You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Toby Horton <to...@blinkhealth.com> on 2022/07/18 21:42:36 UTC

Guacamole Feature Question

Hello,



Can Guacamole function as an RDP proxy of sorts, that allows multiple
Windows domain users to connect to Guacamole, using their individual
Windows domain accounts, but then Guacamole uses a single common Windows
domain account to complete the RDP session auth? Someone was telling me it
can do this, but I am not finding any mention of this functionality in docs.



We are trying to work around a really bad app design that requires a single
common account be logged on at all times, but we have a team of people who
need to manage the app. So, for security auditing, we are looking for an
intermediary system that could log connections by the connecting users but
still ultimately connect using this app specific account.



Thanks,



[image: Blink Health]
<https://www.blinkhealth.com/>[image: Facebook icon]
<https://www.facebook.com/BlinkHealth/> [image: LinkedIn icon]
<https://www.linkedin.com/company/blink-health/> [image: Twitter icon]
<https://twitter.com/blinkhealth> [image: Instagram icon]
<https://www.instagram.com/blinkhealth> [image: Youtube icon]
<https://www.youtube.com/c/blinkhealth>

*Toby Horton*
Sr. Systems Engineer
IT Engineering Team
971-363-7479 | blinkhealth.com

-- 
CONFIDENTIALITY NOTICE: This communication and all attachments may contain 
confidential and/or privileged information for the sole use of the intended 
above-referenced recipient(s). If you are not the intended recipient(s), 
you are hereby notified that you have received this communication in error 
and that any review, disclosure, dissemination, distribution or copying of 
it or its contents is prohibited. If you have received this communication 
in error, please notify the sender immediately by email or telephone and 
destroy all copies of this communication and any attachments.


-- 
*"The most powerful force that could be potentially harnessed is dogged 
incremental constant progress over a very long time frame." 
<http://latticeworkinvesting.com/category/peter-kaufman/>*   

Re: Guacamole Feature Question

Posted by David Haukeness <da...@hauken.us>.
Yes - logging into Guacamole, and logging into the target are separate.  
This use case is often handy for embedded devices that only support a 
single user (like low-end network switches and things of that nature).

You'd just set up user-auth to use LDAP/AD/Domain and configure the 
static credentials of the target in the admin -> connections screen.

David

------ Original Message ------
From "Toby Horton" <to...@blinkhealth.com>
To user@guacamole.apache.org
Date 7/18/2022 3:42:36 PM
Subject Guacamole Feature Question

>Hello,
>
>
>
>Can Guacamole function as an RDP proxy of sorts, that allows multiple 
>Windows domain users to connect to Guacamole, using their individual 
>Windows domain accounts, but then Guacamole uses a single common 
>Windows domain account to complete the RDP session auth? Someone was 
>telling me it can do this, but I am not finding any mention of this 
>functionality in docs.
>
>
>
>We are trying to work around a really bad app design that requires a 
>single common account be logged on at all times, but we have a team of 
>people who need to manage the app. So, for security auditing, we are 
>looking for an intermediary system that could log connections by the 
>connecting users but still ultimately connect using this app specific 
>account.
>
>
>
>Thanks,
>
>
>
>Blink Health
>
><https://www.blinkhealth.com/>
>Facebook icon
><https://www.facebook.com/BlinkHealth/>
>LinkedIn icon
><https://www.linkedin.com/company/blink-health/>
>Twitter icon
><https://twitter.com/blinkhealth>
>Instagram icon
><https://www.instagram.com/blinkhealth>
>Youtube icon
><https://www.youtube.com/c/blinkhealth>
>
>Toby Horton
>Sr. Systems Engineer
>IT Engineering Team
>971-363-7479 | blinkhealth.com
>
>
>
>
>

CONFIDENTIALITY NOTICE: This communication and all attachments may 
contain confidential and/or privileged information for the sole use of 
the intended above-referenced recipient(s). If you are not the intended 
recipient(s), you are hereby notified that you have received this 
communication in error and that any review, disclosure, dissemination, 
distribution or copying of it or its contents is prohibited. If you have 
received this communication in error, please notify the sender 
immediately by email or telephone and destroy all copies of this 
communication and any attachments.

"The most powerful force that could be potentially harnessed is dogged 
incremental constant progress over a very long time frame." 
<http://latticeworkinvesting.com/category/peter-kaufman/>