|
|
@@ -0,0 +1,104 @@
|
|
|
+ <!DOCTYPE html>
|
|
|
+ <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
|
|
|
+ <head>
|
|
|
+ <title>Setting Up Apache Guacamole LDAP Authentication in Docker</title>
|
|
|
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
|
+ <meta charset="UTF-8">
|
|
|
+ <meta name="keywords" content="Browser Based,Docker Made Easy,Home Lab,Home Lab Ideas,Install Guide,Self-Hosted,Web Based,Web Based Tools,AD,Active Directory,Administration,Apache Guacamole,Apache Guacamole Installation Guide,Apache Guacamole LDAP Authentication,Authentication,LDAP,Linux,Ubuntu,Web Based RDP,Web Based SSH,System Administration,System Administrator,SSH,Container,Containerization,Docker,Docker Host,Docker Made Simple,How To,Tutorial,i12bretro">
|
|
|
+ <meta name="author" content="i12bretro">
|
|
|
+ <meta name="description" content="Setting Up Apache Guacamole LDAP Authentication in Docker">
|
|
|
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
+ <meta name="revised" content="06/23/2022 01:33:13 PM" />
|
|
|
+ <link rel="icon" type="image/x-icon" href="includes/favicon.ico">
|
|
|
+ <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
|
|
|
+ <script type="text/javascript" src="includes/js/steps.js"></script>
|
|
|
+ <link href="css/steps.css" rel="stylesheet" type="text/css" />
|
|
|
+ </head>
|
|
|
+ <body>
|
|
|
+ <div id="gridContainer">
|
|
|
+ <div class="topMargin"></div>
|
|
|
+ <div id="listName" class="topMargin">
|
|
|
+ <h1>Setting Up Apache Guacamole LDAP Authentication in Docker</h1>
|
|
|
+ </div>
|
|
|
+ <div></div>
|
|
|
+ <div id="content">
|
|
|
+ <h2>What is Apache Guacamole?</h2>
|
|
|
+
|
|
|
+<blockquote><em>Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. We call it clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser. - <a href="https://guacamole.apache.org/" target="_blank">https://guacamole.apache.org/</a></em></blockquote>
|
|
|
+
|
|
|
+<h2>Installing Docker</h2>
|
|
|
+
|
|
|
+<ol>
|
|
|
+ <li>Log into the Linux based device</li>
|
|
|
+ <li>Run the following commands in the terminal
|
|
|
+ <div class="codeBlock"># install prerequisites<br />
|
|
|
+ sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg-agent -y<br />
|
|
|
+ # add docker gpg key<br />
|
|
|
+ curl -fsSL https://download.docker.com/linux/$(awk -F'=' '/^ID=/{ print $NF }' /etc/os-release)/gpg | sudo apt-key add -<br />
|
|
|
+ # add docker software repository<br />
|
|
|
+ sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/$(awk -F'=' '/^ID=/{ print $NF }' /etc/os-release) $(lsb_release -cs) stable"<br />
|
|
|
+ # install docker<br />
|
|
|
+ sudo apt install docker-ce docker-compose containerd.io -y<br />
|
|
|
+ # enable and start docker service<br />
|
|
|
+ sudo systemctl enable docker && sudo systemctl start docker<br />
|
|
|
+ # add the current user to the docker group<br />
|
|
|
+ sudo usermod -aG docker $USER<br />
|
|
|
+ # reauthenticate for the new group membership to take effect<br />
|
|
|
+ su - $USER</div>
|
|
|
+ </li>
|
|
|
+</ol>
|
|
|
+
|
|
|
+<h2>Configuring Apache Guacamole</h2>
|
|
|
+
|
|
|
+<ol>
|
|
|
+ <li>Continue with the following commands in a terminal window
