Quick update: Works: - Keyboard layout --> set in Guacamole profile - Resize --> changed to reconnect (there's a patch for "display update" at https://github.com/neutrinolabs/xrdp/pull/1820, but not present in 0.9.13.1 that ships with openSUSE 15.3)
Could you share any tips regarding: - Audio - Multiuser logins on the same machine (ala terminal server) - Any performance tuning known/suggested (connection works, although not as smooth as Win10 RDP) Regards, CI.- El mar, 24 ago 2021 a las 20:30, Ciro Iriarte (<[email protected]>) escribió: > > Thanks Nick, > > I'm giving it a try. Any tips you could share regarding: > - Screen resize with browser. > - Audio > - Keyboard layout > - Firewall rules (weirdly enough, I can't make it work enabling > 3389/tcp, only completely disabling the firewall makes it work. Still > investigating..) > > Regards, > CI.- > > El dom, 22 ago 2021 a las 15:08, Nick Couchman (<[email protected]>) escribió: > > > > On Sun, Aug 22, 2021 at 12:21 PM Ciro Iriarte <[email protected]> wrote: > >> > >> Hello!, > >> > >> I'm working on a lab environment for coworkers & given the requirements > >> are GUI Jumphosts & no licenses for OS we settled on Linux+VNC & > >> Loadbalancing pools with Guacamole. > >> > >> All the OS users will be named, authenticated to FreeIPA and potentially a > >> NFS based $HOME. Guacamole also authenticating with LDAP+OTP and > >> JDBC-stored connections. > >> > >> I've struggled setting up VNC with openSUSE 15.3 and their KDE desktop > >> (SDDM). Have a slightly better outcome with XDM (uglier but works > >> somehow). The desktops/jumphosts are running as PVE VMs, so also tested > >> with KVM/QEMU VNC support. The experience with that case is way better, > >> rock solid VNC session, even manual screen resize works, there's one > >> annoying bit (keyboard mapping for es-latam) and a major roadblock: it's > >> the VM console, user2 could land on the already logged in session for > >> user1. > >> > > > > Yes, here you have run up against one of the chief drawbacks of VNC - lack > > of session management. > > > >> > >> I imagine I could create the loadbalancing group with 1 connection per > >> user with session "stickiness" & then setup OS level timeouts to lock the > >> GUI session after no activity. That & fixing the keyboard mapping with > >> guacamole-> QEMU VNC console would make it, but feels like having a lot of > >> moving parts. > >> > > > > Yeah, if you're going to go this route, you're essentially going to have to > > rely upon Guacamole to manage the sessions, which means not load balancing > > groups and session stickiness, but also logouts. I would say that you need > > to log out as soon as Guacamole disconnects, not just lock, because you > > could still run into the same scenario. > > > >> > >> Any smarter approach to this?. Could anybody share their recipe for > >> similar scenarios?. > >> > > > > In personal experience, where I need access to Linux systems remotely, I > > tend toward xrdp instead of VNC. While xrdp is certainly far from a perfect > > RDP server implementation, it does feature TLS encryption, some basic > > session management (disconnect/reconnect and multi-user access to a single > > system), and there's even a native Xorg xrdp driver that I generally use > > that avoids having to go through the pain of setting up VNC to back xrdp > > (which was the way it was originally deployed). > > > > You'll still have to rely upon some of Guacamole's features to manage > > sessions - particularly if you want to load balance and split to multiple > > hosts, Guacamole's load balancing and session stickiness will still be > > required to help handle those things. And, if you go that route, you'll > > still have some challenges with users getting disconnected from one host > > and then logged on to a different host, where their session will > > essentially be "lost" (even if it's still running). xrdp does not have any > > inter-server communications mechanisms (that I know of, anyway) that would > > help with this, so it really would rely on Guacamole to handle that part of > > session management. > > > > Hope this helps - I'm not saying this is the "right" way to do it, just how > > I've settled on remote, graphical access to Linux systems over the past > > couple of years, and it works well for me. > > > > -Nick > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
