On Mon, May 11, 2020 at 2:14 PM Jason Keltz <[email protected]> wrote:
> Hi. > > I have a huge problem, and I'm hoping someone can help me. I have > setup a pool of Linux machines where users can login, and access a Linux > environment that resets after each logout. All the users have their own > individual logins to Guacamole (through AD). However, these users don't > have an account on the Linux systems in the pool. Instead, Guacamole > logs into the XRDP session on each system as a generic "user" account > (XRDP). After the user logs out, the environment is reset to a base > image. Sessions that are idle for an hour are automatically terminated > and reset to base state. One user left a session open and closed their > web browser. To my surprise, when a completely different Guacamole user > logged in, and clicked on the pool, they got that *same session*! I > expected that different Guacamole users would never share the same > session. However, it seems I was wrong and Guacamole is likely asking > XRDP who is logged into the system, and since the user is the "same" as > the user logged in, they can access the session. This is a HUGE > problem for me. How can I address? Since I can't generated Linux > accounts for all the users in question, I could destroy the session if > the user is disconnected, but I *Really* don't want to do this as this > means that if the user experiences temporary network issues, they lose > all their work. :( > > This really isn't a Guacamole issue, this is an RDP session management issue. You say that "Guacamole is likely asking XRDP who is logged into the system" - this is not correct, Guacamole doesn't have any such "conversation" with the XRDP server about the logged in users. All that happens is Guacamole goes to log the user into an RDP session, and the RDP server (XRDP in this case, but could just as easily be Windows) looks, first, to see if there are any disconnected sessions for that user, and, if so, logs them into the existing session. The easiest way to remediate this is to make sure the RDP server does not maintain open sessions for disconnected users - that it shuts down those sessions as soon as users disconnect. There are definitely settings for this in Windows, and I suspect XRDP has some form of configuration for this, though I couldn't tell you where off the top of my head. -Nick
