Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-792

Radius Provider returns Group - like LDAP Provider



    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.0.0, 1.1.0
    • Fix Version/s: None
    • Component/s: guacamole-auth-radius
    • Labels:


      This Improvement would reduce admin for those of us who use Radius for authentication 
      against a Directory (in our case Microsoft Active Directory) with a database 
      provider that will be using Groups to mange connections, if Groups could be 
      used somehow. 

      One possibility... 
      Radius Servers could be configured to return a Group name that matches a 
      Group in the database, by using the RADIUS Vendor-Specific attribute, set to 
      the desired Group name for that Server authentication rule. 
      In this wishful scenario the Radius provider would treat the Group name in 
      the same way the LDAP provider now appears to be doing with the resolution 
      of issue 715. 

      Another possibility...
      a property in guacamole.properties to tell guacamole that authentication by both the radius and ldap modules is required. This would ensure LDAP Group name retrieval after successful authentication by both the radius and ldap mdules.

      (In our case, we need to use Radius instead of LDAP because of the 
      requirement to use MFA.) 
      Implies addition of guacamole.properties entries for the vendor-id and type. 




            • Assignee:
              vnick Nick Couchman
              drhy David Young
            • Votes:
              4 Vote for this issue
              4 Start watching this issue


              • Created: