Configure Guacamole MySQL Database Authentication

gen_too
|
Last Updated:
|
HowTos, Database, MySQL
|
Leave a Comment

In this tutorial, you will learn how to configure Guacamole MySQL database authentication. Guacamole supports various authentication mechanisms including database authentication via MySQL, PostgreSQL, or SQL Server databases.

Configure MySQL Database Authentication on Guacamole

If you want to install Guacamole on Linux, see our various guides on installation of Apache Guacamole.

Install MySQL or MariaDB database.

You can install MySQL or MariaDB database preferably on the same system where Guacamole is running.

You can check our various guides on installing MySQL/MariaDB database.

Create Guacamole Database and Database User

Login to your database system and create Guacamole database and database user (names used are not standard, hence feel free to change them, and of course the password);

mysql -u root -p
create database guacd;
create user guacd_admin@localhost identified by 'ChangeME';

Grant SELECTUPDATEINSERT, and DELETE rights on Guacamole database tables to Guacamole database user;

grant SELECT,UPDATE,INSERT,DELETE on guacd.* to guacd_admin@localhost;

Reload privilege tables;

flush privileges;
quit

Install Guacamole database authentication extension

Download the Guacamole database authentication extension that matches your current version of Guacamole from the releases page.

VER=1.4.0
wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-jdbc-${VER}.tar.gz

The tarball comes with extensions for PostgreSQL, MySQL as well as SQL servers. Thus, extract only the MySQL extension;

tar xzf guacamole-auth-jdbc-${VER}.tar.gz guacamole-auth-jdbc-${VER}/mysql

Copy the Guacamole extension (.jar) file to GUACAMOLE_HOME/extensions directory;

cp guacamole-auth-jdbc-${VER}/mysql/guacamole-auth-jdbc-mysql-1.4.0.jar /etc/guacamole/extensions/

Next, Import Guacamole MySQL database schema (001-create-schema.sql and 002-create-admin-user.sql) into the Guacamole database created above;

mysql -u root -p guacd < guacamole-auth-jdbc-${VER}/mysql/schema/001-create-schema.sql
mysql -u root -p guacd < guacamole-auth-jdbc-${VER}/mysql/schema/002-create-admin-user.sql

Install MySQL JDBC connector in the Guacamole lib directory;

wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.28.tar.gz
tar xzf mysql-connector-java-8.0.28.tar.gz
cp mysql-connector-java-8.0.28/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/

Configure Apache Guacamole MySQL Database Authentication

Next, configure Guacamole for database authentication by defining the following, at the very least, in the guacamole.properties file.

  • Database hostname
  • database name
  • database user and password
cat >> /etc/guacamole/guacamole.properties << EOL
auth-provider: net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider
mysql-hostname: localhost
mysql-database: guacd
mysql-username: guacd_admin
mysql-password: ChangeME
EOL

Guacamole can support multiple authentications methods. For example, you can use basic authentication alongside other authentication methods such as LDAP, database…

For example, in my setup, I am using both basic authentication and database authentication;

cat /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port:     4822
user-mapping:   /etc/guacamole/user-mapping.xml
auth-provider:  net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
mysql-hostname: localhost
mysql-database: guacd
mysql-username: guacd_admin
mysql-password: ChangeME

There are other database account control settings. Refer to documentation.

Verify Guacamole Database Authentication

You can now restart your serverlet (Tomcat service) and login to Guacamole to test the database authentication;

systemctl restart tomcat9

The default Guacamole database authentication credentials are:

  • Username: guacadmin
  • Password: guacadmin

Login page;

Configure Guacamole MySQL Database Authentication

Guacamole Settings;

Configure Guacamole MySQL Database Authentication

You can now create a new user, make it administrator and remove the default guacadmin user.

Add Connections

Under Connections tab, click New connections

  • Set the connection details;
  • Set the Network connection parameters;
  • Define the authentication details etc.
  • Save
Configure Guacamole MySQL Database Authentication

And that is it on how to configure Apache Guacamole MySQL database authentication.

Read more on Documentation page.

Configure Guacamole SSL/TLS with Nginx Reverse Proxy

How to Enable RDP/SSH File Transfer Over Guacamole

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
gen_too
Co-founder of Kifarunix.com, Linux Tips and Tutorials. Linux/Unix admin and author at Kifarunix.com.

Related Posts

How to run Multiple Filebeat Instances in Linux

Install NoMachine on Debian 12

Configure Postfix as Send-Only SMTP Server on Fedora 29

Install Logstash 8 on Ubuntu/Debian

Setup IPSEC VPN using StrongSwan on Debian 10

Install Rocky Linux 9 on VirtualBox

Leave a Comment

© 2024 kifarunix.com

Home Advertise with us Privacy Policy