RE: groups for user .

2017-06-20 Thread James Fraser 
Hi Goncalo

You might find you can accomplish what you want with posh ssh module for ssh in 
powershell

https://github.com/darkoperator/Posh-SSH



-Original Message-
From: Goncalo Rosa [mailto:goncalo.r...@v2s.us] 
Sent: Tuesday, 20 June 2017 5:15 PM
To: user@guacamole.incubator.apache.org
Subject: RE: groups for user .

Hi,

I am using Guacamole on a lab environment, where Guacamole servers are staying 
in a DMZ.

So I don't want to integrate with our lab domain, since don't want to expose it 
to the DMZ. Instead I decided to implement local mariadb database for each 
guacamole server.

On the other hand I have around 200 users being weekly assigned to lab 
environments dynamically. And I have a centralized windows 2008 R2 server that 
provides management to all lab environment components. So I constantly need to 
add and remove connections to users from this Windows 2008 R2 servers on 
Guacamole servers.

The way I did it and works great, was using powershell scripts, that uses ssh 
to remotely run bash scripts on each guacamole server, that on their hand 
execute SQL statements against MariaDB database.

And actually just work great with no errors and quite clean.

I also tried to run powershell commands straight to MariaDB with mysql 
connector, however didn't work, since most of the sql statements requires 
multiple instructions per connection and I couldn't find a way to make it 
happen through mysql-connector invoked from powershell.

So I would suggest you to think in a solution as such, that would allow you to 
manage your connections around easily and smoothly.

Cheers

Gonçalo Rosa


W: www.v2s.us   Skype: goncalo_rosa

-Original Message-
From: s1324 [mailto:steve_al...@csx.com] 
Sent: Tuesday, June 20, 2017 01:25
To: user@guacamole.incubator.apache.org
Subject: RE: groups for user .

Did you get this issue resolved?

I am having the same challenge.



--
View this message in context: 
http://apache-guacamole-incubating-users.2363388.n4.nabble.com/groups-for-user-tp407p1177.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at 
Nabble.com.

Re: groups for user .

2017-06-20 Thread Alder, Steve 
For ‘strategic business reasons’, I am trying to keep connections in MariaDB 
and authentication from AD.  The current product, doesn’t require altering AD.  
Not my call.

The plan is/was to have multiple installations of Guacamole allowing access 
through control-points into differing secured zones of our network.  One 
installation would point at AD-group-ZONE1 for authentication, in Guac the 
admin would assign connections into ‘ZONE1’ to everyone in AD-group-ZONE1.  
Rinse and repeat for ZONE2,3,4, etc.  With the intention that ~600 users would 
be using it for access into these zones.  My *NIX sysadmin team has been 
happily using it for some time now.  Because the team (~20) nor the connections 
changes frequently; and when they do, it is trivial for them to management it 
internal to the team.  For the mass population, the changes are just to 
frequent to manage in this fashion.

I have tried numerous iterations of configuring this and wind up either with 
ALL users being displayed in the “Users” tab and having to manually assign each 
user connections, or only the AD-group being shown in the “Users” tab but the 
users (in that group) being unable to even login to Guac.  I am going to look 
into the cross-platform scripting to strip the users from the AD-group and 
assign them connections in MariaDB.  It spreads the solution’s footprint out a 
bit, but I will see where it goes.


From: Mike Jumper <mike.jum...@guac-dev.org>
Reply-To: "user@guacamole.incubator.apache.org" 
<user@guacamole.incubator.apache.org>
Date: Tuesday, June 20, 2017 at 14:31
To: "user@guacamole.incubator.apache.org" <user@guacamole.incubator.apache.org>
Subject: Re: groups for user .

On Jun 20, 2017 11:25 AM, "Alder, Steve" 
<steve_al...@csx.com<mailto:steve_al...@csx.com>> wrote:
Thank you so much for the information, and responding.  I am currently in an 
environment with multiple thousands of user accounts, and am just POC’ing 
Guacamole as a replacement for an existing commercial product.  I think the 
inability to assign connections (natively) via group membership might be 
show-stopper for us at this point.

