guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Guacamole 1.0.0 with Radius and MySQL: Step-by-step for Linux newbies
Date Thu, 21 Feb 2019 09:08:34 GMT
On Thu, Feb 21, 2019 at 3:23 AM Kamal Ezzaki <kamalezzaki1@gmail.com> wrote:

> Hello,  i change the name of radius module so that it's loaded first and
> Guacamole check in radius server first than go back to jdbc but the
> problème is how to not go back to jdbc and check only radius if the user
> existe than go to jdbc for users data ( permission , connections ).
>

To assign permissions to RADIUS users in the JDBC module, you need to
create users in the JDBC module with the same username as the RADIUS
users.  You can then assign permissions to the user within JDBC, and the
user logging in with RADIUS will get those permissions.  Guacamole bases
this "stacking" on the username, so the usernames must be identical.

Version 1.0.0 introduced user groups; however, the way user groups are
currently implemented in Guacamole it will *not* work to create your RADIUS
users in JDBC, and then create a group in JDBC and assign the permissions
that way.  The group would need to be present in the RADIUS module, and the
RADIUS module currently does not implement group retrieval.  So,
unfortunately, for now, you would need to create those users in JDBC and
individually assign connection permissions to the user accounts in JDBC.

-Nick

Mime
View raw message