On Tue, Apr 17, 2018 at 12:15 AM, Mike Jumper <[email protected]> wrote:
> On Mon, Apr 16, 2018 at 7:27 PM, Fertig, Brian <[email protected]> > wrote: > >> Mike, >> >> >> >> Once again you and your team are awesome! >> > > Thanks, but to be clear: Apache Guacamole is developed by a community, not > by any individual's team. > > So I have mysql then failover to radius setup for authentication. By >> leaving mysql 1st and the user trying to authenticate its not going to >> cause conflicts is it? >> > > No, this shouldn't conflict. All extensions will be polled during the > authentication process. If any authentication attempt succeeds, that > successful attempt is used to identify the user to all other installed > extensions. If all attempts fail, then the first failed attempt determines > the nature of the login screen presented to the user. > I did see an issue, at one point, where the RADIUS module needed to be loaded before other modules in order to work. I don't remember the specific circumstances, but it seems like if authentication failed for a user in one of the previous modules the RADIUS module would not even been evaluated. I don't know if this is a bug that should be addressed or just an artifact of how the module stacking works with RADIUS, but, if you run into issues with this, you might try renaming the RADIUS authentication module and reloading Guacamole Client (Tomcat) so that it loads the RADIUS module, first. In my case, I just put a 0 in front of radius - guacamole-auth-0-radius.jar - to force it to authenticate with that extension before the others. -Nick
