{"id":10395,"date":"2021-09-11T22:26:30","date_gmt":"2021-09-11T19:26:30","guid":{"rendered":"https:\/\/kifarunix.com\/?p=10395"},"modified":"2024-10-12T10:43:45","modified_gmt":"2024-10-12T07:43:45","slug":"install-guacamole-on-debian-11","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-guacamole-on-debian-11\/","title":{"rendered":"Install Guacamole on Debian 11"},"content":{"rendered":"\n<p>In this guide, you will learn how to install&nbsp;<a href=\"https:\/\/guacamole.apache.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole<\/a>&nbsp;on Debian 11. Apache Guacamole&nbsp;is a client-less HTML5 web based remote desktop gateway which provides remote access to servers and desktops through a web browser. It supports standard protocols like VNC, RDP, and SSH.<\/p>\n\n\n\n<p>Using Debian 12? Try this guide below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-install-guacamole-on-debian-12\/\">How to Install&nbsp;Guacamole&nbsp;on Debian 12<\/a><\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-guacamole-on-debian-11\">Installing Guacamole on Debian 11<\/a><ul><li><a href=\"#install-guacamole-server-on-debian-11\">Install Guacamole Server on Debian 11<\/a><ul><li><a href=\"#run-system-update\">Run system Update<\/a><\/li><li><a href=\"#install-required-build-tools\">Install Required Build Tools<\/a><\/li><li><a href=\"#download-guacamole-source-code-tarball\">Download Guacamole Source Code Tarball<\/a><\/li><li><a href=\"#install-apache-guacamole-on-debian-11\">Install Apache Guacamole on Debian 11<\/a><\/li><li><a href=\"#running-guacamole-server-on-debian-11\">Running Guacamole-Server on Debian 11<\/a><\/li><\/ul><\/li><li><a href=\"#install-tomcat-servlet\">Install Tomcat Servlet<\/a><\/li><li><a href=\"#install-guacamole-client-on-debian-11\">Install Guacamole Client on Debian 11<\/a><ul><li><a href=\"#download-guacamole-client-binary\">Download Guacamole-client Binary<\/a><\/li><\/ul><\/li><\/ul><\/li><li><a href=\"#configure-apache-guacamole-on-debian-11\">Configure Apache Guacamole on Debian 11<\/a><ul><li><a href=\"#configure-guacamole-server-connections\">Configure Guacamole Server Connections<\/a><\/li><li><a href=\"#configure-guacamole-authentication-method\">Configure Guacamole Authentication Method<\/a><\/li><\/ul><\/li><li><a href=\"#fix-rdp-security-negotiation-failed\">How to fix RDP server closed\/refused connection: Security negotiation failed (wrong security type?)<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-guacamole-on-debian-11\">Installing Guacamole on Debian 11<\/h2>\n\n\n\n<p>Guacamole is made up of two parts;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><a href=\"https:\/\/kifarunix.com\/install-apache-guacamole-on-debian-10\/#guacd\">guacamole-server<\/a><\/code>, which provides the&nbsp;guacd&nbsp;proxy&nbsp;and all the native, server-side components required by Guacamole to connect to remote desktops.<\/li>\n\n\n\n<li><code><a href=\"https:\/\/kifarunix.com\/install-apache-guacamole-on-debian-10\/#guac-client\">guacamole-client<\/a><\/code>&nbsp;which provides the client to be served by the servlet container which is usually&nbsp;<code>Tomcat<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>You need to install both of these components to setup Apache Guacamole web-based remote desktop client.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-guacamole-server-on-debian-11\">Install Guacamole Server on Debian 11<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"run-system-update\">Run system Update<\/h4>\n\n\n\n<p>Ensure your system package cache is up-to-date;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-required-build-tools\">Install Required Build Tools<\/h4>\n\n\n\n<p>To install guacamole-server, you need to build it from the source. This, therefore, requires that you need install the required build tools before you can start to build guacamole-server component;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install -y build-essential libcairo2-dev libjpeg62-turbo-dev \\\nlibpng-dev libtool-bin libossp-uuid-dev libavutil-dev libswscale-dev \\\nfreerdp2-dev libpango1.0-dev libssh2-1-dev libvncserver-dev libtelnet-dev \\\nlibwebsockets-dev libssl-dev libvorbis-dev libwebp-dev libpulse-dev sudo vim<\/code><\/pre>\n\n\n\n<p>A comprehensive description of these dependency tools is available on&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/guacamole.apache.org\/doc\/gug\/installing-guacamole.html#required-dependencies\" target=\"_blank\">required dependencies<\/a>&nbsp;section.