as well as now PostGreSQL, all are active and running (not concurrently, tried one by one and then uninstalled) however guacamole login details remain the same and seem to be unaffected by the changes in guacamole.properties.

Here is my latest guacamole.properties file for reference. (PostGreSQL Version atm)

guacd-hostname:localhost
guacd-port: 4822
user-mapping:/etc/guacamole/user-mapping.xml
auth-provider:
net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
# MySQL properties
#mysql-hostname: localhost
#mysql-port: 3306
#mysql-database: guacamole_db
#mysql-username: SHRDC
#mysql-password: Shrdc_1234
#mysql-user-required: true
# PostgreSQL properties
postgresql-hostname: localhost
postgresql-port: 5432
postgresql-database: guacamole_db
postgresql-username: SHRDC
postgresql-password: Shrdc_1234
postgresql-user-required: true

I feel its some connector, driver issue hence not being recognised. Something to change in /lib or /extensions?

For reference, the auth driver and auth connector i am using are currently:

in /extensions: guacamole-auth-jdbc-postgresql.jar (Previously was guacamole-auth-jdbc-postgresql-1.2.0.jar before i renamed it trying smth out)

in /lib: postgresql-42.2.14.jar

all steps followed as per: https://guacamole.apache.org/doc/gug/jdbc-auth.html

Would love some feedback, been stuck trying to get DB authentication to work for a week plus now!

Sincerely

score 2 · Answer 1 · answered Aug 10 '20 at 19:59

I've encountered the exact same problem, however my setup uses docker. In my case, there are discrepancies between actual code and documentations. I will explain how to find the root cause, since it's similar.

Enable Logback debug

Since you are installing manually (not using docker container). Chances are you knew exactly where the GUACAMOLE_HOME is. Just to remind you, by default it is in /etc/guacamole, but if you have /home/$USER/.guacamole it will be used instead.

Add logback.xml like it was described here: https://guacamole.apache.org/doc/gug/configuring-guacamole.html in your GUACAMOLE_HOME dir.

See your catalina output

The new debug settings will output all debug message. If there are no [DEBUG] message, then you put logback.xml in the wrong location.

Once you have DEBUG output stream, see important output such as the GUACAMOLE_HOME currently being used, AuthBinding that is currently used, etc. This is when catalina is starting up.

For example, this is the excerpt of my log:

19:23:08.933 [localhost-startStop-1] DEBUG o.a.g.extension.ExtensionModule - Loading extension: "guacamole-auth-jdbc-postgresql-1.2.0.jar"
19:23:08.973 [localhost-startStop-1] DEBUG o.a.g.extension.ExtensionModule - [0] Binding AuthenticationProvider "org.apache.guacamole.auth.postgresql.PostgreSQLAuthenticationProvider".
19:23:08.980 [localhost-startStop-1] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/root/.guacamole".
19:23:10.150 [localhost-startStop-1] DEBUG o.a.g.extension.ExtensionModule - [1] Binding AuthenticationProvider "org.apache.guacamole.auth.postgresql.PostgreSQLSharedAuthenticationProvider".
19:23:10.207 [localhost-startStop-1] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "es"
19:23:10.213 [localhost-startStop-1] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "ru"
19:23:10.216 [localhost-startStop-1] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "de"
19:23:10.222 [localhost-startStop-1] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "fr"
19:23:10.227 [localhost-startStop-1] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "ja"
19:23:10.233 [localhost-startStop-1] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "en"
19:23:10.234 [localhost-startStop-1] INFO  o.a.g.extension.ExtensionModule - Extension "PostgreSQL Authentication" loaded.

Notice that the postgresql auth binding must be loaded first.

If there are no output like that, then Tomcat doesn't even found your settings. If it found the settings but failed to load the bindings, then Tomcat couldn't locate your binding.

This is some log example if such things occurs (catalina startup runs fine, but logging in via guacamole dashboard will spew this error).

### Error querying database.  Cause: java.sql.SQLException: Error setting driver on UnpooledDataSource. Cause: java.lang.ClassNotFoundException: org.postgresql.Driver
### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml
### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
### The error occurred while executing a query
### Cause: java.sql.SQLException: Error setting driver on UnpooledDataSource. Cause: java.lang.ClassNotFoundException: org.postgresql.Driver
19:44:44.511 [http-nio-8080-exec-12] DEBUG o.a.g.rest.RESTExceptionMapper - Unexpected error in REST endpoint.
org.apache.ibatis.exceptions.PersistenceException:
### Error querying database.  Cause: java.sql.SQLException: Error setting driver on UnpooledDataSource. Cause: java.lang.ClassNotFoundException: org.postgresql.Driver
### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml
### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
### The error occurred while executing a query
### Cause: java.sql.SQLException: Error setting driver on UnpooledDataSource. Cause: java.lang.ClassNotFoundException: org.postgresql.Driver

Lastly if it found your settings, but didn't found your guacamole-auth-postgresql binding it will spew this log:

19:47:49.654 [http-nio-8080-exec-15] DEBUG o.a.g.extension.ExtensionModule - [0] Binding AuthenticationProvider "org.apache.guacamole.auth.file.FileAuthenticationProvider".

Notice that now the FileAuth binding is loaded first (it doesn't found your postgres jdbc binding).

Based on the log information, systematically try to find the root cause

It can be as simple as wrong GUACAMOLE_HOME. For example, you edited /etc/guacamole/guacamole.properties but Tomcat actually loaded /home/$USER/.guacamole/guacamole.properties. Or maybe your directory structure is incorrect.

This is my directory tree, if you want to compare:

root@guacamole-7988d57c8d-nwfk7:~/.guacamole# tree .
.
├── extensions
│   ├── guacamole-auth-jdbc-postgresql-1.2.0.jar -> /opt/guacamole/postgresql/guacamole-auth-jdbc-postgresql-1.2.0.jar
│   └── lost+found
├── guacamole.properties
├── lib
│   └── postgresql-9.4-1201.jdbc41.jar -> /opt/guacamole/postgresql/postgresql-9.4-1201.jdbc41.jar
└── logback.xml

3 directories, 4 files

Check if you can actually access the database

From within the machine that guacamole runs (the tomcat). Check that you can access your database with the given credentials. If you are using postgres, then try to access it via psql. Just to make sure you have proper permission to access the database

Make sure the jdbc driver you are using is for the correct Java Version.

Probably have been stressed enough by the docs. But maybe you can check again.

Appreciate it! Thanks so much for the respone Lucernae. I actually bypassed the issue by reinstalling everything through a docker instead of manually. Now database authentication works etc. I will however test what you taught me and set it up manually again. Youre the best. — Kshitij Verma, Aug 11 '20 at 02:26

Getting Database Authentication to work on Apache Guacamole

1 Answers1