{"id":9768,"date":"2021-07-24T22:39:29","date_gmt":"2021-07-24T19:39:29","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9768"},"modified":"2024-03-18T19:33:23","modified_gmt":"2024-03-18T16:33:23","slug":"install-apache-guacamole-on-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-apache-guacamole-on-rocky-linux-8\/","title":{"rendered":"Install Apache Guacamole on Rocky Linux 8"},"content":{"rendered":"\n<p>In this guide, we are going to learn how to install&nbsp;<a href=\"https:\/\/guacamole.apache.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Apache Guacamole<\/a>&nbsp;on Rocky Linux 8. Apache Guacamole&nbsp;is a clientless HTML5 web based remote desktop gateway which provides remote access to servers and desktops through a web browser. It supports standard protocols like VNC, RDP, and SSH.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing Apache Guacamole on Rocky Linux 8<\/h2>\n\n\n\n<p>Guacamole is made up of two parts;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>guacamole-server<\/code>, which provides the&nbsp;guacd&nbsp;proxy&nbsp;and all the native, server-side components required by Guacamole to connect to remote desktops.<\/li>\n\n\n\n<li><code>guacamole-client<\/code>&nbsp;which provides the client to be served by the servlet container which is usually&nbsp;<code>Tomcat<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>You need to install both of these components to setup Apache Guacamole web-based remote desktop client.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Installing Guacamole Server on Rocky Linux 8<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Install Additional Repositories<\/h4>\n\n\n\n<p>Some of the required packages are provided by EPEL\/PowerTools repositories. Install and enable them as follows;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install epel-release -y<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf config-manager --set-enabled powertools<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Install Required Build Tools<\/h4>\n\n\n\n<p>To install guacamole-server, you need to build it from the source. This, therefore, requires that you need install the required build tools before you can start to build guacamole-server component;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install -y unzip curl make cmake wget gcc zlib-devel compat-openssl10 cairo-devel libjpeg-turbo-devel \\\nlibpng-devel libtool uuid-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel \\\nlibwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel wget vim<\/code><\/pre>\n\n\n\n<p>A comprehensive description of these dependency tools is available on&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/guacamole.apache.org\/doc\/gug\/installing-guacamole.html#required-dependencies\" target=\"_blank\">required dependencies<\/a>&nbsp;section.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Install Tomcat Servlet<\/h3>\n\n\n\n<p>Apache Tomcat is used to serve guacamole client content to users that connects to guacamole server via the web browser.<\/p>\n\n\n\n<p>To install Tomcat, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install java-11-openjdk-devel<\/code><\/pre>\n\n\n\n<p>Create Tomcat user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>useradd -d \/usr\/share\/tomcat -M -r -s \/bin\/false tomcat<\/code><\/pre>\n\n\n\n<p>Create the home directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/usr\/share\/tomcat<\/code><\/pre>\n\n\n\n<p>Download <a href=\"https:\/\/tomcat.apache.org\/whichversion.html\" target=\"_blank\" rel=\"noreferrer noopener\">Tomcat binary distributions<\/a>. We use version 9.0.50 in this demo.