While I am working through the MYSQL issues I am using quick connect extension. Accounts setup with 2fa using PAM are having issues with xrdp login. Accounts without the PAM 2fa are not. Anyway to pass the cred from the webconsole auth that anyone knows of?
On Tue, Dec 5, 2023 at 10:58 AM Nick Couchman <vn...@apache.org> wrote: > On Tue, Dec 5, 2023 at 10:45 AM Aero Tech <aerotech1...@gmail.com> wrote: > >> Adding the LDAPS user to user xml works for getting connections for the >> LDAPS user but I have to have the LDAPS user password. Is there some way to >> specify user mapping to accept the account LDAPS password? >> > > The user-mapping.xml authentication mechanism does not "stack" with the > other authentication mechanisms that way, so, no, there is no way to do > that. > > If you want to use Guacamole with LDAP, and want connections to be stored > somewhere outside of LDAP, the easiest way is to use the database module to > store connections and then user LDAP users and groups. You mentioned this > in your original e-mail, that you were using MySQL, and this should work > fine. There are a few things to keep in mind: > * If you want to map LDAP users and/or groups to the database module, the > user and group names have to match *exactly* - including case-sensitivity. > * In order to get LDAP groups pulled in, you'll need to make sure you're > specifying the group base/search OU in the guacamole.properties file, > otherwise groups will not be queried. > * You can have users auto-created in the JDBC module (MySQL) upon > successful login - there's an option for it in the guacamole.properties > file. > > Overall, make sure you read the following manual pages thoroughly: > https://guacamole.apache.org/doc/gug/jdbc-auth.html > https://guacamole.apache.org/doc/gug/ldap-auth.html > > Feel free to post back with any specific questions or issues. > > -Nick > >>
