Hi everyone,
I was able to test the radius-authentication successfully.
Two more questions:
- How does Guacamole recognize whether or not a user is a radius-user? What hash is in the password-field of the mysql-db for radius-users?
- Does Guacamole support acces-challenges, like when the user has to change his password via Radius?
Login ---access-request---> access-challenge "Please change your password" ---challenge-response---> Permit.
Thanks and best wishes
Michael
Gesendet: Dienstag, 20. August 2019 um 20:33 Uhr
Von: "michael böhm" <[email protected]>
An: [email protected]
Betreff: Aw: Re: Re: docker-container for Guacamole 1.1.0
Von: "michael böhm" <[email protected]>
An: [email protected]
Betreff: Aw: Re: Re: docker-container for Guacamole 1.1.0
Hi Nick,
it worked fine with the 1.0.0-tar from the homepage. Thank you!
At least I can see radius-requests in tcpdump. Tomorrow I will check it against our freeradius.
Two more questions:
- What is the intended way of adding extensions to the docker-container? My approach was to mount a template-directory into the container and edited the start.sh-script from
| GUACAMOLE_HOME_TEMPLATE="$GUACAMOLE_HOME" |
to
| GUACAMOLE_HOME_TEMPLATE="/mounted_template" |
|
I think it would be best if you would make the template-dir configurable via environment-variables. The default setting of GUACAMOLE_HOME_TEMPLATE does not make sence as $GUACAMOLE_HOME will be whipped by the script.
- How do I tell guacamole that a user is a radius-user? Just by setting no password? Do I even have to create the user first in guacamole when it exists in the radius server? Does mysql have priority over radius? Can I also define the group / connections of a user via radius-avps or is it just authentication?
(I gues that were more than two questions...)
|
Best wishes
Michael
Gesendet: Dienstag, 20. August 2019 um 19:28 Uhr
Von: "Nick Couchman" <[email protected]>
An: [email protected]
Betreff: Re: Re: docker-container for Guacamole 1.1.0
Von: "Nick Couchman" <[email protected]>
An: [email protected]
Betreff: Re: Re: docker-container for Guacamole 1.1.0
On Tue, Aug 20, 2019 at 1:19 PM "michael böhm" <[email protected]> wrote:
Hi Nick,thanks for your answer.I basically followed this chapter and adapted it for docker:I used the given mvn-command on the checked-out repo to create a guacamole-auth-radius-1.1.0.jar which I added to the container's extension directory. I also had to disable javadoc as otherwise mvn gave me errors while compiling. I don't think that matters.On start of the container, docker logs tells me that the Radius-extension is "not compatible with this version of Guacamole" so I thought that the docker-image might be too old. Now, you tell me, that there is no 1.1.0 but what else could be the issue?
It sounds like you've checked out the repo and are trying to build the extension from that code, while the Docker image is probably version 1.0.0. This probably won't work. Try downloading the 1.0.0 source code from the Guacamole website, instead, and building from that, and then add the extension from that build into the Docker image.
-Nick