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>https:\/\/downloads.apache.org\/tomcat\/tomcat-9\/v9.0.50\/bin\/apache-tomcat-9.0.50.tar.gz<\/code><\/pre>\n\n\n\n<p>Extract the tarball to home directory created above;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>tar xzf apache-tomcat-9.0.50.tar.gz -C \/usr\/share\/tomcat --strip-components=1<\/code><\/pre>\n\n\n\n<p>Set ownership of the Tomcat home directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R tomcat:tomcat \/usr\/share\/tomcat<\/code><\/pre>\n\n\n\n<p>Create systemd service for Apache Tomcat by running the command below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/tomcat.service << 'EOL'\n[Unit]\nDescription=Tomcat Server\nAfter=syslog.target network.target\n\n[Service]\nType=forking\nUser=tomcat\nGroup=tomcat\n\nEnvironment=JAVA_HOME=\/usr\/lib\/jvm\/jre\nEnvironment='JAVA_OPTS=-Djava.awt.headless=true'\nEnvironment=CATALINA_HOME=\/usr\/share\/tomcat\nEnvironment=CATALINA_BASE=\/usr\/share\/tomcat\nEnvironment=CATALINA_PID=\/usr\/share\/tomcat\/temp\/tomcat.pid\nEnvironment='CATALINA_OPTS=-Xms512M -Xmx1024M'\nExecStart=\/usr\/share\/tomcat\/bin\/catalina.sh start\nExecStop=\/usr\/share\/tomcat\/bin\/catalina.sh stop\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Start and enable Apache Tomcat service.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start tomcat<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre id=\"block-efdfa780-9955-465e-865d-b80894e8b323\" class=\"wp-block-preformatted\">systemctl status tomcat<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf tomcat.service - Tomcat Server\n   Loaded: loaded (\/etc\/systemd\/system\/tomcat.service; disabled; vendor preset: disabled)\n   Active: active (running) since Sat 2021-07-24 07:28:00 EAT; 2min 3s ago\n  Process: 42628 ExecStart=\/usr\/share\/tomcat\/bin\/catalina.sh start (code=exited, status=0\/SUCCESS)\n Main PID: 42633 (java)\n    Tasks: 34 (limit: 11388)\n   Memory: 86.3M\n   CGroup: \/system.slice\/tomcat.service\n           \u2514\u250042633 \/usr\/lib\/jvm\/jre\/bin\/java -Djava.util.logging.config.file=\/usr\/share\/tomcat\/conf\/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoa&gt;\n\nJul 24 07:28:00 localhost.localdomain systemd[1]: Starting Tomcat Server...\nJul 24 07:28:00 localhost.localdomain systemd[1]: Started Tomcat Server.\n<\/code><\/pre>\n\n\n\n<p>If you want to enable it to run on boot;<\/p>\n\n\n\n<p>systemctl enable tomcat<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Building&nbsp;Guacamole-Server on Rocky Linux 8<\/h4>\n\n\n\n<p>To build guacamole-server, download the latest source archive tarball from <a href=\"https:\/\/guacamole.apache.org\/releases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole releases page<\/a>. Guacamole 1.3.0 is the latest release version as of this writing. You can simply run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wget https:\/\/downloads.apache.org\/guacamole\/1.3.0\/source\/guacamole-server-1.3.0.tar.gz<\/code><\/pre>\n\n\n\n<p>Once the download is done, extract the source tarball.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>tar xzf guacamole-server-1.3.0.tar.gz<\/code><\/pre>\n\n\n\n<p>Navigate to guacamole server source code directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd guacamole-server-1.3.0<\/code><\/pre>\n\n\n\n<p>Run the&nbsp;<code>configure<\/code>&nbsp;script to check if any required dependency is missing and to adapt Guacamole server to your system.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/configure <strong>--with-init-dir=\/etc\/init.d<\/strong><\/code><\/pre>\n\n\n\n<p>For more configure options, run,&nbsp;<code>.\/configure --help<\/code>.<\/p>\n\n\n\n<p>Sample configuration output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>------------------------------------------------\nguacamole-server version 1.3.0\n------------------------------------------------\n\n   Library status:\n\n     freerdp2 ............ yes\n     pango ............... yes\n     libavcodec .......... no\n     libavformat.......... no\n     libavutil ........... no\n     libssh2 ............. yes\n     libssl .............. yes\n     libswscale .......... no\n     libtelnet ........... yes\n     libVNCServer ........ yes\n     libvorbis ........... yes\n     libpulse ............ yes\n     libwebsockets ....... yes\n     libwebp ............. yes\n     wsock32 ............. no\n\n   Protocol support:\n\n      Kubernetes .... yes\n      RDP ........... yes\n      SSH ........... yes\n      Telnet ........ yes\n      VNC ........... yes\n\n   Services \/ tools:\n\n      guacd ...... yes\n      guacenc .... no\n      guaclog .... yes\n\n   FreeRDP plugins: \/usr\/lib64\/freerdp2\n   Init scripts: no\n   Systemd units: \/etc\/systemd\/system\n\nType \"make\" to compile guacamole-server.