Restful API for guacamole

[Umesh Bhatt]

Hi,

I want to integrate Guacamole with my application and want to use APIs to 
create and delete users/connections.
Is there Restful API to create user/connection and delete user/connection 
dynamically?

Regards,
Umesh

Re: Windows 10 licencing

[ivanmarcus]

I'm interested in this statement - not to start any debate, but because 
I'd like to know the veracity of it:



On 19/09/2019 12:00 p.m., sciUser wrote:

Windows 7 as of 2020 will require no
licenses


As far as I'm aware M$ making something EOL  != no licence required? If 
so, whereabouts is their definitive statement to this effect?


Thanks.

Re: Windows 10 licencing

[sciUser]

Super easy.

Windows 10 Pro will need to ran on a qualified Hyper-V server you get 4
instance with out any licensing.
If you are offering to desktops to the public you will need SA or SPLA
agreement to cover the use of the licenses.  

Windows XP requires no licenses, Windows 7 as of 2020 will require no
licenses, Server 2008 requires no licenses why? because they are legacy
Operating systems with no support.  Windows 10 pro can not be retail
licensed, it must have a SA or SPLA to it. Unless you are trying to do some
software that is desktop only, you better off getting server licenses for
Windows 2016 and skin to look like windows 10. Price difference is very
small.  In my SPLA I pay $4.00 a month per instance.  

Last thing you want is Microsoft on your a$$ for license violations. There
not as bad as Adobe and their corrupted methods,but never less call up Dell
or Microsoft ask about SA/SPLA.

Hope this helps 





-
A Cybersecurity Enablement Company 
We don't just run you through the motions, Our labs teach you how to think! 
Known good Guacamole  installations

--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: TOTP reset

[carlog]

I found out my issue,  after finding vnick's post

"Any users for whom you want TOTP enabled need permission to edit themselves
(change their own password).  Else they will not be able to enroll in TOTP."

Here's my issue.  The users are automatically added to Guac because they are
members of an AD security group.  Can I set the option for "change their own
password" to be "on" by default on all new users?

Thanks!



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Windows 10 licencing

[ivanmarcus]

I find it difficult to discuss M$ licensing and business practice 
without wanting to scream but, as far as I've been able to work out 
(after _many_ hours of research), if you want to run M$ Windows in a VM 
and access it remotely you can do this with:


- a VDA (Virtual Desktop Access) license

- Enterprise with SA 'software assurance'

I believe both of these require an annual fee (something that's an 
anathema to my clients, and me).


Trying to understand and explain this cr*p to clients is a nightmare. 
Quite reasonably one asked me just a couple of days ago 'why can't I 
just buy two normal licenses for the two remote machines I want to 
connect to my accounting package?'. Oh my! - that's all the poor guy 
wants to do, and the fact that it's _easy_ to do technically (either 2 x 
VM's or use the termiserv.dll to allow multiple connects [that M$ 
released]) , but is complicated to to hell and gone by M$ rapaciousness 
really makes me spit.


G [sound of deep breathing and counting to 1000].

Anyway, that's my read of it, but you'd really need to consult M$ to be 
sure. In practice I expect many just give up and either do it anyway, or 
find an alternative.


In the absence of a Linux application and with regard to the latter if 
anyone has any experience of 'TSPlus' 
(https://www.terminalserviceplus.com) or Graphon go-global 
(https://www.graphon.com/) I'd be pleased to hear from you - I'd still 
like to get this guy access to his package without having to interact 
with M$ and have it cost the earth, forever, and these two application 
publishing systems appear to offer a possible way forward



On 19/09/2019 6:41 a.m., Nick Couchman wrote:
On Wed, Sep 18, 2019 at 7:12 AM James Allsopp 
 wrote:


Hi,
I was wondering what Windows 10 licences people were using for
Guacamole? We want to have users logging in one at a time, but
have the windows 10 machine installed as a VM on a VMware Esxi
server, with Guacamole connecting to the server via RDP. We're
planning on buying retail Windows licences.

Section 2c v.) of the Windows Licence (

https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/Useterms_Retail_Windows_10_English.htm
 )
seems to prohibit this;
/ install the software on a server and allow users to access it
remotely, or install the software on a device for use only by
remote users; /

This seems to contradict 2d v.)
/Other users, at different times, may access the licensed device
from another device using remote access technologies, but only on
devices separately licensed to run the same or higher edition of
this software. /
/
/
But does that mean that it's only within licence terms to access
the machines from a Windows 10 Home pc?


