Installing MariaDB for Guacamole Authentication
CentOS and RHEL both provide a package for the MariaDB database server called "mariadb-server". Installing this package will install a version of MariaDB that is explicitly supported by Keeper Connection Manager. If you do not have an existing database instance or third-party database hosting provider that you would prefer to use, installing a fresh instance of MariaDB for use by Guacamole will work nicely:
As with other standard CentOS / RHEL packages providing a service, the MariaDB service will not be started by default after the "mariadb-server" package is installed. It must be started manually, and then configured to automatically start if the system is rebooted:
Dropping default anonymous users
If MariaDB is installed locally (on the same server as Apache Guacamole), its default configuration will prevent Guacamole from authenticating. This is due to the way that MariaDB handles authentication and anonymous database users: if an anonymous user is defined for the same hostname/address, MariaDB will use only the anonymous user, and authentication using a non-anonymous user and password from the same hostname/address will fail.
This can be checked by querying MariaDB's user table directly:
Any users with empty usernames in the results of the above query are anonymous users which may block authentication from succeeding:
Dropping those users should allow non-anonymous authentication from those same hosts to succeed:
Pointing Guacamole at the new MariaDB instance
Once MariaDB has been deployed, you should move forward with configuring Guacamole to use your new MariaDB instance. This process is documented in its entirety, and the default /etc/guacamole/guacamole.properties
file also contains placeholders and comments to help guide administrators to the correct configuration properties. Overall, the process will involve:
Installing the package providing MySQL / MariaDB support (
kcm-guacamole-auth-jdbc-mysql
).Creating a new database within your MariaDB instance using the provided schema files.
Creating a database user that Guacamole can use to execute queries against your database.
Editing
/etc/guacamole/guacamole.properties
to point Guacamole at your database (and to specify the credentials of the database user it should use).
Last updated