Setting Up Apache Guacamole LDAP Authentication in Docker
i12bretro
#Guacamole #LDAP #Docker
Full steps can be found at https://i12bretro.github.io/tutorials/0768.html
What is Apache Guacamole?
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. We call it clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser. - https://guacamole.apache.org/
Installing Docker
01. Log into the Linux based device 02. Run the following commands in the terminal # install prerequisites sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg-agent -y # add docker gpg key curl -fsSL https://download.docker.com/linux/$(awk -F'=' '/^ID=/{ print $NF }' /etc/os-release)/gpg | sudo apt-key add - # add docker software repository sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/$(awk -F'=' '/^ID=/{ print $NF }' /etc/os-release) $(lsb_release -cs) stable" # install docker sudo apt install docker-ce docker-compose containerd.io -y # enable and start docker service sudo systemctl enable docker && sudo systemctl start docker # add the current user to the docker group sudo usermod -aG docker $USER # reauthenticate for the new group membership to take effect su - $USER
Configuring Apache Guacamole
01. Continue with the following commands in a terminal window # create working directories mkdir ~/docker/mariadb -p # set owner of docker directory sudo chown $USER ~/docker -R # download the guacamole container docker pull guacamole/guacamole # run the mariadb docker container docker run -d --name mariadb -e MYSQL_ROOT_PASSWORD=r00tp@ss -v ~/docker/mariadb:/var/lib/mysql -p 3306:3306 --restart=unless-stopped mariadb:latest # create database init script docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql ≫ ~/docker/mariadb/guacamole_db.sql # connect to mariadb container shell docker exec -ti mariadb /bin/bash # connect to mariadb as root user mysql -uroot -pr00tp@ss # create the database create database guacamole; # create and configure the database user GRANT ALL ON guacamole.* TO 'guacamole_rw'@'%' IDENTIFIED BY 'Guac@m0le!'; # flush mariadb privileges flush privileges; # exit mariadb cli quit # import the guacamole schema cat /var/lib/mysql/guacamole_db.sql | mysql -uroot -pr00tp@ss -Dguacamole # exit the maridb container shell exit # run the guacd container docker run -d --name guacd --network host guacamole/guacd # run the guacamole container # update the LDAP environmental variables as needed docker run -d --name guacamole --network host -e GUACD_HOSTNAME=127.0.0.1 -e MYSQL_HOSTNAME=127.0.0.1 -e MYSQL_DATABASE=guacamole -e MYSQL_USER=guacamole_rw -e MYSQL_PASSWORD=Guac@m0le! -e LDAP_HOSTNAME="10.10.27.1" -e LDAP_PORT=389 -e LDAP_ENCRYPTION_METHOD="none" -e LDAP_USER_BASE_DN="DC=i12bretro,DC=local" -e LDAP_USERNAME_ATTRIBUTE="sAMAccountName" -e LDAP_SEARCH_BIND_DN="CN=Readonly SVC,CN=Users,DC=i12bretro,DC=local" -e LDAP_SEARCH_BIND_PASSWORD="Read0nly!" --restart=unless-stopped guacamole/guacamole 02. Open a web browser and navigate to http://DNS-or-IP:8080/guacamole/ 03. Log in with guacadmin/guacadmin 04. Go to Settings ≫ Users 05. Create a new admin user and grant all permissions 06. Log out and log in as the new admin user 07. Go to Settings ≫ Users ≫ Delete the guacadmin user 08. Go to Settings ≫ Users 09. Create a new user with the LDAP user name, leave the password field blank and grant the necessary permissions 10. Log out and log in as the LDAP user using the LDAP password 11. Enjoy browser based SSH, VNC, RDP and more Documentation: https://guacamole.apache.org/doc/gug/guacamole-docker.html#ldap-authentication
Connect with me and others
★ Discord: https://discord.com/invite/EzenvmSHW8 ★ Reddit: https://reddit.com/r/i12bretro ★ Twitter: https://twitter.com/i12bretro ... https://www.youtube.com/watch?v=ul2Gsg18M90
28790738 Bytes