\n<\/code><\/pre>\n\n\n\n<p>Pay attention to out of the&nbsp;<code>configure<\/code>&nbsp;script. If any error, fix it before you can proceed.<\/p>\n\n\n\n<p>Compile and install Guacamole Server on Rocky Linux 8;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>make<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>make install<\/code><\/pre>\n\n\n\n<p>Next, run the&nbsp;<strong><code>ldconfig<\/code><\/strong>&nbsp;command to create the necessary links and cache to the most recent shared libraries found in the guacamole server directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ldconfig<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Running Guacamole-Server<\/h4>\n\n\n\n<p>Start guacd (Guacamole Daemon) to run on boot after the installation.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start guacd<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre id=\"block-336b2447-9f20-42e9-950e-b094c7b8e3ff\" class=\"wp-block-preformatted\">systemctl status guacd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf guacd.service - Guacamole Server\n   Loaded: loaded (\/etc\/systemd\/system\/guacd.service; disabled; vendor preset: disabled)\n   Active: active (running) since Sat 2021-07-24 07:01:17 EAT; 6s ago\n     Docs: man:guacd(8)\n Main PID: 41779 (guacd)\n    Tasks: 1 (limit: 11388)\n   Memory: 10.0M\n   CGroup: \/system.slice\/guacd.service\n           \u2514\u250041779 \/usr\/local\/sbin\/guacd -f\n\nJul 24 07:01:17 localhost.localdomain systemd[1]: Started Guacamole Server.\nJul 24 07:01:17 localhost.localdomain guacd[41779]: Guacamole proxy daemon (guacd) version 1.3.0 started\nJul 24 07:01:17 localhost.localdomain guacd[41779]: guacd[41779]: INFO:        Guacamole proxy daemon (guacd) version 1.3.0 started\nJul 24 07:01:17 localhost.localdomain guacd[41779]: guacd[41779]: INFO:        Listening on host 127.0.0.1, port 4822\nJul 24 07:01:17 localhost.localdomain guacd[41779]: Listening on host 127.0.0.1, port 4822\n<\/code><\/pre>\n\n\n\n<p>If you want to enable guacd (Guacamole Daemon) to run on boot after the installation.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable guacd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Installing Guacamole Client on Rocky Linux 8<\/h3>\n\n\n\n<p>guacamole-client provides web application that will serve the HTML5 Guacamole client to users that connect to your server.&nbsp;The web application will then connect to&nbsp;guacd&nbsp;on behalf of connected users in order to serve them any remote desktop they are authorized to access.<\/p>\n\n\n\n<p>Create Guacamole configuration directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/guacamole<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Download Guacamole-client Binary<\/h4>\n\n\n\n<p>Guacamole client can be installed from a source code or from ready binary. Binary installation is used in this demo. Download Guacamole-client from&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/guacamole.apache.org\/releases\/\" target=\"_blank\">Guacamole releases page<\/a>&nbsp;for the respective latest version (v1.3.0 as of this writing) and store it in the configuration directory created above;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wget https:\/\/downloads.apache.org\/guacamole\/1.3.0\/binary\/guacamole-1.3.0.war -O \/etc\/guacamole\/guacamole.war<\/code><\/pre>\n\n\n\n<p>Create a symbolic link of the guacamole client to Tomcat webapps directory as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ln -s \/etc\/guacamole\/guacamole.war \/usr\/share\/tomcat\/webapps\/<\/code><\/pre>\n\n\n\n<p>Restart Tomcat to deploy the new web application;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart tomcat<\/code><\/pre>\n\n\n\n<p>Restart guacd&nbsp;daemon as well;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart guacd<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Apache Guacamole on Rocky Linux 8<\/h2>\n\n\n\n<p>Guacamole has two major configuration files;&nbsp;<code>\/etc\/guacamole<\/code>&nbsp;which is referenced by the&nbsp;<code>GUACAMOLE_HOME<\/code>&nbsp;environment variable and&nbsp;<code>\/etc\/guacamole\/guacamole.properties<\/code>&nbsp;which is the main configuration file used by Guacamole and its extensions.