|
|
|
+ <div class="codeBlock"># create working directories<br />
|
|
|
+ mkdir ~/docker/mariadb -p<br />
|
|
|
+ # set owner of docker directory<br />
|
|
|
+ sudo chown $USER ~/docker -R<br />
|
|
|
+ # download the guacamole container<br />
|
|
|
+ docker pull guacamole/guacamole<br />
|
|
|
+ # run the mariadb docker container<br />
|
|
|
+ docker run -d --name mariadb -e MYSQL_ROOT_PASSWORD=r00tp@ss -v ~/docker/mariadb:/var/lib/mysql -p 3306:3306 --restart=unless-stopped mariadb:latest<br />
|
|
|
+ # create database init script<br />
|
|
|
+ docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > ~/docker/mariadb/guacamole_db.sql<br />
|
|
|
+ # connect to mariadb container shell<br />
|
|
|
+ docker exec -ti mariadb /bin/bash<br />
|
|
|
+ # connect to mariadb as root user<br />
|
|
|
+ mysql -uroot -pr00tp@ss<br />
|
|
|
+ # create the database<br />
|
|
|
+ create database guacamole;<br />
|
|
|
+ # create and configure the database user<br />
|
|
|
+ GRANT ALL ON guacamole.* TO 'guacamole_rw'@'%' IDENTIFIED BY 'Guac@m0le!';<br />
|
|
|
+ # flush mariadb privileges<br />
|
|
|
+ flush privileges;<br />
|
|
|
+ # exit mariadb cli<br />
|
|
|
+ quit<br />
|
|
|
+ # import the guacamole schema<br />
|
|
|
+ cat /var/lib/mysql/guacamole_db.sql | mysql -uroot -pr00tp@ss -Dguacamole<br />
|
|
|
+ # exit the maridb container shell<br />
|
|
|
+ exit<br />
|
|
|
+ # run the guacd container<br />
|
|
|
+ docker run -d --name guacd --network host guacamole/guacd<br />
|
|
|
+ # run the guacamole container<br />
|
|
|
+ # update the LDAP environmental variables as needed<br />
|
|
|
+ docker run -d --name guacamole --network host -e GUACD_HOSTNAME=127.0.0.1 -e MYSQL_HOSTNAME=127.0.0.1 -e MYSQL_DATABASE=guacamole -e MYSQL_USER=guacamole_rw -e MYSQL_PASSWORD=Guac@m0le! -e LDAP_HOSTNAME="10.10.27.1" -e LDAP_PORT=389 -e LDAP_ENCRYPTION_METHOD="none" -e LDAP_USER_BASE_DN="DC=i12bretro,DC=local" -e LDAP_USERNAME_ATTRIBUTE="sAMAccountName" -e LDAP_SEARCH_BIND_DN="CN=Readonly SVC,CN=Users,DC=i12bretro,DC=local" -e LDAP_SEARCH_BIND_PASSWORD="Read0nly!" --restart=unless-stopped guacamole/guacamole</div>
|
|
|
+ </li>
|
|
|
+ <li>Open a web browser and navigate to http://DNS-or-IP:8080/guacamole/</li>
|
|
|
+ <li>Log in with guacadmin/guacadmin</li>
|
|
|
+ <li>Go to Settings > Users</li>
|
|
|
+ <li>Create a new admin user and grant all permissions</li>
|
|
|
+ <li>Log out and log in as the new admin user</li>
|
|
|
+ <li>Go to Settings > Users > Delete the guacadmin user</li>
|
|
|
+ <li>Go to Settings > Users</li>
|
|
|
+ <li>Create a new user with the LDAP user name, leave the password field blank and grant the necessary permissions</li>
|
|
|
+ <li>Log out and log in as the LDAP user using the LDAP password</li>
|
|
|
+ <li>Enjoy browser based SSH, VNC, RDP and more</li>
|
|
|
+</ol>
|
|
|
+
|
|
|
+<p>Documentation: <a href="https://guacamole.apache.org/doc/gug/guacamole-docker.html#ldap-authentication" target="_blank">https://guacamole.apache.org/doc/gug/guacamole-docker.html#ldap-authentication</a></p>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+ </body>
|
|
|
+ </html>
|
|
|
+
|
i12bretro