guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Radius
Date Tue, 17 Apr 2018 14:08:23 GMT
On Tue, Apr 17, 2018 at 12:15 AM, Mike Jumper <mike.jumper@guac-dev.org>
wrote:

> On Mon, Apr 16, 2018 at 7:27 PM, Fertig, Brian <brian.fertig@philips.com>
> wrote:
>
>> Mike,
>>
>>
>>
>>   Once again you and your team are awesome!
>>
>
> Thanks, but to be clear: Apache Guacamole is developed by a community, not
> by any individual's team.
>
> So I have mysql then failover to radius setup for authentication.  By
>> leaving mysql 1st and the user trying to authenticate its not going to
>> cause conflicts is it?
>>
>
> No, this shouldn't conflict. All extensions will be polled during the
> authentication process. If any authentication attempt succeeds, that
> successful attempt is used to identify the user to all other installed
> extensions. If all attempts fail, then the first failed attempt determines
> the nature of the login screen presented to the user.
>

I did see an issue, at one point, where the RADIUS module needed to be
loaded before other modules in order to work.  I don't remember the
specific circumstances, but it seems like if authentication failed for a
user in one of the previous modules the RADIUS module would not even been
evaluated.  I don't know if this is a bug that should be addressed or just
an artifact of how the module stacking works with RADIUS, but, if you run
into issues with this, you might try renaming the RADIUS authentication
module and reloading Guacamole Client (Tomcat) so that it loads the RADIUS
module, first.  In my case, I just put a 0 in front of radius -
guacamole-auth-0-radius.jar - to force it to authenticate with that
extension before the others.

-Nick

Mime
View raw message