[
https://issues.apache.org/jira/browse/GUACAMOLE-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17182868#comment-17182868
]
Gonzalo Araujo C commented on GUACAMOLE-221:
--------------------------------------------
"You do not need to disable NLA. The easiest way to use Guacamole alongside
Windows and NLA is to leverage Active Directory for Windows authentication and
integrate Guacamole with the same Active Directory using LDAP. Users can then
log in to Guacamole using their normal usernames and passwords, and those same
credentials can be automatically passed through to RDP connections."
It is important to mention that for "multitenant" environments where there are
several active directories and several users and several RDP servers, it is a
limitation to connect to a single AD.
Nowadays, with the possibility that the user is authenticated by NLA, an
implementation can be as simple as depending on the URL, it points to the RDP
"cluster" or "server" and then the user is asked for the login and password to
be sent to server by NLA, and, this can be hashed / cached in the localstore to
be used again from that same machine.
It is very important to have the functionality described in this issue.
Thanks for the excellent work.
> Parameter prompting within client interface
> -------------------------------------------
>
> Key: GUACAMOLE-221
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-221
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole
> Reporter: Mike Jumper
> Assignee: Nick Couchman
> Priority: Major
> Fix For: 1.3.0
>
> Attachments: image-2020-08-23-17-49-46-334.png
>
>
> {panel:bgColor=#FFFFEE}
> *The description of this issue was copied from
> [GUAC-335|https://glyptodon.org/jira/browse/GUAC-335], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> Some parameters, such as the username/password for VNC or RDP, are better
> entered manually within the client when connecting rather than stored on the
> server in MySQL or {{user-mapping.xml}}.
> Storing secure data within parameters on the server side has security
> implications that don't fit well with all use cases.
> Further, some connections would benefit if their settings can be modified
> locally before connecting. A user could change the color depth or screen size
> of their RDP session, for example, for the sake of a slower connection.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