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-guacamole-source-code-tarball\">Download Guacamole Source Code Tarball<\/h4>\n\n\n\n<p>To install Guacamole, we will build it from the source code. Hence download the latest source archive tarball from&nbsp;<a href=\"https:\/\/guacamole.apache.org\/releases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole releases page<\/a>.<\/p>\n\n\n\n<p><a href=\"https:\/\/guacamole.apache.org\/releases\/1.3.0\/\" target=\"_blank\" rel=\"noreferrer noopener\">Apache Guacamole 1.3.0<\/a>&nbsp;is the latest release version as of this writing.<\/p>\n\n\n\n<p>You can simply run the command below to download Apache Guacamole 1.3.0.<\/p>\n\n\n\n<p>To make this easy, just set a variable for the current stable release version on the terminal.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>VER=1.3.0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wget https:\/\/downloads.apache.org\/guacamole\/$VER\/source\/guacamole-server-$VER.tar.gz<\/code><\/pre>\n\n\n\n<p>Once the download is done, extract the source tarball.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>tar xzf guacamole-server-$VER.tar.gz<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-apache-guacamole-on-debian-11\">Install Apache Guacamole on Debian 11<\/h4>\n\n\n\n<p>Navigate to guacamole server source code directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd guacamole-server-$VER<\/code><\/pre>\n\n\n\n<p>Run the&nbsp;<code>configure<\/code>&nbsp;script to check if any required dependency is missing and to adapt Guacamole server to your system.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/configure --with-systemd-dir=\/etc\/systemd\/system\/<\/code><\/pre>\n\n\n\n<p>For more configure options, run,&nbsp;<code>.\/configure --help<\/code>.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>...\n------------------------------------------------\nguacamole-server version 1.3.0\n------------------------------------------------\n\n   Library status:\n\n     freerdp2 ............ yes\n     pango ............... yes\n     libavcodec .......... no\n     libavformat.......... no\n     libavutil ........... yes\n     libssh2 ............. yes\n     libssl .............. yes\n     libswscale .......... yes\n     libtelnet ........... yes\n     libVNCServer ........ yes\n     libvorbis ........... yes\n     libpulse ............ yes\n     libwebsockets ....... yes\n     libwebp ............. yes\n     wsock32 ............. no\n\n   Protocol support:\n\n      Kubernetes .... yes\n      RDP ........... yes\n      SSH ........... yes\n      Telnet ........ yes\n      VNC ........... yes\n\n   Services \/ tools:\n\n      guacd ...... yes\n      guacenc .... no\n      guaclog .... yes\n\n   FreeRDP plugins: \/usr\/lib\/x86_64-linux-gnu\/freerdp2\n   Init scripts: no\n   Systemd units: \/etc\/systemd\/system\/\n\nType \"make\" to compile guacamole-server.\n<\/code><\/pre>\n\n\n\n<p>Pay attention to out of the&nbsp;<code>configure<\/code>&nbsp;script.<\/p>\n\n\n\n<p>Compile and install Guacamole Server on Debian 11;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>make<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>make install<\/code><\/pre>\n\n\n\n<p>Next, run the&nbsp;<strong><code>ldconfig<\/code><\/strong>&nbsp;command to create the necessary links and cache to the most recent shared libraries found in the guacamole server directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ldconfig<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"running-guacamole-server-on-debian-11\">Running Guacamole-Server on Debian 11<\/h4>\n\n\n\n<p>Reload systemd configuration files and start and enable guacd (Guacamole Daemon) to run on boot after the installation.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now guacd<\/code><\/pre>\n\n\n\n<p>To check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status guacd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf guacd.service - Guacamole Server\n     Loaded: loaded (\/etc\/systemd\/system\/guacd.service; enabled; vendor preset: enabled)\n     Active: active (running) since Sat 2021-09-11 20:37:14 EAT; 9s ago\n       Docs: man:guacd(8)\n   Main PID: 27120 (guacd)\n      Tasks: 1 (limit: 1133)\n     Memory: 10.1M\n        CPU: 29ms\n     CGroup: \/system.slice\/guacd.service\n             \u2514\u250027120 \/usr\/local\/sbin\/guacd -f\n\nSep 11 20:37:14 debian11 systemd[1]: Started Guacamole Server.