guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Gordon (JIRA)" <>
Subject [jira] [Commented] (GUACAMOLE-197) Implement Support for RADIUS Authentication
Date Mon, 05 Jun 2017 21:33:04 GMT


Colin Gordon commented on GUACAMOLE-197:

[] Correct, it looks like it would need to be a DB + RADIUS implementation,
since there is not a way currently to return connection information from a RADIUS server like
with LDAP. My guess is that yes, it would require the creation of connection "groups" on the
Guac side, then the returned RADIUS attributes could correspond to the groups. RADIUS accounting
is not critical since we can grab log info via Syslog, but I support RADIUS interim-updates
with similar Syslog-like data would be nice.

I would love to contribute code if I had the skill. I'm more of an implementation and systems
specialist. Thanks!

> Implement Support for RADIUS Authentication
> -------------------------------------------
>                 Key: GUACAMOLE-197
>                 URL:
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole, guacamole-client
>            Reporter: Nick Couchman
>            Assignee: Nick Couchman
>            Priority: Minor
>             Fix For: 0.9.14-incubating
> Working on implementing a RADIUS authentication module - guacamole-auth-radius.  The
basic implementation is completed - with a basic PAP or CHAP RADIUS server, the authentication
succeeds and the user is logged in.
> I'm running into an issue, though, trying to implement Challenge/Response in RADIUS.
 I have my RADIUS server configured to talk to LinOTP for MFA/2FA, and RADIUS sends the AccessChallenge
package back, asking for the second factor.  My issue is in my continual failure to grasp
the connection between the servlet side and the AngularJS web application.  I've copied the
Duo authentication code and tried to morph it into something that will present another box
for the RADIUS challenge, but I can't get my controller function to actually fire.
> Once that is working, I'd like to support other RADIUS authentication protocols, like
EAP-TLS and EAP-TTLS, so there's a little more work to be done, but right now I'm focusing
on the basic protocols and the challenge/response.
> Will have a repo posted here in a moment for working on this.

This message was sent by Atlassian JIRA

View raw message