What about leveraging LDAP or AD?

Though guac's database backend doesn't implement user groups, the LDAP backend 
inherently does. Connections themselves are defined using a group-type object.

- Mike




This email transmission and any accompanying attachments may contain CSX 
privileged and confidential information intended only for the use of the 
intended addressee. Any dissemination, distribution, copying or action taken in 
reliance on the contents of this email by anyone other than the intended 
recipient is strictly prohibited. If you have received this email in error 
please immediately delete it and notify sender at the above CSX email address. 
Sender and CSX accept no liability for any damage caused directly or indirectly 
by receipt of this email.

Re: groups for user .

2017-06-20 Thread Mike Jumper 
On Jun 20, 2017 11:25 AM, "Alder, Steve"  wrote:

Thank you so much for the information, and responding.  I am currently in
an environment with multiple thousands of user accounts, and am just
POC’ing Guacamole as a replacement for an existing commercial product.  I
think the inability to assign connections (natively) via group membership
might be show-stopper for us at this point.


What about leveraging LDAP or AD?

Though guac's database backend doesn't implement user groups, the LDAP
backend inherently does. Connections themselves are defined using a
group-type object.

- Mike

Re: groups for user .

2017-06-20 Thread Alder, Steve 
Thank you so much for the information, and responding.  I am currently in an 
environment with multiple thousands of user accounts, and am just POC’ing 
Guacamole as a replacement for an existing commercial product.  I think the 
inability to assign connections (natively) via group membership might be 
show-stopper for us at this point. 



On 6/20/17, 03:15, "Goncalo Rosa" <goncalo.r...@v2s.us> wrote:

Hi,

I am using Guacamole on a lab environment, where Guacamole servers are 
staying in a DMZ.

So I don't want to integrate with our lab domain, since don't want to 
expose it to the DMZ. Instead I decided to implement local mariadb database for 
each guacamole server.

On the other hand I have around 200 users being weekly assigned to lab 
environments dynamically. And I have a centralized windows 2008 R2 server that 
provides management to all lab environment components. So I constantly need to 
add and remove connections to users from this Windows 2008 R2 servers on 
Guacamole servers.

The way I did it and works great, was using powershell scripts, that uses 
ssh to remotely run bash scripts on each guacamole server, that on their hand 
execute SQL statements against MariaDB database.

And actually just work great with no errors and quite clean.

I also tried to run powershell commands straight to MariaDB with mysql 
connector, however didn't work, since most of the sql statements requires 
multiple instructions per connection and I couldn't find a way to make it 
happen through mysql-connector invoked from powershell.

So I would suggest you to think in a solution as such, that would allow you 
to manage your connections around easily and smoothly.

Cheers

Gonçalo Rosa


W: www.v2s.us   Skype: goncalo_rosa

-Original Message-
From: s1324 [mailto:steve_al...@csx.com] 
Sent: Tuesday, June 20, 2017 01:25
To: user@guacamole.incubator.apache.org
    Subject: RE: groups for user .

Did you get this issue resolved?

I am having the same challenge.



--
View this message in context: 
http://apache-guacamole-incubating-users.2363388.n4.nabble.com/groups-for-user-tp407p1177.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at 
Nabble.com.





This email transmission and any accompanying attachments may contain CSX 
privileged and confidential information intended only for the use of the 
intended addressee. Any dissemination, distribution, copying or action taken in 
reliance on the contents of this email by anyone other than the intended 
recipient is strictly prohibited. If you have received this email in error 
please immediately delete it and notify sender at the above CSX email address. 
Sender and CSX accept no liability for any damage caused directly or indirectly 
by receipt of this email.

RE: groups for user .