<\/p>\n\n\n\n<p>There are also guacamole extensions and libraries configurations. You need to create the directories for these configs;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/guacamole\/{extensions,lib}<\/code><\/pre>\n\n\n\n<p>Set the guacamole home directory environment variable and add it to&nbsp;<code><strong>\/etc\/default\/tomcat9<\/strong><\/code>&nbsp;configuration file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"GUACAMOLE_HOME=\/etc\/guacamole\" &gt;&gt; \/etc\/default\/tomcat<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure Guacamole Server Connections<\/h4>\n\n\n\n<p>To define how Guacamole connects to&nbsp;<code>guacd<\/code>, create the&nbsp;<code>guacamole.properties<\/code>&nbsp;file under&nbsp;<code><strong>\/etc\/guacamole<\/strong><\/code>&nbsp;directory with the following content.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat &gt; \/etc\/guacamole\/guacamole.properties &lt;&lt; 'EOL'\nguacd-hostname: localhost\nguacd-port:     4822\nuser-mapping:   \/etc\/guacamole\/user-mapping.xml\nauth-provider:  net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider\nEOL<\/code><\/pre>\n\n\n\n<p>After that,  link the Guacamole configurations directory to Tomcat servlet directory as shown below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ln -s \/etc\/guacamole \/usr\/share\/tomcat\/.guacamole<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure Guacamole Authentication Method<\/h4>\n\n\n\n<p>Guacamole\u2019s default authentication method reads all users and connections from a single file called&nbsp;<code>user-mapping.xml<\/code>.<\/p>\n\n\n\n<p>In this file,you need to define the&nbsp;<strong>users allowed to access Guacamole web UI<\/strong>,<strong>&nbsp;the servers to connect to<\/strong>&nbsp;and&nbsp;<strong>the method of connection<\/strong>.<\/p>\n\n\n\n<p>Generate the MD5 hash of passwords for the user used for logging into Guacamole web user interface. Replace you password accordingly;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo -n password | openssl md5<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>printf '%s' password | md5sum<\/code><\/pre>\n\n\n\n<p>Be sure to replace&nbsp;<strong>password<\/strong>&nbsp;with your strong password.<\/p>\n\n\n\n<p>Next, run the command below to create this file, <strong><code>user-mapping.xml<\/code><\/strong>, with the following contents. <\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat> \/etc\/guacamole\/user-mapping.xml << 'EOL'\n&lt;user-mapping&gt;\n\n    &lt;!-- Per-user authentication and config information --&gt;\n\n    &lt;!-- A user using md5 to hash the password\n         guacadmin user and its md5 hashed password below is used to \n             login to Guacamole Web UI--&gt;\n    &lt;authorize \n            username=\"guacadmin\"\n            password=\"5f4dcc3b5aa765d61d8327deb882cf99\"\n            encoding=\"md5\"&gt;\n\n        &lt;!-- First authorized Remote connection --&gt;\n        &lt;connection name=\"Ubuntu 20.04 Server\"&gt;\n            &lt;protocol&gt;ssh&lt;\/protocol&gt;\n            &lt;param name=\"hostname\"&gt;192.168.59.14&lt;\/param&gt;\n            &lt;param name=\"port\"&gt;22&lt;\/param&gt;\n        &lt;\/connection&gt;\n\n        &lt;!-- Second authorized remote connection --&gt;\n        &lt;connection name=\"Windows 7\"&gt;\n            &lt;protocol&gt;rdp&lt;\/protocol&gt;\n            &lt;param name=\"hostname\"&gt;192.168.56.122&lt;\/param&gt;\n            &lt;param name=\"port\"&gt;3389&lt;\/param&gt;\n            &lt;param name=\"username\"&gt;koromicha&lt;\/param&gt;\n            &lt;param name=\"ignore-cert\"&gt;true&lt;\/param&gt;\n        &lt;\/connection&gt;\n\n    &lt;\/authorize&gt;\n\n&lt;\/user-mapping&gt;\nEOL\n<\/code><\/pre>\n\n\n\n<p>If you need to explicitly define usernames and passwords, add the parameters;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;param name=\"username\"&gt;<strong>USERNAME<\/strong>&lt;\/param&gt;\n&lt;param name=\"password\"&gt;<strong>PASSWORD&lt;\/param&gt;<\/strong><\/code><\/pre>\n\n\n\n<p>Restart both Tomcat and guacd to effect the changes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart tomcat guacd<\/code><\/pre>\n\n\n\n<p>Be sure to check the syslog,&nbsp;<code><strong>\/var\/log\/messages<\/strong><\/code>&nbsp;or&nbsp;<code><strong>\/usr\/share\/tomcat\/logs\/catalina.