It's been a while since I dealt directly with Windows workstation 
licensing, but my recollection of the license terms are as follows:
- You can use the remote desktop feature of a Windows workstation on a 
standard PC to access that system from a Windows edition of equal or 
greater (e.g. Pro -> Pro, Enterprise -> Pro, etc. - 2d).
- You *cannot* run any edition of Windows lower than Enterprise on a 
server to use in a "VDI"-type scenario. This means using Retail 
edition for VDI-like functionality is a no-go in Microsoft licensing 
terms.
- Not only do you need Enterprise Edition or higher (I think Ultimate 
is higher), you also need to maintain Software Assurance on the 
licenses you use for VDI.


Again, that's my recollection.  I'm also not sure how much of that 
guidance was "reseller guidance" (someone who's in it for the $$) and 
how much of that was honest legal guidance (if you do this, you're 
actually in violation of the EULA).  I'd recommend you consult someone 
intimately familiar with Microsoft licensing, but who's not in it to 
get your money (good luck finding said person).


-Nick

Re: Authenticate with RADIUS and LDAP and database

[drhy]

Hi Nick
Thanks.
I will give it a whirl with 1.1.0 an report back.
-David



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Windows 10 licencing

[James Allsopp]

The bit I was really worried about was this;

*install the software on a server and allow users to access it remotely, or
install the software on a device for use only by remote users;  *
which would seem to rule out using Guacamole, except as a portal to a
series of physical desktops.

I agree, it's hard to work out the exact meaning in the licence
*s.*

Thanks for all the effort put into the replies, much appreciated.
James

On Wed, 18 Sep 2019 at 19:47, David Barber  wrote:

> I am not denying that it is possible, simply that those licence terms mean
> under the undisclosed conditions you are *not allowed *to.
> it says quite clearly "the same or higher edition" and the bad news is it
> doesn't seem to limit those remote access technologies to MS ones
> i suspect the terms are there to stop people "renting" virtual enterprise
> or pro versions to home users to gain temporary access to enhanced features
> that may exist?
>
> Jon Westgate wrote:
>
> You can connect to a windows 10 Pro computer using RDP from Windows 10
> Home.
> You cannot connect the other way round because home lacks the RDP Service
> (without modification, which would break the license terms)
>
>
> On 18/09/2019 19:08, David Barber wrote:
>
> James Allsopp wrote:
>
> This seems to contradict 2d v.)
> *Other users, at different times, may access the licensed device from
> another device using remote access technologies, but only on devices
> separately licensed to run the same or higher edition of this software.*
>
> I take this section to mean you cannot access a windows 10 pro device from
> a lesser licence ie home edition.
>
>
>
>
> 
>  Virus-free.
> www.avast.com
> 
> <#m_-7880113635678105244_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
>
>
>

Re: Windows 10 licencing

[David Barber]

I am not denying that it is possible, simply that those licence terms 
mean under the undisclosed conditions you are *not allowed *to.
it says quite clearly "the same or higher edition" and the bad news is 
it doesn't seem to limit those remote access technologies to MS ones
i suspect the terms are there to stop people "renting" virtual 
enterprise or pro versions to home users to gain temporary access to 
enhanced features that may exist?


Jon Westgate wrote:
You can connect to a windows 10 Pro computer using RDP from Windows 10 
Home.
You cannot connect the other way round because home lacks the RDP 
Service (without modification, which would break the license terms)



On 18/09/2019 19:08, David Barber wrote:

James Allsopp wrote:

This seems to contradict 2d v.)
/Other users, at different times, may access the licensed device 
from another device using remote access technologies, but only on 
devices separately licensed to run the same or higher edition of 
this software./
I take this section to mean you cannot access a windows 10 pro device 
from a lesser licence ie home edition.




 
	Virus-free. www.avast.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>






---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: Windows 10 licencing

[Nick Couchman]

On Wed, Sep 18, 2019 at 7:12 AM James Allsopp
 wrote:

> Hi,
> I was wondering what Windows 10 licences people were using for Guacamole?
> We want to have users logging in one at a time, but have the windows 10
> machine installed as a VM on a VMware Esxi server, with Guacamole
> connecting to the server via RDP. We're planning on buying retail Windows
> licences.
>
> Section 2c v.) of the Windows Licence (
> https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/Useterms_Retail_Windows_10_English.htm
>  )
> seems to prohibit this;
> * install the software on a server and allow users to access it remotely,
> or install the software on a device for use only by remote users;  *
>
> This seems to contradict 2d v.)
> *Other users, at different times, may access the licensed device from
> another device using remote access technologies, but only on devices
> separately licensed to run the same or higher edition of this software.  *
>
> But does that mean that it's only within licence terms to access the
> machines from a Windows 10 Home pc?
>

