On Thu, Mar 10, 2022 at 9:46 AM brian mullan <[email protected]> wrote:
> I'm trying to better understand Drive Redirection configuration. > > I have an Ubuntu Desktop server with XRDP installed and with a user > account for myself on it. > > On my local PC I install freerdp2-x11 and from a terminal I can execute: > > *$ xfreerdp /cert-ignore +gfx /rfx /rfx-mode:video /video /bpp:32 > /dynamic-resolution /home-drive +clipboard /sound:sys:pulse /v:192.168.X.X* > > The Desktop appears and everything works great. > > What I liked was that both Freerdp2 and XRDP support the "*/home-drive*" > option which per the Freerdp Manual on Device Redirection > <https://github.com/awakecoding/FreeRDP-Manuals/blob/master/User/FreeRDP-User-Manual.markdown#redirection> > : > >> *To redirect the user home directory as a drive,** use /home-drive:* >> >> xfreerdp /v:rdp.contoso.com /home-drive >> >> *This is convenient if the user "JohnDoe" wants to redirect only >> "/home/JohnDoe" instead of the root directory ("/").* >> > > I believe I remember that Guacamole uses Freerdp for RDP connectivity. > > *So is there a way within Guacamole's "connection" config to redirect the > User's local PC /home/user_name* > *directory to be the User's Guacamole "Redirected Drive" ?* > > > *In essence... use the FreeRDP "/home-drive" capability.* > > If so... how is that configured? > > Guacamole doesn't have that option, but I don't think it'll actually work. I suspect the xfreerdp /home-drive option just takes the $HOME variable of the user running xfreerdp and passes that through. Since all users who connect to Guacamole will go through guacd, the $HOME directory will always be the home directory of the LInux user running guacd, not the user who is logging in over Guacamole. Guacamole does, however, support setting the directory that is passed through in the connection properties, and you can use parameter tokens to make this field "dynamic" - so, something like /home/${GUAC_USERNAME} would essentially do the same thing - assuming your Guacamole username matches up to the Linux username. The only catch to this is that, again, the access to that folder will be done as the user running guacd, so that user has to have access to the folders. The other alternative is to use SFTP support and point it at a server that uses the same authentication as Guacamole, which would result in the SFTP access to the user's home folder as the user who is logging in via Guacamole instead of guacd. This has its downsides, as well, but overcomes the limitation of guacd running as a specific user. -Nick >
