Re: Specific permissions to Active Sessions / Kill Sessions

2024-05-16 Thread Prakhar Jalan 
Hello!

Do we have any documentation on those finer grain permission controls?

Thanks!

Prakhar


From: Nick Couchman 
Sent: Thursday, May 16, 2024 12:23 AM
To: user@guacamole.apache.org 
Subject: Re: Specific permissions to Active Sessions / Kill Sessions

On Wed, May 15, 2024 at 2:35 PM Rasmus Hvitfeldt 
 wrote:
Hi all,

Is there a way to give specific permissions to a user group so they can kill 
any active session? We have a privileged user group that would require that 
ability. But of course we don’t want to give them Administer system rights.


Currently the only way to assign a user permissions to view other user's active 
sessions and to kill those sessions is to make them a system administrator. 
Guacamole does actually support some finer-grain permissions control, such as 
assigning administrative access for a specific connection to a user or group, 
but there's no way to accomplish this in the web interface at the moment.

-Nick

Re: Guacamole - Ubuntu Connection

2024-05-16 Thread Nick Couchman 
On Tue, May 14, 2024 at 11:13 AM Viji Shankar 
wrote:

> Hi Team,
>
> We are using Linux (Ubuntu 22.04). We have rebooted Ubuntu after an update
> and also restarted the Guacamole Pod. We are using Guacamole 1.5.3.
> services are also running. We have checked guacamole container logs. We are
> getting this following error,
>
>
>
>
>
>
>
>
> *Exception in thread "Thread-886" java.lang.IllegalStateException: Message
> will not be sent because the WebSocket session has been closed at
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:449)
> at
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:307)
> at
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:249)
> at
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
> at
> org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:36)
> at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
> at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)*
>
>
The first thing to check, if you're proxying Guacamole behind Nginx or
Apache httpd, or any other reverse proxy, is that you've configured the
reverse proxy correctly. The parameters required are in the manual:

https://guacamole.apache.org/doc/gug/reverse-proxy.html

In particular, for Nginx, make sure buffering is disabled.

Beyond that, you'll need to dig into log files and do some additional
network troubleshooting to figure out why the WebSocket session is being
closed prematurely. If there's some web application firewall or SSL
inspection going on in the path between the browser and the Tomcat server,
it could be interfering with the WebSocket connection. You'll need to
figure out why.

-Nick

>

Re: Using LDAP to authenticate to balancing group

2024-05-16 Thread Nick Couchman 
On Wed, May 15, 2024 at 6:20 AM David Lomas 
wrote:

> Hi,
>
> I've set up a balancing group in Guacamole which contains 3 test
> connections to individual machines. If I create test users in the web
> interface and assign them to the group (but _not_ to individual
> connections), I can see the balancing working—when each user logs in, they
> are assigned to an available connection.
>
>
If you're setting up a balancing group, then this means that you're using
the JDBC (DB) extension for storing connections, correct?


> But how can I 'target' a user who is authenticated via LDAP to this
> connection group? The documentation shows how to return a connection to a
> specific machine as part of the guacConfigParameter object (hostname: xyz,
> etc.) but I couldn't find anything about returning a connection group
> there. Is this possible? Is there some documentation I've missed?
>
>
There are two ways to do this:
* You can create a user account in the database that has the same user name
(generally case-sensitive) as the LDAP user, and assign permission for a
connection or connection group to the user. Note that this can also be
largely automated by enabling the auto account-creation capability. See:
https://guacamole.apache.org/doc/gug/ldap-auth.html#associating-ldap-with-a-database
,
https://guacamole.apache.org/doc/gug/jdbc-auth.html#auto-creating-database-users
* Instead of doing this based on username, you can do this with user groups
- if you enable group searching in LDAP, you can assign the permissions to
the groups, and, as long as the groups in the database have the same name
as the LDAP groups, Guacamole will associate those permissions.

-Nick

Re: Custom Front-end

2024-05-16 Thread emerson . bezerra 
Hi Nick.

Do you recommend any extensions? Or commercial support companies?


Em qui., 16 de mai. de 2024 às 10:05, Nick Couchman 
escreveu:

> On Thu, May 16, 2024 at 9:00 AM Tom Eaton  wrote:
>
>> There is a comprehensive guide in the docs:
>> https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html
>>
>> On Thu, 16 May 2024 at 13:56, Prakhar Jalan 
>> wrote:
>>
>>> Hello,
>>>
>>> I am looking to create a custom front-end. Would really appreciate if
>>> someone could guide me how to go about it?
>>>
>>>
> I'll add to Tom's response that this greatly depends on what your end goal
> is - if you just want to use the common bits (the Guacamole protocol) and
> are looking to write everything else (authorization/access/accounting,
> connection management, etc.) from scratch, then the guide that Tom linked
> is exactly what you'll need. If you're talking about just customizing the
> look and feel of the existing front-end, this is done using the extension
> framework. And lots of options in between those two.
>
> -Nick
>
>>

Re: Custom Front-end

2024-05-16 Thread Nick Couchman 
On Thu, May 16, 2024 at 9:00 AM Tom Eaton  wrote:

> There is a comprehensive guide in the docs:
> https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html
>
> On Thu, 16 May 2024 at 13:56, Prakhar Jalan 
> wrote:
>
>> Hello,
>>
>> I am looking to create a custom front-end. Would really appreciate if
>> someone could guide me how to go about it?
>>
>>
I'll add to Tom's response that this greatly depends on what your end goal
is - if you just want to use the common bits (the Guacamole protocol) and
are looking to write everything else (authorization/access/accounting,
connection management, etc.) from scratch, then the guide that Tom linked
is exactly what you'll need. If you're talking about just customizing the
look and feel of the existing front-end, this is done using the extension
framework. And lots of options in between those two.

-Nick

>

Re: Custom Front-end

2024-05-16 Thread Tom Eaton 
There is a comprehensive guide in the docs:
https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html

On Thu, 16 May 2024 at 13:56, Prakhar Jalan  wrote:

> Hello,
>
> I am looking to create a custom front-end. Would really appreciate if
> someone could guide me how to go about it?
>
> Many thanks!!
>
> *Terralink Cloud Solutions *
>
>
>

Custom Front-end

2024-05-16 Thread Prakhar Jalan 
Hello,

I am looking to create a custom front-end. Would really appreciate if someone 
could guide me how to go about it?

Many thanks!!


Terralink Cloud Solutions