\nSep 11 20:37:14 debian11 guacd[27120]: Guacamole proxy daemon (guacd) version 1.3.0 started\nSep 11 20:37:14 debian11 guacd[27120]: Listening on host 127.0.0.1, port 4822\nSep 11 20:37:15 debian11 guacd[27120]: guacd[27120]: INFO:        Guacamole proxy daemon (guacd) version 1.3.0 started\nSep 11 20:37:15 debian11 guacd[27120]: guacd[27120]: INFO:        Listening on host 127.0.0.1, port 4822\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-tomcat-servlet\">Install Tomcat Servlet<\/h3>\n\n\n\n<p>Apache Tomcat is used to serve guacamole client content to users that connects to guacamole server via the web browser. To install Tomcat, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install tomcat9 tomcat9-admin tomcat9-common tomcat9-user -y<\/code><\/pre>\n\n\n\n<p>Tomcat9 is started and enabled to run on system boot upon installation. Check the status by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status tomcat9.service<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf tomcat9.service - Apache Tomcat 9 Web Application Server\n     Loaded: loaded (\/lib\/systemd\/system\/tomcat9.service; enabled; vendor preset: enabled)\n     Active: active (running) since Sat 2021-09-11 20:41:13 EAT; 1min 10s ago\n       Docs: https:\/\/tomcat.apache.org\/tomcat-9.0-doc\/index.html\n    Process: 28792 ExecStartPre=\/usr\/libexec\/tomcat9\/tomcat-update-policy.sh (code=exited, status=0\/SUCCESS)\n   Main PID: 28796 (java)\n      Tasks: 29 (limit: 1133)\n     Memory: 88.5M\n        CPU: 5.298s\n     CGroup: \/system.slice\/tomcat9.service\n             \u2514\u250028796 \/usr\/lib\/jvm\/default-java\/bin\/java -Djava.util.logging.config.file=\/var\/lib\/tomcat9\/conf\/logging.properties -Djava.util.logging.manager=org.apache.jul&gt;\n\nSep 11 20:41:17 debian11 tomcat9[28796]: Deployment of deployment descriptor [\/etc\/tomcat9\/Catalina\/localhost\/manager.xml] has finished in [2,068] ms\nSep 11 20:41:17 debian11 tomcat9[28796]: Deploying deployment descriptor [\/etc\/tomcat9\/Catalina\/localhost\/host-manager.xml]\nSep 11 20:41:17 debian11 tomcat9[28796]: The path attribute with value [\/host-manager] in deployment descriptor [\/etc\/tomcat9\/Catalina\/localhost\/host-manager.xml] has been&gt;\nSep 11 20:41:18 debian11 tomcat9[28796]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that&gt;\nSep 11 20:41:18 debian11 tomcat9[28796]: Deployment of deployment descriptor [\/etc\/tomcat9\/Catalina\/localhost\/host-manager.xml] has finished in [843] ms\nSep 11 20:41:18 debian11 tomcat9[28796]: Deploying web application directory [\/var\/lib\/tomcat9\/webapps\/ROOT]\nSep 11 20:41:19 debian11 tomcat9[28796]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that&gt;\nSep 11 20:41:19 debian11 tomcat9[28796]: Deployment of web application directory [\/var\/lib\/tomcat9\/webapps\/ROOT] has finished in [931] ms\nSep 11 20:41:19 debian11 tomcat9[28796]: Starting ProtocolHandler [\"http-nio-8080\"]\nSep 11 20:41:19 debian11 tomcat9[28796]: Server startup in [4047] milliseconds\n<\/code><\/pre>\n\n\n\n<p>Apache Tomcat listens on port 8080\/tcp by default;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ss -altnp | grep 80<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      100                *:8080            *:*    users:((\"java\",pid=24615,fd=37))<\/code><\/pre>\n\n\n\n<p>To allow external access to the serverlet, open the serverlet port 8080\/tcp on UFW, <strong>if at all UFW is installed and enabled<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ufw allow 8080\/tcp<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-guacamole-client-on-debian-11\">Install Guacamole Client on Debian 11<\/h3>\n\n\n\n<p><strong>guacamole-client<\/strong>&nbsp;contains provides web application that will serve the HTML5 Guacamole client to users that connect to your server.&nbsp;The web application will then connect to&nbsp;<strong>guacd<\/strong>&nbsp;on behalf of connected users in order to serve them any remote desktop they are authorized to access.<\/p>\n\n\n\n<p>Create Guacamole configuration directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/guacamole<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-guacamole-client-binary\">Download Guacamole-client Binary<\/h4>\n\n\n\n<p>Guacamole client can be installed from source code or from ready binary. Binary installation is used in this demo.<\/p>\n\n\n\n<p>Download Guacamole-client from&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/guacamole.apache.org\/releases\/\" target=\"_blank\">Guacamole releases page<\/a>&nbsp;for the respective latest version (v1.3.0 as of this writing) and store it in the configuration directory created above.