Hello all, Hyper-V allows to assign VMConnectAccess to specific user/VM combinations and afai remember freerdp (unlike VMconnect which is also able to control a VM) is able to connect just with VMConnectAccess and not requiring Hyper-V-Administrators (or remote management) membership. Now I also tried the same with guacamole and it looks like the connecting user needs to be member of Hyper-V-Administrators. Can you please clarify why? Or am I mislead by some other configuration issue?
I also find it difficult to analyse connection issues. I have seen catlina.out, which shows something like 15:37:08.901 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "user" connected to connection "Eval". 15:37:09.012 [http-nio-8080-exec-5] INFO o.a.g.tunnel.TunnelRequestService - User "user" disconnected from connection "Eval". Duration: 111 milliseconds And syslog, which shows Feb 28 15:49:39 ubuntu guacd[1147]: Creating new client for protocol "rdp" Feb 28 15:49:39 ubuntu guacd[1147]: Connection ID is "$c3ac4a71-9e40-4c05-afb8-137a7cf01b3e" Feb 28 15:49:39 ubuntu guacd[2881]: Security mode: ANY Feb 28 15:49:39 ubuntu guacd[2881]: Resize method: none Feb 28 15:49:39 ubuntu guacd[2881]: User "@b8b0b1af-42fa-42e1-91ee-7480695392d6" joined connection "$c3ac4a71-9e40-4c05-afb8-137a7cf01b3e" (1 users now present) Feb 28 15:49:39 ubuntu guacd[2881]: Loading keymap "base" Feb 28 15:49:39 ubuntu guacd[2881]: Loading keymap "de-de-qwertz" Feb 28 15:49:39 ubuntu guacd[2881]: Failed to load guacdr plugin. Drive redirection and printing will not work. Sound MAY not work. Feb 28 15:49:39 ubuntu guacd[2881]: Failed to load guacsnd alongside guacdr plugin. Sound will not work. Drive redirection and printing MAY not work. Feb 28 15:49:39 ubuntu guacd[2881]: Error handling RDP file descriptors Feb 28 15:49:39 ubuntu guacd[2881]: User "@b8b0b1af-42fa-42e1-91ee-7480695392d6" disconnected (0 users remain) Feb 28 15:49:39 ubuntu guacd[2881]: Last user of connection "$c3ac4a71-9e40-4c05-afb8-137a7cf01b3e" disconnected Feb 28 15:49:39 ubuntu guacd[1147]: Connection "$c3ac4a71-9e40-4c05-afb8-137a7cf01b3e" removed. But it looks exactly the same whether the user is authorized or not. Thanks & Best Regards, Joachim Von: Mike Jumper [mailto:mike.jum...@guac-dev.org] Gesendet: Dienstag, 27. Februar 2018 08:04 An: user@guacamole.apache.org Betreff: Re: New user questions... On Mon, Feb 26, 2018 at 10:45 PM, Joachim Lindenberg <joac...@lindenberg.one <mailto:joac...@lindenberg.one> > wrote: ... * w.r.t. ldap & database – my installation is very small w.r.t. the number of users (2-3) and virtual systems (5-10). A database sounds overengineered to me especially considering operations (backup). Small or large, the database authentication backend is really the best way to go. It is the only authentication extension which implements both reading and writing, thus providing a web-based management interface for connections and users, and the only extension which implements full screen sharing, logging of connection access, etc. Generating user-mapping.xml on the Hyper-V host sounds like one approach I might try I strongly recommend against auto-generating XML as a means of throwing together integration quickly: http://guacamole.apache.org/faq/#integrate-auth (but I dislike the passwords in that and would prefer to get them from LDAP), or I am considering to plug in my own authentication – but that will take some programming time. Nevertheless, if you wish to tightly integrate Guacamole with your own authentication, this is exactly the way it should be done. Actually I think Guacamole could standardize a rest based client Guacamole's interface is already driven by a REST sevice. using basic authentication (forwarding the credentials received) Guacamole also already pulls credentials from HTTP basic auth if they are not otherwise provided. If you implement your own authentication extension, you can also explicitly do this, but the username/password from HTTP basic auth will be automatically pulled into the Credentials object already. - Mike
