On Thu, Sep 23, 2021, 10:50 Erdődi Zoltán <zoltan.erd...@ek.szte.hu> wrote:
> Good Day! > > How do I assign a connection to a user who is authenticated with a > radius? > > > [2021-09-23 16:04:13] [info] 16:04:13.139 [http-nio-8080-exec-1] DEBUG > o.a.g.r.auth.AuthenticationService - Login was successful for user > "XYZUSER". > [2021-09-23 16:04:13] [info] 16:04:13.730 [http-nio-8080-exec-10] DEBUG > o.a.g.rest.RESTExceptionMapper - Client request rejected: Session not > associated with authentication provider "radius". > > > Login ok, but no RDP connection. > Where and how to define it ? > guacamole.properties or user-mapping.xml . > Neither - you would use one of the supported databases (MySQL, PostgreSQL, etc.) and create the connection in the admin web interface that becomes available once a database is set up. You can then create the needed linkage between RADIUS and the connection in the database by doing one of the following: * Create a user in the database using the web interface (without setting a password) having the same username as the RADIUS user, and grant access to the connection to that user. By not setting a password, the user will still only be able to log in using RADIUS, but will inherit access to any connections granted to their corresponding database user. * Create a user group having the same name as a RADIUS group of which the user is a member, and grant access to the connection to that group. This is also how things work when combining LDAP with the database, except that administration is made more convenient in the LDAP case since users and groups can retrieved from the LDAP directory. Since users/groups can't be pulled automatically from RADIUS, you need to enter them manually. See https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database for how this works in principle. - Mike