*<\/strong><\/code>&nbsp;for any issues.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Accessing Apache Guacamole from Browser<\/h3>\n\n\n\n<p>Once Guacamole is setup, you can access it from web browser using the address&nbsp;<code><strong>http:\/\/server-IP:8080\/guacamole<\/strong><\/code>.<\/p>\n\n\n\n<p>Allow external access to Apache Guacamole via Apache Tomcat on firewalld;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=8080\/tcp --permanent<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --reload<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole.png\"><\/a><\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1027\" height=\"509\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole.png\" alt=\"\" class=\"wp-image-9806\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole.png?v=1627153427 1027w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole-768x381.png?v=1627153427 768w\" sizes=\"(max-width: 1027px) 100vw, 1027px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/guacamole-web.png\"><\/a><\/p>\n\n\n\n<p>Upon successful login, you get to Apache Guacamole web dashboard and you should be able to see the added connections.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1903\" height=\"465\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole-connx.png\" alt=\"\" class=\"wp-image-9807\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole-connx.png?v=1627153491 1903w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole-connx-768x188.png?v=1627153491 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole-connx-1536x375.png?v=1627153491 1536w\" sizes=\"(max-width: 1903px) 100vw, 1903px\" \/><\/figure>\n\n\n\n<p>Click on a connection to name to initiate remote login.<\/p>\n\n\n\n<p>For example, SSHing into my ubuntu-server vm gets a me password prompt since we already defined the user in the configuration file;<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/guacamole-ssh.png\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1352\" height=\"655\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole-remote-host.png\" alt=\"\" class=\"wp-image-9808\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole-remote-host.png?v=1627153524 1352w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/guacamole-remote-host-768x372.png?v=1627153524 768w\" sizes=\"(max-width: 1352px) 100vw, 1352px\" \/><\/figure>\n\n\n\n<p>To login to Windows 7 via RDP, just click on Windows 7. Ensure that you have allowed the user to login via RDP.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"fix-rdp-security-negotiation-failed\"><a href=\"#fix-rdp-security-negotiation-failed\">How to fix RDP server closed\/refused connection: Security negotiation failed (wrong security type?)<\/a><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/windows7-guacamole.png\"><\/a><\/h3>\n\n\n\n<p>Windows RDP Authenthication may fail with errors shown below on <code>\/var\/log\/messages<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>Jul 25 20:31:28 localhost guacd&#91;3875]: guacd&#91;4152]: WARNING:#011FreeRDP initialization may fail: The current user's home directory (\"\/sbin\") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates.\nJul 25 20:31:28 localhost guacd&#91;4152]: No security mode specified. Defaulting to security mode negotiation with server.\nJul 25 20:31:28 localhost guacd&#91;4152]: Resize method: none<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>Jul 25 20:31:29 localhost guacd&#91;4152]: RDP server closed\/refused connection: Security negotiation failed (wrong security type?)\nJul 25 20:31:29 localhost guacd&#91;3875]: guacd&#91;4152]: INFO:#011RDP server closed\/refused connection: Security negotiation failed (wrong security type?)