It's been a while since I dealt directly with Windows workstation
licensing, but my recollection of the license terms are as follows:
- You can use the remote desktop feature of a Windows workstation on a
standard PC to access that system from a Windows edition of equal or
greater (e.g. Pro -> Pro, Enterprise -> Pro, etc. - 2d).
- You *cannot* run any edition of Windows lower than Enterprise on a server
to use in a "VDI"-type scenario.  This means using Retail edition for
VDI-like functionality is a no-go in Microsoft licensing terms.
- Not only do you need Enterprise Edition or higher (I think Ultimate is
higher), you also need to maintain Software Assurance on the licenses you
use for VDI.

Again, that's my recollection.  I'm also not sure how much of that guidance
was "reseller guidance" (someone who's in it for the $$) and how much of
that was honest legal guidance (if you do this, you're actually in
violation of the EULA).  I'd recommend you consult someone intimately
familiar with Microsoft licensing, but who's not in it to get your money
(good luck finding said person).

-Nick

Re: Windows 10 licencing

[Jon Westgate]

You can connect to a windows 10 Pro computer using RDP from Windows 10 Home.
You cannot connect the other way round because home lacks the RDP 
Service (without modification, which would break the license terms)



On 18/09/2019 19:08, David Barber wrote:

James Allsopp wrote:

This seems to contradict 2d v.)
/Other users, at different times, may access the licensed device from 
another device using remote access technologies, but only on devices 
separately licensed to run the same or higher edition of this 
software./
I take this section to mean you cannot access a windows 10 pro device 
from a lesser licence ie home edition.




 
	Virus-free. www.avast.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

printing pdf files through guacamole rdp session

[Christian Kraus]

I saw a huge CPU use on guacd when printing pdf files  - other files (word 
excel text etc) don't have this impact - would it be possible to implement some 
code to avoid processing pdf files - and only pass them trough to download -





thanks



Christian




Christian Kraus
Inhaber
CKC IT Consulting & Solutions e.U.
Kirschenallee 22
2120 OBERSDORF
Österreich
Telefon: +43 (0) 680 2062952
Fax:+43 820 220262992
E-mail: christian.kr...@ckc-it.at

Re: Create keymap file

[Mike Jumper]

On Tue, Sep 17, 2019 at 5:54 PM Nick Couchman  wrote:

> On Tue, Sep 17, 2019 at 3:30 AM Lesley Persyn 
> wrote:
>
>> Hi all,
>>
>> With US keyboard systems no problem. But with "Belgium Dutch keyboard"
>> (point, not french) still an issue. (if i don't select a keyboard and set
>> the remote server to US then it works fine but this should work seamlessly
>> and i need the keymap)
>>
>> What are the best practices to create a .keymap file? How to read out the
>> keyboard keys?
>>
>> I can do it myself but cannot find where to start. (i don't see any logic
>> with the 0x29,... mappings)
>>
>
> So, first big disclaimer that I've never actually written a keymap before,
> so I'm kind of venturing out here on a limb and telling you what I *think*
> should work.
>
> To answer your first question, how to read out the keyboard keys, get the
> "xev" program on a Linux system and launch it, and then press the keys -
> you'll see output like this:
>
> KeyPress event, serial 37, synthetic NO, window 0x601,
> root 0xd3, subw 0x0, time 610952169, (94,73), root:(688,379),
> state 0x0, keycode 10 (keysym 0x31, 1), same_screen YES,
> XLookupString gives 1 bytes: (31) "1"
> XmbLookupString gives 1 bytes: (31) "1"
> XFilterEvent returns: False
>
> KeyRelease event, serial 37, synthetic NO, window 0x601,
> root 0xd3, subw 0x0, time 610952264, (94,73), root:(688,379),
> state 0x0, keycode 10 (keysym 0x31, 1), same_screen YES,
> XLookupString gives 1 bytes: (31) "1"
> XFilterEvent returns: False
>
> This shows a key press and key release for the "1" key, which is keysym
> 0x31.  The en_us_qwerty.keymap file has this line:
>
> map -shift 0x29 0x02..0x0D ~ "`1234567890-="
>
> So, based on my read of this, and experimentation with xev, my guess is
> that the 0x29 is somehow the base of all of those keys on that line, and
> the "0x02..0x0D" is the range of values that are added or masked onto that
> base to get the actual value.  However, this theory is not working out on
> my keyboard - things are slightly off - so I may be getting that wrong.
> Someone else can probably help on that, or maybe it'll at least set you in
> the right direction.
>

