On Sun, Jan 26, 2020 at 5:18 AM drhy <[email protected]> wrote:
> Hi, > > LDAP with Active Directory and a Guacamole database (eg MySQL) can be > configured so that no users need to be added to the database. When LDAP > successfully authenticates a user, it returns the user's Active Directory > Group names and where any match names for groups of Connections in the > database then those Connections are available to the user. Almost zero user > administration ! > > Is there any way to add Radius authentication into this? > My reason for asking is that we use Azure MFA triggered by Radius > Authentication, but would really like the low admin overhead that the LDAP > module allows for. > > I think there are a couple of things coming that will help you out with this. First, in the code for the upcoming 1.1.0 release we corrected a bug and tweaked how user/group mapping is handled across the modules such that it works in a way that makes a little more sense. For reference, the following two JIRA issues should help: https://issues.apache.org/jira/browse/GUACAMOLE-715 https://issues.apache.org/jira/browse/GUACAMOLE-696 Beyond that, there are a couple of open JIRA issues - still be worked, and won't be in 1.1.0 code - related to allowing other modules to pass through group information into Guacamole. There is a PR in progress for this for CAS, and I think there is an open issue for at least the RADIUS module. If the above issues don't solve it, hopefully we'll be able to add it in the near-future via changes to the other authentication extensions. -Nick
