[
https://issues.apache.org/jira/browse/GUACAMOLE-792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman reassigned GUACAMOLE-792:
---------------------------------------
Assignee: Nick Couchman
> Radius Provider returns Group - like LDAP Provider
> --------------------------------------------------
>
> Key: GUACAMOLE-792
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-792
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-radius
> Affects Versions: 1.0.0, 1.1.0
> Reporter: David Young
> Assignee: Nick Couchman
> Priority: Minor
> Labels: features
>
> This Improvement would reduce admin for those of us who use Radius for
> authentication
> against a Directory (in our case Microsoft Active Directory) with a database
> provider that will be using Groups to mange connections, if Groups could be
> used somehow.
> One possibility...
> Radius Servers could be configured to return a Group name that matches a
> Group in the database, by using the RADIUS Vendor-Specific attribute, set to
> the desired Group name for that Server authentication rule.
> In this wishful scenario the Radius provider would treat the Group name in
> the same way the LDAP provider now appears to be doing with the resolution
> of issue 715.
> Another possibility...
> a property in guacamole.properties to tell guacamole that authentication by
> both the radius and ldap modules is required. This would ensure LDAP Group
> name retrieval after successful authentication by both the radius and ldap
> mdules.
> (In our case, we need to use Radius instead of LDAP because of the
> requirement to use MFA.)
> [https://tools.ietf.org/html/rfc2865#page-47]
> Implies addition of guacamole.properties entries for the vendor-id and type.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