I can clarify a bit on the format of the .keymap files. I'll be using the
German keymap as an example, but all RDP keymaps for Guacamole follow this
format. There are 5 types of lines that you will find:

1. A comment (any line starting with "#"):

https://github.com/apache/guacamole-server/blob/b181026e589d396b498de56747ab8a489b34647b/src/protocols/rdp/keymaps/de_de_qwertz.keymap#L25

2. The name of the keymap that the current keymap should inherit from (most
will say "base" here, a reference to the "base.keymap" file). This line
starts with "parent" and allows keymaps to avoid repeating common key
definitions.

https://github.com/apache/guacamole-server/blob/b181026e589d396b498de56747ab8a489b34647b/src/protocols/rdp/keymaps/de_de_qwertz.keymap#L20

3. The name of the keymap. This line starts with "name" and dictates what
the value of the "server-layout" connection parameter will need to be set
to. This value also dictates what other keymaps will specify for "parent"
if they wish to inherit from your keymap.

https://github.com/apache/guacamole-server/blob/b181026e589d396b498de56747ab8a489b34647b/src/protocols/rdp/keymaps/de_de_qwertz.keymap#L21

4. The name of the FreeRDP keyboard layout constant for the keyboard layout
that your keymap defines. The value specified here will be sent to the RDP
server during session negotiation. These are dictated by Windows / the RDP
protocol, and the FreeRDP library defines some constants for these. This
line starts with "freerdp".

https://github.com/apache/guacamole-server/blob/b181026e589d396b498de56747ab8a489b34647b/src/protocols/rdp/keymaps/de_de_qwertz.keymap#L22

5. A Windows scancode <--> X11 keysym mapping. These lines are the more
complex lines which start with "map":

https://github.com/apache/guacamole-server/blob/b181026e589d396b498de56747ab8a489b34647b/src/protocols/rdp/keymaps/de_de_qwertz.keymap#L31

The important thing to keep in mind with the scancode/keysym mapping is the
inherent difference between scancodes and keysyms - the whole reason these
keymaps exist at all. Guacamole uses X11 keysyms for key events as these
are independent of keyboard layout and define key identity. The keysym for
an uppercase "A" is always the same, regardless of where that key is
located, whether Shift or AltGr are held down, etc. Windows scancodes, on
the other hand, deal more with key location. While a keysym may mean "A", a
scancode has meaning more like "the second key from the left in the second
row". They have no meaning on their own until the keyboard layout is known,
and even then may depend on whether certain modifier keys are active.

With the above in mind, each "map" line tells Guacamole how exactly to
produce the effect of a particular key through sending Windows scancodes.
Since the keyboard layout 

Re: Windows 10 licencing

[David Barber]

James Allsopp wrote:

This seems to contradict 2d v.)
/Other users, at different times, may access the licensed device from 
another device using remote access technologies, but only on devices 
separately licensed to run the same or higher edition of this software. /
I take this section to mean you cannot access a windows 10 pro device 
from a lesser licence ie home edition.





---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: Create keymap file

[Manoj Patil]

Dear, 

I have a same issue with US keyboard layout when i pressed a key with scroll 
lock is on  that time word not type.

Means, when i pressed shift+p with scroll lock is on condition then i want to 
print a marathi word ‘पी’ 
but this not happen . 