<\/p>\n\n\n\n<p>To download the current release version, v1.3.0 as of this writing, simply run the command below;<\/p>\n\n\n\n<p>Similarly, we use the same client version variable;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>VER=1.3.0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wget https:\/\/downloads.apache.org\/guacamole\/$VER\/binary\/guacamole-$VER.war -O \/etc\/guacamole\/guacamole.war<\/code><\/pre>\n\n\n\n<p>Create a symbolic link of the guacamole client to Tomcat webapps directory as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ln -s \/etc\/guacamole\/guacamole.war \/var\/lib\/tomcat9\/webapps\/<\/code><\/pre>\n\n\n\n<p>Restart Tomcat and Guacamole server to deploy the new web application;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart tomcat9 guacd<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configure-apache-guacamole-on-debian-11\">Configure Apache Guacamole on Debian 11<\/h2>\n\n\n\n<p>Guacamole has two major configuration files;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><strong>\/etc\/guacamole<\/strong><\/code>&nbsp;which is referenced by the&nbsp;<code>GUACAMOLE_HOME<\/code>&nbsp;environment variable<\/li>\n\n\n\n<li><code><strong>\/etc\/guacamole\/guacamole.properties<\/strong><\/code>&nbsp;which is the main configuration file used by Guacamole and its extensions.<\/li>\n<\/ul>\n\n\n\n<p>There are also guacamole extensions and libraries configurations. You need to create the directories for these configs;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/guacamole\/{extensions,lib}<\/code><\/pre>\n\n\n\n<p>Set the guacamole home directory environment variable and add it to&nbsp;<code><strong>\/etc\/default\/tomcat9<\/strong><\/code>&nbsp;configuration file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"GUACAMOLE_HOME=\/etc\/guacamole\" &gt;&gt; \/etc\/default\/tomcat9<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-guacamole-server-connections\">Configure Guacamole Server Connections<\/h4>\n\n\n\n<p>To define how Guacamole connects to&nbsp;<code>guacd<\/code>, create the&nbsp;<code>guacamole.properties<\/code>&nbsp;file under&nbsp;<code><strong>\/etc\/guacamole<\/strong><\/code>&nbsp;directory with the following content.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat > \/etc\/guacamole\/guacamole.properties << EOL\nguacd-hostname: localhost\nguacd-port: 4822\nuser-mapping:   \/etc\/guacamole\/user-mapping.xml\nauth-provider:  net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider\nEOL<\/code><\/pre>\n\n\n\n<p>Next, link the Guacamole configurations directory to Tomcat servlet directory as shown below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ln -s \/etc\/guacamole \/usr\/share\/tomcat9\/.guacamole<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-guacamole-authentication-method\">Configure Guacamole Authentication Method<\/h4>\n\n\n\n<p>Guacamole\u2019s default authentication method reads all users and connections from a single file called&nbsp;<code>user-mapping.xml<\/code>.<\/p>\n\n\n\n<p>In this file,you need to define the&nbsp;<strong>users allowed to access Guacamole web UI<\/strong>,<strong>&nbsp;the servers to connect to<\/strong>&nbsp;and&nbsp;<strong>the method of connection<\/strong>.<\/p>\n\n\n\n<p>Other authentication methods are supported, but beyond the scope of this tutorial.<\/p>\n\n\n\n<p>To begin with, generate the MD5 hash of passwords for the user to be used for logging into Guacamole web user interface.<\/p>\n\n\n\n<p><strong>Replace your password accordingly<\/strong>;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo -n password | openssl md5<\/code><\/pre>\n\n\n\n<p>Output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>(stdin)= 5f4dcc3b5aa765d61d8327deb882cf99<\/code><\/pre>\n\n\n\n<p>or<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>printf '%s' password | md5sum<\/code><\/pre>\n\n\n\n<p>Output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>5f4dcc3b5aa765d61d8327deb882cf99  -<\/code><\/pre>\n\n\n\n<p>Be sure to replace&nbsp;<strong>password<\/strong>&nbsp;with your strong password.<\/p>\n\n\n\n<p>Next, create the default user authentication file,&nbsp;<code><strong>user-mapping.xml<\/strong><\/code>&nbsp;with the following contents.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/guacamole\/user-mapping.xml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>&lt;user-mapping&gt;\n        \n    &lt;!-- Per-user authentication and config information --&gt;\n\n    &lt;!-- A user using md5 to hash the password\n         guacadmin user and its md5 hashed password below is used to \n             login to Guacamole Web UI--&gt;\n    &lt;authorize \n            username=\"guacadmin\"\n            password=\"5f4dcc3b5aa765d61d8327deb882cf99\"\n            encoding=\"md5\"&gt;\n\n        &lt;!-- First authorized Remote connection --&gt;\n        &lt;connection name=\"Rocky Linux 8 Server SSH\"&gt;\n            &lt;protocol&gt;ssh&lt;\/protocol&gt;\n            &lt;param name=\"hostname\"&gt;192.168.60.19&lt;\/param&gt;\n            &lt;param name=\"port\"&gt;22&lt;\/param&gt;\n        &lt;\/connection&gt;\n\n        &lt;!