Dear Guacamole experts, As a result of COVID impact learnings, the central IT services department In our university wants to deploy Guacamole to extend our remote access capabilities. Plan is to position it in the DMZ as a facade to allow remote access to Windows or Linux based equipment controllers in the labs of the various faculties. Guacamole allows MFA with ADFS and can obscure the, often shared, local accounts on the lab equipment. We also have the ambition to delegate the administration of users and connections to faculty staff, as a “business self service” to minimize IT-overhead and request lead-time. In our proof-of-concept we have not yet been successful to get that configured, although the documentation seems to indicate that Guacamole supports RBAC. We would like to leverage the feature of automatic creation of a user record upon first successful ADFS login. We would like lab equipment owners to create their connection(group)s and lab secretaries to maintain user groups that are allowed to use these connections. Acting as “administrator” we have so far not been able to setup any user or user-group with the privileges to READ/UPDATE users or connections apart from the ones they had created themselves.
Before we start reverse engineering the table creation sql in an attempt to understand how the RBAC functionality works I reach out to you. Your advice is very welcome. Pointers to or contacts in other educational/research institutions that use Guacamole are welcomed as well. Thanks, Fonzie PS, we run latest stable Guacamole install with MySQL dB on Ubuntu 22.04 server hosted on VMware ESX cluster.