my current setup is-

centos 7.6 64 bit
xrdp 9.6
guacamole server 1.0



> On 18-Sep-2019, at 6:23 AM, Nick Couchman  wrote:
> 
> On Tue, Sep 17, 2019 at 3:30 AM Lesley Persyn  > wrote:
> Hi all,
> 
> With US keyboard systems no problem. But with "Belgium Dutch keyboard" 
> (point, not french) still an issue. (if i don't select a keyboard and set the 
> remote server to US then it works fine but this should work seamlessly and i 
> need the keymap)
> 
> What are the best practices to create a .keymap file? How to read out the 
> keyboard keys?
> 
> I can do it myself but cannot find where to start. (i don't see any logic 
> with the 0x29,... mappings)
> 
> 
> So, first big disclaimer that I've never actually written a keymap before, so 
> I'm kind of venturing out here on a limb and telling you what I *think* 
> should work.
> 
> To answer your first question, how to read out the keyboard keys, get the 
> "xev" program on a Linux system and launch it, and then press the keys - 
> you'll see output like this:
> 
> KeyPress event, serial 37, synthetic NO, window 0x601,
> root 0xd3, subw 0x0, time 610952169, (94,73), root:(688,379),
> state 0x0, keycode 10 (keysym 0x31, 1), same_screen YES,
> XLookupString gives 1 bytes: (31) "1"
> XmbLookupString gives 1 bytes: (31) "1"
> XFilterEvent returns: False
> 
> KeyRelease event, serial 37, synthetic NO, window 0x601,
> root 0xd3, subw 0x0, time 610952264, (94,73), root:(688,379),
> state 0x0, keycode 10 (keysym 0x31, 1), same_screen YES,
> XLookupString gives 1 bytes: (31) "1"
> XFilterEvent returns: False
> 
> This shows a key press and key release for the "1" key, which is keysym 0x31. 
>  The en_us_qwerty.keymap file has this line:
> 
> map -shift 0x29 0x02..0x0D  ~ "`1234567890-="
> 
> So, based on my read of this, and experimentation with xev, my guess is that 
> the 0x29 is somehow the base of all of those keys on that line, and the 
> "0x02..0x0D" is the range of values that are added or masked onto that base 
> to get the actual value.  However, this theory is not working out on my 
> keyboard - things are slightly off - so I may be getting that wrong.  Someone 
> else can probably help on that, or maybe it'll at least set you in the right 
> direction.  Here are a few links that might help out:
> 
> https://github.com/FreeRDP/FreeRDP/wiki/Keyboard 
> 
> https://issues.apache.org/jira/browse/GUACAMOLE-233 
> 
> https://github.com/apache/guacamole-server/pull/55 
> 
>  
> Final thing I would say is that the keyboard is most likely related to 
> another keyboard that's already mapped - maybe one of the other de_ 
> keyboards, so you can probably base off of that and then just make the 
> necessary adjustments.
> 
> -Nick

Re: TOTP reset

[carlog]

I've got an issue where the first two users are working with TOTP.  The rest
of the users are not.  They successfully log in with the user name and
password, and there is no prompt for TOTP.  

Looking at the database, there are entries for guac-totp-key-confirmed=true
and guac-totp-key-secret=[key] for only user_id 1 and 2.  If I change
guac-totp-key-confirmed for my account to false, then I get the barcode
prompt after logging in, and even after entering the code, I get it again
every time I log in.  the field never changes from false to true.  If I
delete both fields for my user account, then I just log in successfully with
just user name and password.

BTW, I'm using Active Directory integration if that makes a difference.  It
is limited to users that I have in a security group.

Thanks in advance.




--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Windows 10 licencing

[Jon Westgate]

Windows Home does not have remote desktop services.
You need to use Windows Pro for that.
So long as you have not modified Windows 10 to support concurrent rdp
then you are 100% within the licensing terms.
To have a 1 VM per user you'll need to play with the settings in Guac to 
allow the user to select their VM.


Regards
Jon

On 18/09/2019 12:12, James Allsopp wrote:

Hi,
I was wondering what Windows 10 licences people were using for 
Guacamole? We want to have users logging in one at a time, but have 
the windows 10 machine installed as a VM on a VMware Esxi server, with 
Guacamole connecting to the server via RDP. We're planning on buying 
retail Windows licences.


Section 2c v.) of the Windows Licence ( 
https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/Useterms_Retail_Windows_10_English.htm ) 
seems to prohibit this;
/ install the software on a server and allow users to access it 
remotely, or install the software on a device for use only by remote 
users; /


This seems to contradict 2d v.)
/Other users, at different times, may access the licensed device from 
another device using remote access technologies, but only on devices 
separately licensed to run the same or higher edition of this software. /

/
/
But does that mean that it's only within licence terms to access the 
machines from a Windows 10 Home pc?


Thanks,
James

Windows 10 licencing

[James Allsopp]

Hi,
I was wondering what Windows 10 licences people were using for Guacamole?
We want to have users logging in one at a time, but have the windows 10
machine installed as a VM on a VMware Esxi server, with Guacamole
connecting to the server via RDP. We're planning on buying retail Windows
licences.

Section 2c v.) of the Windows Licence (
https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/Useterms_Retail_Windows_10_English.htm
)
seems to prohibit this;
* install the software on a server and allow users to access it remotely,
or install the software on a device for use only by remote users;  *

This seems to contradict 2d v.)
*Other users, at different times, may access the licensed device from
another device using remote access technologies, but only on devices
separately licensed to run the same or higher edition of this software.  *

But does that mean that it's only within licence terms to access the
machines from a Windows 10 Home pc?

Thanks,
James