-- Second authorized remote connection --&gt;\n        &lt;connection name=\"Windows 7 RDP\"&gt;\n            &lt;protocol&gt;rdp&lt;\/protocol&gt;\n            &lt;param name=\"hostname\"&gt;192.168.56.122&lt;\/param&gt;\n            &lt;param name=\"port\"&gt;3389&lt;\/param&gt;\n            &lt;param name=\"username\"&gt;koromicha&lt;\/param&gt;\n            &lt;param name=\"ignore-cert\"&gt;true&lt;\/param&gt;\n        &lt;\/connection&gt;\n\n    &lt;\/authorize&gt;\n\n&lt;\/user-mapping&gt;\n<\/code><\/pre>\n\n\n\n<p>If you dont specify the username and password in the file, you will be prompted to provide them while attempting to login, which i consider it abit secure.<\/p>\n\n\n\n<p>If you need to explicitly define usernames and passwords in the configuration file, add the parameters;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;param name=\"username\"&gt;<strong>USERNAME<\/strong>&lt;\/param&gt;\n&lt;param name=\"password\"&gt;<strong>PASSWORD&lt;\/param&gt;<\/strong><\/code><\/pre>\n\n\n\n<p>Save and exit the configuration file.<\/p>\n\n\n\n<p>Restart both Tomcat and guacd to effect the changes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart tomcat9 guacd<\/code><\/pre>\n\n\n\n<p>Be sure to check the syslog,&nbsp;<code>\/var\/log\/syslog<\/code>&nbsp;or&nbsp;<code>\/var\/log\/tomcat9\/<\/code>&nbsp;log files for any issues.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accessing-apache-guacamole-from-browser\">Accessing Apache Guacamole from Browser<\/h3>\n\n\n\n<p>Apache Guacamole server is now setup. You can access it from web browser using the address&nbsp;<code><strong>http:\/\/server-IP:8080\/guacamole<\/strong><\/code>.<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-login-page.png\"><\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1054\" height=\"633\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-login.png\" alt=\"Install Guacamole on Debian 11\" class=\"wp-image-10400\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-login.png?v=1631384185 1054w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-login-768x461.png?v=1631384185 768w\" sizes=\"(max-width: 1054px) 100vw, 1054px\" \/><\/figure><\/div>\n\n\n<p>Use the credentials for the user whom you generated an MD5 hash for its password above.<\/p>\n\n\n\n<p>Upon successful login, you get to Apache Guacamole web dashboard and you should be able to see the added connections.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1915\" height=\"511\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-connections.png\" alt=\"\" class=\"wp-image-10399\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-connections.png?v=1631384158 1915w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-connections-768x205.png?v=1631384158 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-connections-1536x410.png?v=1631384158 1536w\" sizes=\"(max-width: 1915px) 100vw, 1915px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-connections.png\"><\/a><\/p>\n\n\n\n<p>Click on a connection to name to initiate remote login.<\/p>\n\n\n\n<p>For example, to ssh into Rocky Linux server, just click on the connection name. This will get you a login prompt;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1374\" height=\"632\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-SSH.png\" alt=\"\" class=\"wp-image-10402\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-SSH.png?v=1631387756 1374w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-SSH-768x353.png?v=1631387756 768w\" sizes=\"(max-width: 1374px) 100vw, 1374px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-remote-ssh-login.png\"><\/a><\/p>\n\n\n\n<p>To login to Windows 7 via RDP, just click on Windows 7;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1722\" height=\"999\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-rdp.png\" alt=\"\" class=\"wp-image-10403\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-rdp.png?v=1631387897 1722w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-rdp-768x446.png?v=1631387897 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-rdp-1536x891.png?v=1631387897 1536w\" sizes=\"(max-width: 1722px) 100vw, 1722px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"fix-rdp-security-negotiation-failed\"><a href=\"#fix-rdp-security-negotiation-failed\">How to fix RDP server closed\/refused connection: Security negotiation failed (wrong security type?)<\/a><\/h2>\n\n\n\n<p>If you encounter <strong>CONNECTION ERROR<\/strong>, and upon checking the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/syslog<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n<strong>Sep 11 21:45:45 debian11 guacd[1109]: FreeRDP initialization may fail: The current user's home directory (\"\/usr\/sbin\") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates.