You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Toby Horton <to...@blinkhealth.com> on 2022/07/18 21:42:36 UTC
Guacamole Feature Question
Hello,
Can Guacamole function as an RDP proxy of sorts, that allows multiple
Windows domain users to connect to Guacamole, using their individual
Windows domain accounts, but then Guacamole uses a single common Windows
domain account to complete the RDP session auth? Someone was telling me it
can do this, but I am not finding any mention of this functionality in docs.
We are trying to work around a really bad app design that requires a single
common account be logged on at all times, but we have a team of people who
need to manage the app. So, for security auditing, we are looking for an
intermediary system that could log connections by the connecting users but
still ultimately connect using this app specific account.
Thanks,
[image: Blink Health]
<https://www.blinkhealth.com/>[image: Facebook icon]
<https://www.facebook.com/BlinkHealth/> [image: LinkedIn icon]
<https://www.linkedin.com/company/blink-health/> [image: Twitter icon]
<https://twitter.com/blinkhealth> [image: Instagram icon]
<https://www.instagram.com/blinkhealth> [image: Youtube icon]
<https://www.youtube.com/c/blinkhealth>
*Toby Horton*
Sr. Systems Engineer
IT Engineering Team
971-363-7479 | blinkhealth.com
--
CONFIDENTIALITY NOTICE: This communication and all attachments may contain
confidential and/or privileged information for the sole use of the intended
above-referenced recipient(s). If you are not the intended recipient(s),
you are hereby notified that you have received this communication in error
and that any review, disclosure, dissemination, distribution or copying of
it or its contents is prohibited. If you have received this communication
in error, please notify the sender immediately by email or telephone and
destroy all copies of this communication and any attachments.
--
*"The most powerful force that could be potentially harnessed is dogged
incremental constant progress over a very long time frame."
<http://latticeworkinvesting.com/category/peter-kaufman/>*
Re: Guacamole Feature Question
Posted by David Haukeness <da...@hauken.us>.
Yes - logging into Guacamole, and logging into the target are separate.
This use case is often handy for embedded devices that only support a
single user (like low-end network switches and things of that nature).
You'd just set up user-auth to use LDAP/AD/Domain and configure the
static credentials of the target in the admin -> connections screen.
David
------ Original Message ------
From "Toby Horton" <to...@blinkhealth.com>
To user@guacamole.apache.org
Date 7/18/2022 3:42:36 PM
Subject Guacamole Feature Question
>Hello,
>
>
>
>Can Guacamole function as an RDP proxy of sorts, that allows multiple
>Windows domain users to connect to Guacamole, using their individual
>Windows domain accounts, but then Guacamole uses a single common
>Windows domain account to complete the RDP session auth? Someone was
>telling me it can do this, but I am not finding any mention of this
>functionality in docs.
>
>
>
>We are trying to work around a really bad app design that requires a
>single common account be logged on at all times, but we have a team of
>people who need to manage the app. So, for security auditing, we are
>looking for an intermediary system that could log connections by the
>connecting users but still ultimately connect using this app specific
>account.
>
>
>
>Thanks,
>
>
>
>Blink Health
>
><https://www.blinkhealth.com/>
>Facebook icon
><https://www.facebook.com/BlinkHealth/>
>LinkedIn icon
><https://www.linkedin.com/company/blink-health/>
>Twitter icon
><https://twitter.com/blinkhealth>
>Instagram icon
><https://www.instagram.com/blinkhealth>
>Youtube icon
><https://www.youtube.com/c/blinkhealth>
>
>Toby Horton
>Sr. Systems Engineer
>IT Engineering Team
>971-363-7479 | blinkhealth.com
>
>
>
>
>
CONFIDENTIALITY NOTICE: This communication and all attachments may
contain confidential and/or privileged information for the sole use of
the intended above-referenced recipient(s). If you are not the intended
recipient(s), you are hereby notified that you have received this
communication in error and that any review, disclosure, dissemination,
distribution or copying of it or its contents is prohibited. If you have
received this communication in error, please notify the sender
immediately by email or telephone and destroy all copies of this
communication and any attachments.
"The most powerful force that could be potentially harnessed is dogged
incremental constant progress over a very long time frame."
<http://latticeworkinvesting.com/category/peter-kaufman/>