<\/strong><\/code><\/pre>\n\n\n\n<p>As much as you need to check the <a href=\"http:\/\/guacamole.apache.org\/doc\/gug\/configuring-guacamole.html#rdp\" target=\"_blank\" rel=\"noreferrer noopener\">RDP Authentication and Security settings<\/a> on what security mode to configure, this is how I fixed the above error.<\/p>\n\n\n\n<p>Firs thing to note is Guacamole server (guacd) service runs as user <strong><code>daemon<\/code><\/strong> by default.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ps aux | grep -v grep| grep guacd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>daemon      4815  0.0  0.7  85404 14228 ?        Ss   20:44   0:00 \/usr\/local\/sbin\/guacd -f<\/code><\/pre>\n\n\n\n<p>In this case, the easiest way to enable RDP is to actually create a guacd system with its own home directory which it will have full access to write to.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>useradd -M -d \/var\/lib\/guacd\/ -r -s \/sbin\/nologin -c \"Guacd User\" guacd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/var\/lib\/guacd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R guacd: \/var\/lib\/guacd<\/code><\/pre>\n\n\n\n<p>Next, update the Guacd service user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/daemon\/guacd\/' \/etc\/systemd\/system\/guacd.service<\/code><\/pre>\n\n\n\n<p>Reload systemd daemon;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Restart Guacd Service;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart guacd<\/code><\/pre>\n\n\n\n<p>Windows RDP should now be working.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1392\" height=\"991\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/windows-rdp-guacamole.png\" alt=\"\" class=\"wp-image-9823\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/windows-rdp-guacamole.png?v=1627235895 1392w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/windows-rdp-guacamole-768x547.png?v=1627235895 768w\" sizes=\"(max-width: 1392px) 100vw, 1392px\" \/><\/figure>\n\n\n\n<p>You can now add more connections to your Guacamole. That marks the end of our guide on install Apache Guacamole.<\/p>\n\n\n\n<p>Read more on&nbsp;<a href=\"https:\/\/guacamole.apache.org\/doc\/0.9.6\/gug\/users-guide.html\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole User Guide<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/setup-apache-guacamole-openldap-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">Setup Apache Guacamole OpenLDAP Authentication<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-apache-guacamole-on-debian-10\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Apache Guacamole on Debian 10<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-guacamole-ssl-tls-with-nginx-reverse-proxy\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Guacamole SSL\/TLS with Nginx Reverse Proxy<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-enable-rdp-ssh-file-transfer-over-guacamole\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Enable RDP\/SSH File Transfer Over Guacamole<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we are going to learn how to install&nbsp;Apache Guacamole&nbsp;on Rocky Linux 8. Apache Guacamole&nbsp;is a clientless HTML5 web based remote desktop gateway<\/p>\n","protected":false},"author":1,"featured_media":9812,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,917,214],"tags":[3888,215,3885,3884,3893,3587,3887,3886],"class_list":["post-9768","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-guacamole","category-remote-desktop","tag-apache-tomcat-rocky-linux-8","tag-guacamole","tag-install-apache-guacamole-rocky-linux","tag-install-guacamole-rocky-linux-8","tag-rdp-server-closed-refused-connection-security-negotiation-failed-wrong-security-type","tag-rocky-linux-8","tag-rocky-linux-tomcat","tag-rocky-lnux-8-guacamole","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9768"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9768"}],"version-history":[{"count":18,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9768\/revisions"}],"predecessor-version":[{"id":21719,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9768\/revisions\/21719"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9812"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}