2017-06-20 Thread Goncalo Rosa 
Hi,

I am using Guacamole on a lab environment, where Guacamole servers are staying 
in a DMZ.

So I don't want to integrate with our lab domain, since don't want to expose it 
to the DMZ. Instead I decided to implement local mariadb database for each 
guacamole server.

On the other hand I have around 200 users being weekly assigned to lab 
environments dynamically. And I have a centralized windows 2008 R2 server that 
provides management to all lab environment components. So I constantly need to 
add and remove connections to users from this Windows 2008 R2 servers on 
Guacamole servers.

The way I did it and works great, was using powershell scripts, that uses ssh 
to remotely run bash scripts on each guacamole server, that on their hand 
execute SQL statements against MariaDB database.

And actually just work great with no errors and quite clean.

I also tried to run powershell commands straight to MariaDB with mysql 
connector, however didn't work, since most of the sql statements requires 
multiple instructions per connection and I couldn't find a way to make it 
happen through mysql-connector invoked from powershell.

So I would suggest you to think in a solution as such, that would allow you to 
manage your connections around easily and smoothly.

Cheers

Gonçalo Rosa


W: www.v2s.us   Skype: goncalo_rosa

-Original Message-
From: s1324 [mailto:steve_al...@csx.com] 
Sent: Tuesday, June 20, 2017 01:25
To: user@guacamole.incubator.apache.org
Subject: RE: groups for user .

Did you get this issue resolved?

I am having the same challenge.



--
View this message in context: 
http://apache-guacamole-incubating-users.2363388.n4.nabble.com/groups-for-user-tp407p1177.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at 
Nabble.com.

Re: groups for user .

2017-06-19 Thread Anburaj Palraj 
no steve .

On Tue, Jun 20, 2017 at 5:55 AM, s1324  wrote:

> Did you get this issue resolved?
>
> I am having the same challenge.
>
>
>
> --
> View this message in context: http://apache-guacamole-
> incubating-users.2363388.n4.nabble.com/groups-for-user-tp407p1177.html
> Sent from the Apache Guacamole (incubating) - Users mailing list archive
> at Nabble.com.
>

RE: groups for user .

2017-06-19 Thread s1324 
Did you get this issue resolved?

I am having the same challenge.



--
View this message in context: 
http://apache-guacamole-incubating-users.2363388.n4.nabble.com/groups-for-user-tp407p1177.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at 
Nabble.com.

RE: groups for user .

2017-02-21 Thread Wuhrlin, Alain 
Hi all

I have the same problem !
I use mysql for configuration storage, and Active Directory for 
authentification.

I would like to use AD group to autorize the connection.

I see a parameter “ldap-group-base-dn” but I don’t see how to use it !


De : Anburaj Palraj [mailto:anburajr...@gmail.com]
Envoyé : mardi 21 février 2017 12:48
À : user@guacamole.incubator.apache.org
Objet : Re: groups for user .

Hi All ,


Can anyone help us with this question ?




On Tue, Feb 14, 2017 at 3:04 PM, Anburaj Palraj 
<anburajr...@gmail.com<mailto:anburajr...@gmail.com>> wrote:
Hi All,

currently am facing some difficulty in associating connection to user .

let's say if add one new connection  and i want to assign it to 10 users , i 
have to manually select each user and associate the connection to users .

instead of that can have  groupsfor users  and associate the connection to 
group , so that  it will be applicable to the part of the users in that group ?

Re: groups for user .

2017-02-21 Thread Anburaj Palraj 
Hi All ,


Can anyone help us with this question ?




On Tue, Feb 14, 2017 at 3:04 PM, Anburaj Palraj 
wrote:

> Hi All,
>
> currently am facing some difficulty in associating connection to user .
>
> let's say if add one new connection  and i want to assign it to 10 users ,
> i have to manually select each user and associate the connection to users .
>
> instead of that can have  groupsfor users  and associate the
> connection to group , so that  it will be applicable to the part of the
> users in that group ?
>
>