\nSep 11 21:45:45 debian11 guacd[1109]: guacd[1109]: WARNING:#011FreeRDP initialization may fail: The current user's home directory (\"\/usr\/sbin\") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates.\nSep 11 21:45:45 debian11 guacd[1109]: No security mode specified. Defaulting to security mode negotiation with server.\nSep 11 21:45:45 debian11 guacd[1109]: guacd[1109]: INFO:#011No security mode specified. Defaulting to security mode negotiation with server.\nSep 11 21:45:45 debian11 guacd[1109]: Resize method: none<\/strong>\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>Sep 11 21:45:45 debian11 guacd&#91;1109]: guacd&#91;1109]: INFO:#011RDP server closed\/refused connection: Security negotiation failed (wrong security type?)<\/strong><\/code><\/pre>\n\n\n\n<p>Then fix it as follows;<\/p>\n\n\n\n<p>Guacamole server (guacd) service runs as user&nbsp;<strong><code>daemon<\/code><\/strong>&nbsp;by default.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ps aux | grep -v grep| grep guacd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>daemon       635  0.0  1.4 625480 14864 ?        Ssl  21:08   0:00 \/usr\/local\/sbin\/guacd -f\ndaemon       680  0.3  4.1 449468 41944 ?        Sl   21:09   0:08 \/usr\/local\/sbin\/guacd -f\ndaemon       804  0.0  3.9 359520 39488 ?        Sl   21:41   0:00 \/usr\/local\/sbin\/guacd -f<\/code><\/pre>\n\n\n\n<p>Create a <strong>guacd<\/strong> system user account which can be used to run guacd instead of running as <strong>daemon<\/strong> user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>useradd -M -d \/var\/lib\/guacd\/ -r -s \/sbin\/nologin -c \"Guacd User\" guacd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/var\/lib\/guacd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R guacd: \/var\/lib\/guacd<\/code><\/pre>\n\n\n\n<p>Next, update the Guacd service user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/daemon\/guacd\/' \/etc\/systemd\/system\/guacd.service<\/code><\/pre>\n\n\n\n<p>Reload systemd daemon;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Restart Guacd Service;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart guacd<\/code><\/pre>\n\n\n\n<p>At this point, RDP should work without any issues.<\/p>\n\n\n\n<p>You can now add more connections to your Guacamole. Check <a href=\"https:\/\/guacamole.apache.org\/doc\/gug\/configuring-guacamole.html#connection-configuration\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole connections page<\/a> on how to configure.<\/p>\n\n\n\n<p>Related guides;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-apache-guacamole-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Apache Guacamole on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/setup-apache-guacamole-openldap-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">Setup Apache Guacamole OpenLDAP Authentication<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-guacamole-ssl-tls-with-nginx-reverse-proxy\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Guacamole SSL\/TLS with Nginx Reverse Proxy<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-enable-rdp-ssh-file-transfer-over-guacamole\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Enable RDP\/SSH File Transfer Over Guacamole<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to install&nbsp;Guacamole&nbsp;on Debian 11. Apache Guacamole&nbsp;is a client-less HTML5 web based remote desktop gateway which provides remote access<\/p>\n","protected":false},"author":1,"featured_media":10404,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,214],"tags":[3958,4076,215,4077,4075,4078],"class_list":["post-10395","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-remote-desktop","tag-debian-11","tag-debian-11-guacamole-install","tag-guacamole","tag-guacamole-debian-11","tag-install-apache-guacamole-on-debian-11","tag-install-guacamole-debian-11","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10395"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=10395"}],"version-history":[{"count":12,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10395\/revisions"}],"predecessor-version":[{"id":23305,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10395\/revisions\/23305"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/10404"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=10395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=10395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=10395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}