guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From drhy <dyo...@huntergroup.co.nz>
Subject Radius Provider returns Group - like LDAP
Date Tue, 07 May 2019 00:51:41 GMT
Definitely only a wish to add to the list.

It would reduce admin for those of us who use Radius for authentication
against a Directory (in our case Microsoft Active Directory) with a database
provider that will be using Groups to mange connections, if Groups could be
used somehow.

One possibility...
Radius Servers could be configured to return a Group name that matches a
Group in the database, by using the RADIUS Vendor-Specific attribute, set to
the desired Group name for that Server authentication rule.
In this wishful scenario the Radius provider would treat the Group name in
the same way the LDAP provider now appears to be doing with the resolution
of issue 715.

(In our case, we need to use Radius instead of LDAP because of the
requirement to use MFA.)
https://tools.ietf.org/html/rfc2865#page-47
Implies addition of guacamole.properties entries for the vendor-id and type.




--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Mime
View raw message