No more logmein Free? OpenSource to the rescue! Part 4: Using Guacamole to connect to Hyper-V guests

Door Tomba op dinsdag 6 september 2016 14:55 - Reacties (3)
CategorieŽn: Guacamole, Linux, Systeembeheer, Views: 2.189

In part 1 of my series on Guacamole we learned how to install Guacamole on an Ubuntu machine. In part 2 of my series on Guacamole we learned how to further secure the machine running Guacamole. Finally part 3 was about upgrading to a newer version of Guacamole .

Because Ubuntu 16.04.1 LTS was released I decided it was time for an upgrade of my Guacamole server. Ubuntu 16.04.1 contains both Tomcat 8 and a version of FreeRDP that supports Session Selection Extension which will allow you to directly connect to the console of your Hyper-V guests! Up to this point I was using VNC which has worse performance than RDP and is more prone to disconnects, so I was quite happy with this :)
Long story short, part 4 is about a fresh install on Ubuntu 16.04.1 LTS including instructions on how to setup a connection through RDP to a Guest VM on Hyper-V

The installation of Guacamole is still largely unchanged. I installed a vanilla Ubuntu 16.04.1 LTS Server with just OpenSSH server enabled and after updating all components I just had to install the prerequisites:

apt-get install wget make libcairo2-dev libjpeg-turbo8-dev libpng12-dev libossp-uuid-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev gcc tomcat8 tomcat8-admin tomcat8-docs

Download the Guacamole Server source:
wget -O guacamole-server-0.9.9.tar.gz http://sourceforge.net/pr...ver-0.9.9.tar.gz/download

and the War :
wget -O guacamole-0.9.9.war http://sourceforge.net/pr...camole-0.9.9.war/download

After untarring the source:
tar -xzf guacamole-server-0.9.9.tar.gz


We can compile it by running:
cd guacamole-server-0.9.9/

./configure --with-init-dir=/etc/init.d
make
make install
update-rc.d guacd defaults

ldconfig


After which it's just a question of creating the relevant files (as you can see I still just use BasicFileAuthentication)
mkdir /etc/guacamole


vi /etc/guacamole/guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822

# Location to read extra .jar's from
lib-directory: /var/lib/tomcat8/webapps/guacamole/WEB-INF/classes

# Authentication provider class
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

# Properties used by BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
Don't forget to create a valid (See Guacamoles own manual or step 10 in my original Blogpost)

After that we need to make Tomcat 8 aware of Guacamole:
mkdir /usr/share/tomcat8/.guacamole

ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat8/.guacamole


And copy the war file to the webapps dir!
cp guacamole-0.9.9.war /var/lib/tomcat8/webapps/guacamole.war

After we (re)start Guacd and Tomcat8 we should be good to go!
service guacd start

service tomcat8 restart


So now that Guacamole is up and running, how to connect to the Guest VM? Easy!
Logon to the Hyper-V server, open up an administrative PowerShell windows and type (replace {Name of Guest VM} with the Guest VM you are trying to connect to!):

PS C:\> Get-VM {Name of Guest VM} | Select-Object Id

Id
--
ed272546-87bd-4db9-acba-e36e1a9ca20b

The returned ID is the preconnection-blob so we add it as follows into /etc/guacamole/user-mapping.xml
<user-mapping>
<authorize username="testuser"
password="7a495904a8c0b3e6aabe27440b436c28"
encoding="md5">
<connection name="Test">
<protocol>rdp</protocol>
<param name="hostname">hypervserver1.contoso.local</param>
<param name="port">2179</param>
<param name="ignore-cert">true</param>
<param name="security">nla</param>
<param name="ignore-cert">true</param>
<param name="username">{ValidUsername</param>
<param name="password">{ValidPassword}</param>
<param name="domain">{ValidDomain}</param>
<param name="preconnection-blob">ed272546-87bd-4db9-acba-e36e1a9ca20b</param>
</connection>
</authorize>

</user-mapping>
If all goes well you can log in using the user testuser with password notmypassword and you will then be connected to the console of the selected Guest VM !

Don't forget to secure your installation! I did it using Apache as you can see in part 2 of this series :)

Note that Guacamole had been added to the Apache Incubator so we might see some nice improvements coming up!