Hi, good afternoon.
I'm a new guacamole user.
I installed it in a debian 9 and 0.9.9 guacd version. The program works fine
with local users mapping... my configuration:
/etc/guacamole/guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822
# Auth provider class (authenticates user/pass combination, needed if using the
provided login screen)
user-mapping: /etc/guacamole/user-mapping.xml
auth-provider:
net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
auth-provider:
net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
lib-directory: /etc/guacamole/extensions
# LDAP properties
ldap-hostname: ldap.craem.net
ldap-port: 389
ldap-user-base-dn: DC=craem,DC=net
ldap-search-bind-dn: CN=admin,DC=craem,DC=net
ldap-search-bind-password: passwordtuyu
ldap-username-attribute: uid
And the user mapping: /etc/guacamole/user-mapping.xml
<user-mapping>
<authorize username="craem" password="passwordtuyu">
<connection name="kamailio">
<protocol>ssh</protocol>
<param name="hostname">10.XX.XX.XX</param>
<param name="port">22</param>
</connection>
<connection name="chichi">
<protocol>ssh</protocol>
<param name="hostname">10.XX.XX.XX</param>
<param name="port">22</param>
</connection>
<connection name="copiasVeeam">
<protocol>rdp</protocol>
<param name="hostname">10.XX.XX.XX</param>
<param name="port">3389</param>
<param name="ignore-cert">true</param>
<param name="security">rdp</param>
</connection>
<connection name="copiasVeeam9">
<protocol>rdp</protocol>
<param name="hostname">10.XX.XX.XX</param>
<param name="port">3389</param>
<param name="ignore-cert">true</param>
<param name="security">rdp</param>
</connection>
</authorize>
</user-mapping>
When I enter with the username "craem", I can view / enter in all hosts that I
defined... the problem is with the open ldap authentication.
My Ldap server is an OpenLDAP. I added the openldap schema:
# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f guacConfigGroup.ldif
And the schema is ready:
root@asterisk:/usr/src# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b
cn=schema,cn=config dn
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: cn={4}zarafa,cn=schema,cn=config
dn: cn={5}radius,cn=schema,cn=config
dn: cn={6}guacConfigGroup,cn=schema,cn=config
I add one server to test:
file: entrada.ldif
dn: cn=zeus,dc=craem,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: zeus server
guacConfigProtocol: ssh
guacConfigParameter: hostname=zeus.craem.net
guacConfigParameter: port=22
member: cn=angel,ou=zarafa-users,dc=craem,dc=net
add the file to my openldap:
# ldapadd -x -D cn=admin,dc=craem,dc=net -W -f entrada.ldif
And works fine
ldapsearch to view "angel" user:
# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"
# Angel Elena, zarafa-users, craem.net
dn: cn=Angel Elena,cn=zarafa-users,dc=craem,dc=net
givenName:: xxxxx
sn: Elena
uid: angel
uidNumber: 1001
gidNumber: 500
zarafaAccount: 1
dialupAccess: 1
zarafaAdmin: 1
mobile: xxxxxx
homeDirectory: /home/angel
radiusFramedProtocol: PPP
radiusServiceType: Framed-User
radiusFramedCompression: Van-Jacobsen-TCP-IP
zarafaQuotaHard: 3000
zarafaQuotaWarn: 2000
zarafaQuotaSoft: 2500
zarafaQuotaOverride: 0
mail: [email protected]
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: zarafa-user
objectClass: radiusprofile
objectClass: zarafa-group
objectClass: person
objectClass: organizationalPerson
cn: Angel Elena
cn: angel
And the zeus "object"
# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"
# zeus, craem.net
dn: cn=zeus,dc=craem,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: zeus server
cn: zeus
guacConfigProtocol: ssh
guacConfigParameter: hostname=zeus
guacConfigParameter: port=22
member: cn=angel,ou=zarafa-users,dc=craem,dc=net
When I login with de "angel" user to the front-end, the user space is empty,
without any machine, but I can login.
Any ideas ?
Thanks
--------------------------------
Ángel Elena Medina _o)
[email protected] / \\
http://blog.craem.net _(___V
@craem_
www.linkedin.com/in/angel-elena-medina
--------------------------------
Zarafa Webapp.
