You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by melak <me...@checkpoint.com> on 2017/05/24 07:05:57 UTC

Disabling authentication with NoAuth extension

Hi All,

I deployed Gaucamole on a CentOS 7 VM.
I used this script:
https://sourceforge.net/projects/guacamoleinstallscript/files/CentOS/guacamole-install-script.sh/download
We use Guacamole to allow access via an internal web portal using RDP, to
VMs residing in the same ESX hosting the Guacamole.

We paste the VMs URL in our internal portal. When our users click the link,
they get guacamole login page.
We want to avoid that, and allow direct access to the VMs.
For that, we followed the instructions of disabling authentication:
https://guacamole.incubator.apache.org/doc/gug/noauth.html
But with no luck.
We still get the Guacamole login.

Details about what we did:
1. Create GUACAMOLE_HOME/extensions folder in this path:  
"etc/guacamole/GUACAMOLE_HOME/extensions"
     and copy guacamole-auth-noauth-0.9.12-incubating.jar within the
GUACAMOLE_HOME/extensions

2. Add new config file in that path:  ""etc/guacamole/noauth-config.xml"
File's content is exactly that:
<configs>
    <config name="Win7" protocol="rdp">
        
        
    </config> 
</configs> 

3. Edited guacome.prope. this is exactly how it looks like
 ===================================
 # Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port:     4822

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: ####
mysql-username: ####
mysql-password: ####
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0

# Auth provider class
auth-provider:
net.sourceforge.guacamole.net.auth.noauth.NoAuthenticationProvider

# NoAuth properties
noauth-config: /etc/guacamole/noauth-config.xml
===========================================
I am completely new to Linux and not very familiar with java. I'd appreciate
answers as detailed as possible



--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Disabling-authentication-with-NoAuth-extension-tp994.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.

Re: Disabling authentication with NoAuth extension

Posted by Nick Couchman <vn...@apache.org>.

On 2017-05-24 03:05 (-0400), melak <me...@checkpoint.com> wrote: 
> Hi All,
> 
> I deployed Gaucamole on a CentOS 7 VM.
> I used this script:
> https://sourceforge.net/projects/guacamoleinstallscript/files/CentOS/guacamole-install-script.sh/download
> We use Guacamole to allow access via an internal web portal using RDP, to
> VMs residing in the same ESX hosting the Guacamole.
> 
> We paste the VMs URL in our internal portal. When our users click the link,
> they get guacamole login page.
> We want to avoid that, and allow direct access to the VMs.
> For that, we followed the instructions of disabling authentication:
> https://guacamole.incubator.apache.org/doc/gug/noauth.html
> But with no luck.
> We still get the Guacamole login.
> 
> Details about what we did:
> 1. Create GUACAMOLE_HOME/extensions folder in this path:  
> "etc/guacamole/GUACAMOLE_HOME/extensions"
>      and copy guacamole-auth-noauth-0.9.12-incubating.jar within the
> GUACAMOLE_HOME/extensions
> 
> 2. Add new config file in that path:  ""etc/guacamole/noauth-config.xml"
> File's content is exactly that:
> <configs>
>     <config name="Win7" protocol="rdp">
>         
>         
>     </config> 
> </configs> 
> 
> 3. Edited guacome.prope. this is exactly how it looks like
>  ===================================
>  # Hostname and port of guacamole proxy
> guacd-hostname: localhost
> guacd-port:     4822
> 
> # MySQL properties
> mysql-hostname: localhost
> mysql-port: 3306
> mysql-database: ####
> mysql-username: ####
> mysql-password: ####
> mysql-default-max-connections-per-user: 0
> mysql-default-max-group-connections-per-user: 0
> 
> # Auth provider class
> auth-provider:
> net.sourceforge.guacamole.net.auth.noauth.NoAuthenticationProvider
> 
> # NoAuth properties
> noauth-config: /etc/guacamole/noauth-config.xml
> ===========================================
> I am completely new to Linux and not very familiar with java. I'd appreciate
> answers as detailed as possible
> 
> 

Melak,
A couple of things for you:
1)  Do you have the database module installed into the extensions folder?  You have the configuration lines for it in the guacamole.properties file, so I assume it is also present in the extensions folder?  This is probably why you're still getting the login page.  You could try changing the name of the NoAuth file so that it loads before the JDBC authentication file and that might resolve that issue (extensions load in alphabetical order).

2) But.....you really don't want to do that.  You definitely do not want to layer NoAuth with other authentication modules, and you probably don't really want to use NoAuth at all, for a variety of reasons.  The main reason is that it is no longer supported - it has been deprecated, documentation has been removed, and it probably won't be included in the source for much longer.  I've been in the same situation you are - internal portal, internal servers, and wanting the simplest thing for the users possible, and trying to use NoAuth.  I'd suggest using a combination of the JDBC module (for configuring connections) and the LDAP authentication module and configuring it for AD integration.  Assuming your Windows servers are also talking to AD, you can use the GUAC_USERNAME and GUAC_PASSWORD tokens to pass through username/password information to the connection, which should make the Guacamole -> RDP interface pretty seamless.

-Nick

> 
> --
> View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Disabling-authentication-with-NoAuth-extension-tp994.html
> Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
>