guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Niehren <>
Subject Re: guacamole admin utility
Date Sun, 31 Dec 2017 16:59:41 GMT
am i right, that the rest-api could only be used with Database-Authentication ?

I think, the cmdline-cli should work with all authentication possibilities ...

best regards

Am 31.12.2017 um 17:26 schrieb Michael Niehren:
> Hi,
> i am also no java or web developer, but i will take a look at the rest API ...
> By the way, if Mike will implement an "easy change", so that tomcat/jetty logs
> the connection id found in the guacd.log, then we have all informations to
> write a cmdline-cli in any language, see the thread "report of activities on the server"
> on
> If the "easy change" is implemented, i will try to write a cmdline-cli in tcl ...
> But if anything work's with the rest-API, that would be cleaner.
> best regards,
>   Michael
> Am 31.12.2017 um 16:28 schrieb Nick Couchman:
>> On Sun, Dec 31, 2017 at 9:39 AM, Jonathan Hunter < 
>> <>> wrote:
>>     Hi Both,
>>     For what it's worth, I would also find this kind of functionality extremely helpful.
>> Good to know.  Sounds like there are a few folks :-).
>>     I am not a skilled Java or web developer, but am using Guacamole in conjunction
with HTTP
>>     authentication and an LDAP authentication back-end to allow users to connect
to VMs. In my
>>     use case, one of the VM connections has its logon credentials stored in guacamole,
such that
>>     any user with sufficient permission to access this connection will be logged
into the VM with
>>     a specific username/password, as the application being accessed needs to be run
in a specific
>>     way.
>> The good news is that REST APIs are pretty usable by people even not skilled Java/web
>> - if you can do a little scripting, you can write something in Python or JavaScript
that will 
>> interact with the REST endpoints and accomplish what you need.  That said, I'm thinking
there may 
>> be a larger calling here for a more official CLI tool, but we'll see if the other
developers have 
>> any input on that.
>>     But, if user A connects and starts to use the application, and then later on
user B uses the
>>     same connection, this new 'user B' connection will disconnect the 'user A' session.
So, I
>>     would like to make a status page available so that people can see if there is
an active
>>     connection at the moment. Given my web coding skills, something like this proposed
CLI would
>>     be much more within my reach, than having to create something in HTML/JS. Yes,
>>     information is available in the Guacamole settings screen, but that is only available
>>     administrators and isn't obvious for a user who is unfamiliar with Guacamole
>> I would say that, in your scenario, "it depends" on whether this would actually happen
or not.  
>> For example, if your "application" is an SSH session, then presumably you can have
multiple users 
>> connect to the same connection without one disconnecting the other, or being blocking
by the 
>> other.  If your "application" is a Windows Terminal Server, again, multiple users
can connect.  
>> If it is a VNC session or a Windows Workstation (VDI) session, then, yes, either
the second user 
>> disconnects the first or gets blocked.
>>     I would also dearly love to be able to use something like nagios or cacti to
monitor active
>>     connections, etc.
>> Using the REST API should make this possible, as well.  I use Cacti to monitor via
SNMP, but 
>> Cacti is very extensible and should be able to ingest data from REST endpoints, and
I believe 
>> that NAGIOS, Zabbix, etc., also make provisions for pulling data from REST interfaces. 
>> definitely see the desire, here, but I think it's all doable using the REST interface
>> provided in the Guacamole Client.
>> On the monitoring note, though, this does highlight the difference between the Guacamole
>> and guacd, so this does depend on what you're looking to monitor. I would venture
a guess that 
>> most Guacamole users are using the Guacamole Client on the same system as guacd,
and just using 
>> it in a 1-to-1 relationship - that is, a single guacd instance for the Guacamole
>> interface.  Guacamole is designed to be scalable, though, such that you could use
multiple guacd 
>> back-ends for a single Guacamole Client, or point multiple Guacamole Clients as a
single guacd 
>> backend.  So, in more complex setups, while the REST API provides easy ways to monitor
>> Guacamole Client side, there is not much on the gaucd side that would allow for monitoring
of the 
>> backend.
>>     (Not on this exact same topic.. but if there was a way of having a shared connection
>>     default, so that user A and user B could both view the same RDP/VNC/etc. display
at the same
>>     time.. then that would be even better for me. But, that is another topic of conversation,
>>     think)
>> I believe this is possible, although you might want to start a separate discussion
thread on this 
>> and build out a little more what you're trying to accomplish. Guacamole does allow
for shared 
>> connections, such that a user can connect to one and then someone else can connect
in either a 
>> R/W or R/O fashion and view/control the same session.  I just don't know what you
mean when you 
>> say "by default" and how that would work out.  But, definitely something to open
on a separate 
>> thread.
>> -Nick
> -- 
> Michael Niehren              __   _       powered by
>                              / /  (_)__  __ ____  __
>                             / /__/ / _ \/ // /\ \/ /
>                            /____/_/_//_/\_,_/ /_/\_\

Michael Niehren              __   _       powered by
                             / /  (_)__  __ ____  __
                            / /__/ / _ \/ // /\ \/ /
                           /____/_/_//_/\_,_/ /_/\_\

View raw message