Re: Maximum number of users that can be registered
Thanks!! 2021年8月23日(月) 10:13 Mike Jumper : > On Sun, Aug 22, 2021, 17:42 takuya morita wrote: > >> Hi, I am Takuya. >> Thank you for answering my question before. >> >> Apart from that, I have a question. >> Did the official documents say what the maximum number of users is? >> >> If it does not say, please tell me. >> > > There is no maximum. > > - Mike > >
Re: Maximum number of users that can be registered
On Sun, Aug 22, 2021, 17:42 takuya morita wrote: > Hi, I am Takuya. > Thank you for answering my question before. > > Apart from that, I have a question. > Did the official documents say what the maximum number of users is? > > If it does not say, please tell me. > There is no maximum. - Mike
Maximum number of users that can be registered
Hi, I am Takuya. Thank you for answering my question before. Apart from that, I have a question. Did the official documents say what the maximum number of users is? If it does not say, please tell me.
Re: Guacamole dynamically create connections
On Sun, Aug 22, 2021, 12:59 Tim Worcester wrote: > Greetings, > > I have been looking through the code and I have been unable to find an > event that I can intercept in guacamole-ext to allow me to dynamically spin > up a desktop via some code, operator or controller in reaction to a user > clicking on a connection-group. Is there an event that I am missing or is > this feature not currently supported? > You would implement the decorate() and redecorate() functions to decorate the UserContext, Directory, Connection, and ConnectionGroup objects of other extensions, overriding connect() to perform those additional housekeeping tasks. https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AuthenticationProvider.html#decorate-org.apache.guacamole.net.auth.UserContext-org.apache.guacamole.net.auth.AuthenticatedUser-org.apache.guacamole.net.auth.Credentials- https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AuthenticationProvider.html#redecorate-org.apache.guacamole.net.auth.UserContext-org.apache.guacamole.net.auth.UserContext-org.apache.guacamole.net.auth.AuthenticatedUser-org.apache.guacamole.net.auth.Credentials- There is a family of delegating objects provided by guacamole-ext to make this sort of decoration easier (DelegatingUserContext, DelegatingDirectory, etc.). Your extension can also add attributes to the Connection and ConnectionGroup objects to make the details of the desktop that needs to be spun up editable to an admin. - Mike
Guacamole dynamically create connections
Greetings, I have been looking through the code and I have been unable to find an event that I can intercept in guacamole-ext to allow me to dynamically spin up a desktop via some code, operator or controller in reaction to a user clicking on a connection-group. Is there an event that I am missing or is this feature not currently supported? Cheers, Tim
Re: Pseudo VDI: VNC pool
On Sun, Aug 22, 2021 at 12:21 PM Ciro Iriarte wrote: > Hello!, > > I'm working on a lab environment for coworkers & given the requirements > are GUI Jumphosts & no licenses for OS we settled on Linux+VNC & > Loadbalancing pools with Guacamole. > > All the OS users will be named, authenticated to FreeIPA and potentially a > NFS based $HOME. Guacamole also authenticating with LDAP+OTP and > JDBC-stored connections. > > I've struggled setting up VNC with openSUSE 15.3 and their KDE desktop > (SDDM). Have a slightly better outcome with XDM (uglier but works somehow). > The desktops/jumphosts are running as PVE VMs, so also tested with KVM/QEMU > VNC support. The experience with that case is way better, rock solid VNC > session, even manual screen resize works, there's one annoying bit > (keyboard mapping for es-latam) and a major roadblock: it's the VM console, > user2 could land on the already logged in session for user1. > > Yes, here you have run up against one of the chief drawbacks of VNC - lack of session management. > I imagine I could create the loadbalancing group with 1 connection per > user with session "stickiness" & then setup OS level timeouts to lock the > GUI session after no activity. That & fixing the keyboard mapping with > guacamole-> QEMU VNC console would make it, but feels like having a lot of > moving parts. > > Yeah, if you're going to go this route, you're essentially going to have to rely upon Guacamole to manage the sessions, which means not load balancing groups and session stickiness, but also logouts. I would say that you need to log out as soon as Guacamole disconnects, not just lock, because you could still run into the same scenario. > Any smarter approach to this?. Could anybody share their recipe for > similar scenarios?. > > In personal experience, where I need access to Linux systems remotely, I tend toward xrdp instead of VNC. While xrdp is certainly far from a perfect RDP server implementation, it does feature TLS encryption, some basic session management (disconnect/reconnect and multi-user access to a single system), and there's even a native Xorg xrdp driver that I generally use that avoids having to go through the pain of setting up VNC to back xrdp (which was the way it was originally deployed). You'll still have to rely upon some of Guacamole's features to manage sessions - particularly if you want to load balance and split to multiple hosts, Guacamole's load balancing and session stickiness will still be required to help handle those things. And, if you go that route, you'll still have some challenges with users getting disconnected from one host and then logged on to a different host, where their session will essentially be "lost" (even if it's still running). xrdp does not have any inter-server communications mechanisms (that I know of, anyway) that would help with this, so it really would rely on Guacamole to handle that part of session management. Hope this helps - I'm not saying this is the "right" way to do it, just how I've settled on remote, graphical access to Linux systems over the past couple of years, and it works well for me. -Nick >
Pseudo VDI: VNC pool
Hello!, I'm working on a lab environment for coworkers & given the requirements are GUI Jumphosts & no licenses for OS we settled on Linux+VNC & Loadbalancing pools with Guacamole. All the OS users will be named, authenticated to FreeIPA and potentially a NFS based $HOME. Guacamole also authenticating with LDAP+OTP and JDBC-stored connections. I've struggled setting up VNC with openSUSE 15.3 and their KDE desktop (SDDM). Have a slightly better outcome with XDM (uglier but works somehow). The desktops/jumphosts are running as PVE VMs, so also tested with KVM/QEMU VNC support. The experience with that case is way better, rock solid VNC session, even manual screen resize works, there's one annoying bit (keyboard mapping for es-latam) and a major roadblock: it's the VM console, user2 could land on the already logged in session for user1. I imagine I could create the loadbalancing group with 1 connection per user with session "stickiness" & then setup OS level timeouts to lock the GUI session after no activity. That & fixing the keyboard mapping with guacamole-> QEMU VNC console would make it, but feels like having a lot of moving parts. Any smarter approach to this?. Could anybody share their recipe for similar scenarios?. Regards, CI.-
Re: Filtering out LDAP groups for JDBC sync/autocreate
Thanks!, will compile and move the client to git/master too then. Regards, CI.- On Sat, Aug 21, 2021, 07:36 Nick Couchman wrote: > On Sat, Aug 21, 2021 at 1:03 AM Ciro Iriarte wrote: > >> Hello!, >> >> I've setup Guacamole client 1.3.0 + Guacamole-server git/master. It's >> authenticating with FreeIPA and it's paired with MariaDB DB connected >> with JDBC. >> >> Using ldap-user-search-filter I'm able to autocreate the users members >> of guaca-* groups, but looking up the groups once logged in, all the >> directory groups are visible. Is there a configuration option >> available to just import/show groups following another filter?. >> >> > There will be in the next release, but the functionality does not exist in > 1.3.0. For 1.4.0 a "ldap-group-filter" property has been added that allows > you to filter out the groups pulled in by LDAP: > > https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-996 > > 1.4.0 is a future release, and there is no planned released date, yet, > though we are (hopefully) getting close. > > -Nick >