Configure Guacamole MySQL Database Authentication

0
29

In this tutorial, you will learn how to configure Guacamole MySQL database authentication. Guacamole supports various authentication mechanisms including database authentication via MySQL, PostgreSQL, or SQL Server databases.

So how can you can enable and configure Guacamole MySQL database authentication?

Configure Guacamole MySQL Database Authentication

If you want to install Guacamole on Linux, see our various guides on installation of Apache Guacamole.

To configure Guacamole MySQL database authentication;

  • Install MySQL or MariaDB database.

You can install MySQL or MariaDB database preferably on the same system where Guacamole is running.

You can check our various guides on installing MySQL/MariaDB database.

  • Create Guacamole Database and Database User

Login to your database system and create Guacamole database and database user (names used are not standard, hence feel free to change them, and of course the password);

mysql -u root -p
create database guacd;
create user [email protected] identified by 'ChangeME';

Grant SELECTUPDATEINSERT, and DELETE rights on Guacamole database tables to Guacamole database user;

grant SELECT,UPDATE,INSERT,DELETE on guacd.* to [email protected];

Reload privilege tables;

flush privileges;
quit
  • Install Guacamole database authentication extension

Download the Guacamole database authentication extension that matches your current version of Guacamole from the releases page.

VER=1.4.0
wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-jdbc-${VER}.tar.gz

The tarball comes with extensions for PostgreSQL, MySQL as well as SQL servers. Thus, extract only the MySQL extension;

tar xzf guacamole-auth-jdbc-${VER}.tar.gz guacamole-auth-jdbc-${VER}/mysql

Copy the Guacamole extension (.jar) file to GUACAMOLE_HOME/extensions directory;

cp guacamole-auth-jdbc-${VER}/mysql/guacamole-auth-jdbc-mysql-1.4.0.jar /etc/guacamole/extensions/

Next, Import Guacamole MySQL database schema (001-create-schema.sql and 002-create-admin-user.sql) into the Guacamole database created above;

mysql -u root -p guacd < guacamole-auth-jdbc-${VER}/mysql/schema/001-create-schema.sql
mysql -u root -p guacd < guacamole-auth-jdbc-${VER}/mysql/schema/002-create-admin-user.sql

Install MySQL JDBC connector in the Guacamole lib directory;

wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.28.tar.gz
tar xzf mysql-connector-java-8.0.28.tar.gz
cp mysql-connector-java-8.0.28/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/

Configure Guacamole MySQL Database Authentication

Next, configure Guacamole for database authentication by defining the following, at the very least, in the guacamole.properties file.

  • Database hostname
  • database name
  • database user and password
cat >> /etc/guacamole/guacamole.properties << EOL
auth-provider: net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider
mysql-hostname: localhost
mysql-database: guacd
mysql-username: guacd_admin
mysql-password: ChangeME
EOL

Guacamole can support multiple authentications methods. For example, you can use basic authentication alongside other authentication methods such as LDAP, database…

For example, in my setup, I am using both basic authentication and database authentication;

cat /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port:     4822
user-mapping:   /etc/guacamole/user-mapping.xml
auth-provider:  net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
mysql-hostname: localhost
mysql-database: guacd
mysql-username: guacd_admin
mysql-password: ChangeME

There are other database account control settings. Refer to documentation.

Verify Guacamole Database Authentication

You can now restart your serverlet (Tomcat service) and login to Guacamole to test the database authentication;

systemctl restart tomcat9

The default Guacamole database authentication credentials are:

  • Username: guacadmin
  • Password: guacadmin

Login page;

Configure Guacamole MySQL Database Authentication

Guacamole Settings;

Configure Guacamole MySQL Database Authentication

You can now create a new user, make it administrator and remove the default guacadmin user.

Add Connections

Under Connections tab, click New connections

  • Set the connection details;
  • Set the Network connection parameters;
  • Define the authentication details etc.
  • Save
Configure Guacamole MySQL Database Authentication

And that is it on how to configure Guacamole MySQL database authentication.

Read more on Documentation page.

Configure Guacamole SSL/TLS with Nginx Reverse Proxy

How to Enable RDP/SSH File Transfer Over Guacamole

LEAVE A REPLY

Please enter your comment!
Please enter your name here