You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "David Young (Jira)" <ji...@apache.org> on 2020/01/26 19:31:00 UTC
[jira] [Updated] (GUACAMOLE-792) Radius Provider returns Group -
like LDAP Provider
[ https://issues.apache.org/jira/browse/GUACAMOLE-792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Young updated GUACAMOLE-792:
----------------------------------
Affects Version/s: 1.1.0
Description:
This Improvement would reduce admin for those of us who use Radius for authentication
against a Directory (in our case Microsoft Active Directory) with a database
provider that will be using Groups to mange connections, if Groups could be
used somehow.
One possibility...
Radius Servers could be configured to return a Group name that matches a
Group in the database, by using the RADIUS Vendor-Specific attribute, set to
the desired Group name for that Server authentication rule.
In this wishful scenario the Radius provider would treat the Group name in
the same way the LDAP provider now appears to be doing with the resolution
of issue 715.
Another possibility...
a property in guacamole.properties to tell guacamole that authentication by both the radius and ldap modules is required. This would ensure LDAP Group name retrieval after successful authentication by both the radius and ldap mdules.
(In our case, we need to use Radius instead of LDAP because of the
requirement to use MFA.)
[https://tools.ietf.org/html/rfc2865#page-47]
Implies addition of guacamole.properties entries for the vendor-id and type.
was:
This Improvement would reduce admin for those of us who use Radius for authentication
against a Directory (in our case Microsoft Active Directory) with a database
provider that will be using Groups to mange connections, if Groups could be
used somehow.
One possibility...
Radius Servers could be configured to return a Group name that matches a
Group in the database, by using the RADIUS Vendor-Specific attribute, set to
the desired Group name for that Server authentication rule.
In this wishful scenario the Radius provider would treat the Group name in
the same way the LDAP provider now appears to be doing with the resolution
of issue 715.
(In our case, we need to use Radius instead of LDAP because of the
requirement to use MFA.)
[https://tools.ietf.org/html/rfc2865#page-47]
Implies addition of guacamole.properties entries for the vendor-id and type.
> Radius Provider returns Group - like LDAP Provider
> --------------------------------------------------
>
> Key: GUACAMOLE-792
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-792
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-radius
> Affects Versions: 1.0.0, 1.1.0
> Reporter: David Young
> Priority: Minor
> Labels: features
>
> This Improvement would reduce admin for those of us who use Radius for authentication
> against a Directory (in our case Microsoft Active Directory) with a database
> provider that will be using Groups to mange connections, if Groups could be
> used somehow.
> One possibility...
> Radius Servers could be configured to return a Group name that matches a
> Group in the database, by using the RADIUS Vendor-Specific attribute, set to
> the desired Group name for that Server authentication rule.
> In this wishful scenario the Radius provider would treat the Group name in
> the same way the LDAP provider now appears to be doing with the resolution
> of issue 715.
> Another possibility...
> a property in guacamole.properties to tell guacamole that authentication by both the radius and ldap modules is required. This would ensure LDAP Group name retrieval after successful authentication by both the radius and ldap mdules.
> (In our case, we need to use Radius instead of LDAP because of the
> requirement to use MFA.)
> [https://tools.ietf.org/html/rfc2865#page-47]
> Implies addition of guacamole.properties entries for the vendor-id and type.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)