Apache Guacamole LDAP/LDAPS Configuration
Вставка
- Опубліковано 30 вер 2024
- Learn how to setup LDAP/LDAPS for authentication Guacamole.
Link to guacamole extensions: guacamole.apac...
For questions and discussions about errors or if you need further assistance please join our discussion community at:
geek2gether.co...
Hi there, great video, I have a question please if you can help me:
The video is great and all, but I was searching for something else, something that is nowhere in the internet, since I am deploying this for production use for a client:
- The ldap works very good and everything, but what I want to do is I would like all the ldap users, by default, have access to all created connections?
- And I also would like to add connections not via the GUI, but with a configuration file. I have seen in the official guacamole documentation that you can do this with /etc/guacamole/user-mapping.xml. but I have guacamole deployed as a kubernetes podman pod, in which I have the neccessery containers, but the guacamole container does not have a user-mapping.xml anywhere in the system, and even when I try to map such a file from the host system, on startup the guacamole container will delete this file.
Do you have any suggenstions? Thank you in advance!!!
is it possible search the groups? I tried ldap-group-base-dn and ldap-group-search-filter: but it didn't work.
Yes It is possible. You can use ldap-member-attribute
Cannot configure two systems successfully in ldap-servers.xml. it seems that only the information in guacamole.properties is being read. Any help?
Open up a topic at hub.geek2gether.com and post your ldap-servers.yml and guacamole.properties config. Make sure you remove personal information. Once I see these files I can provide appropriate advice!
Thanks you so much!!! it's very good KB secession. Note: Please share command in comment's
I am not able to login using guacadmin credentials to login into guacamole as administrator! How to troubleshoot the problem ?
Did you setup ldap? You have to login as guacadmin and grant admin privileges to the ldap user
Can you please show us how to configure Graphical session recording
Here is a video: ua-cam.com/video/845HE5vOAXo/v-deo.html Please subscribe to the channel
Hi, I followed all the steps to make my Apache Guacamole server to be able to sync with AD on LDAPS, but no success. I did the last command you executed to import the ssl cert when using a non third party cert, but same thing. Here is the command in case I misspelled it: sudo openssl s_client -connect 192.168.x.x:636 -showcerts /dev/null | openssl x509 -ouform pem > ldaps.pem. I can see under the /etc/ssl/certs the new file ldaps.pem. I restarted guacd and tomcat9, but still cannot login with an AD user account. Any help!
Is it possible to remove authentication in guacamole
Yes you can do this with the noauth extension. Follow the guacamole doc to achieve this.
guacamole.apache.org/doc/0.8.3/gug/noauth.html#:~:text=If%20you%20would%20rather%20just,by%20an%20XML%20configuration%20file.
Hi I followed your video to install guacamole, but i don't understand how to say to guacamole where to read the certificate you extracted with openssl. Please, could you help me?
Thank you for watching.
Use the command: openssl s_client -connect 10.100.10.20:636 -showcerts /dev/null | openssl x509 -outform pem ldap.pem
replace the 10.100.10.20 with your domain controllers IP address. Also, ldap.pem is the certificate file name we want to save, you can change it to what you want.
For reference go to video from 12:50 where i explain on how to perform these tasks.
very informative video thanks for detailed guide i have it working in non ssl mode
Glad it helped
Getting strange issue where I just cannot get the LDAP to work. When reading through the logs it shows as binding with my CN:, but then it throws invalid credentials. Of course i have verified many times but the issue still occurs, any ideas?
Are you trying to use ldap/ldaps?
Normal LDAP@@geek2gether469
@@geek2gether469 Hi, Unfortunately with LDAP, and with LDAPS i have tried both
If your using ldaps the certificate has to be added to the Java trust store
How do you Configure WOL in Guac
Thanks for watching. I will make a video
when can I expect the video
I am still waiting on the video
@warneracademy9611 My apologies, i will get one published as soon as possible, once a machine with wol capability becomes available in my environment.
Is it necessary to create each LDAP user again? cant it take from the LDAP server when user logs in?.
Thank you for watching. To have SAML auto create users when they login add the parameter in the guacamole.properties file:
mysql-auto-create-accounts: true
That should auto create the Saml user in guacamole after they login