Dear Mike!
Thank you very much for your help.
It works.
2021-09-23 20:30 időpontban Mike Jumper ezt írta:
On Thu, Sep 23, 2021, 10:50 Erdődi Zoltán
wrote:
Good Day!
How do I assign a connection to a user who is authenticated with a
radius?
[2021-09-23 16:04:13] [info] 16:04:13.139 [http-nio-8080-exec-1]
DEBUG
o.a.g.r.auth.AuthenticationService - Login was successful for user
"XYZUSER".
[2021-09-23 16:04:13] [info] 16:04:13.730 [http-nio-8080-exec-10]
DEBUG
o.a.g.rest.RESTExceptionMapper - Client request rejected: Session
not
associated with authentication provider "radius".
Login ok, but no RDP connection.
Where and how to define it ?
guacamole.properties or user-mapping.xml .
Neither - you would use one of the supported databases (MySQL,
PostgreSQL, etc.) and create the connection in the admin web interface
that becomes available once a database is set up. You can then create
the needed linkage between RADIUS and the connection in the database
by doing one of the following:
* Create a user in the database using the web interface (without
setting a password) having the same username as the RADIUS user, and
grant access to the connection to that user. By not setting a
password, the user will still only be able to log in using RADIUS, but
will inherit access to any connections granted to their corresponding
database user.
* Create a user group having the same name as a RADIUS group of which
the user is a member, and grant access to the connection to that
group.
This is also how things work when combining LDAP with the database,
except that administration is made more convenient in the LDAP case
since users and groups can retrieved from the LDAP directory. Since
users/groups can't be pulled automatically from RADIUS, you need to
enter them manually.
See
https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database
for how this works in principle.
- Mike
--
Erdődi Zoltán
Informatikai Rendszergazda
Könyvtár-informatikai és Adatgazdálkodási Egység
SZTE Informatikai és Szolgáltatási Igazgatóság
H-6722 Szeged, Ady tér 10.
Tel.: +36(62)546-666
ÉRTESÍTÉS BIZALMAS LEVELEZÉSHEZ
Az ebben az e-mailben található információk bizalmasak. Csak a
megjelölt címzettekhez szól, és a hozzáférés harmadik személyek számára
meg nem engedett. Amennyiben nem Ön a levél tényleges címzettje, akkor
nem hozhatja nyilvánosságra, nem másolhatja, nem továbbíthatja illetve
más módon sem használhatja az ebben az e-mailben található
információkat, illetve azokra nem is támaszkodhat. Az ilyen jellegű
jogosulatlan felhasználás jogellenes. Amennyiben tévesen kapta meg ezt
az e-mailt, kérjük, hogy azonnal értesítse a feladót, valamint
távolítsa el a levelet és összes másolatát számítógépes rendszeréből.
PRIVACY NOTICE FOR CONFIDENTIAL COMMUNICATIONS
The information contained in this e-mail is confidential. It is
intended only for the stated addressee(s) and access to it by any other
person is unauthorised. If you are not an addressee, you must not
disclose, copy, circulate or in any other way use or rely on the
information contained in this e-mail. Such unauthorised use may be
unlawful. If you have received this e-mail in error, please inform us
immediately and delete it and all copies from your system.
-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org