PGina <-> Guacamole

Question

PGina <-> Guacamole

alitimer opened this issue 5 years ago · comments

Hi. Is there any way to integrate PGina talking to Apache Guacamole in web-based remote desktop connections?
https://guacamole.apache.org/
https://github.com/apache/guacamole-server

wyatt-made · Answer 1 · Tue Feb 09 2021 00:13:01 GMT+0800 (China Standard Time)

Were you ever able to get this to work? I have ~300 computers on Guac right now and would love to be able to pass user credentials into pgina from guac.

Ali Zamani · Answer 2 · Tue Feb 09 2021 09:36:01 GMT+0800 (China Standard Time)

Nope - Guaca can directly talk to Active Directory and no issue if you manage your nodes in Microsoft only environment. My setup is in mixed Unix-Windows environment and pGina is the middle man talking between LDAP and Active Directory (https://www.informit.com/articles/article.aspx?p=330803&seqNum=2). Therefore, Guaca can't communicate with pGina as Windows GINA plugin. So what happens now, user will again enter credential at Windows login page to re-authenticate after logging into Guacamole. Same LDAP database is used here for both pGina and Guacamole authentication.
Please share if you could find any plugin/solution for this.

Zosoworld · Answer 3 · Sat Mar 27 2021 04:43:45 GMT+0800 (China Standard Time)

I would also be very interested in a solution like this. Having the users log in twice is annoying.

Ali Zamani · Answer 4 · Thu Sep 09 2021 10:49:46 GMT+0800 (China Standard Time)

solution: pass credential as parameter token in connection setting. So, same credential used for logging into guaca will be passed into pGina.
https://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens

wyatt-made · Answer 5 · Thu Sep 09 2021 12:05:30 GMT+0800 (China Standard Time)

Did this work for you? I've tried this and it didn't work for me. What version of pGina are you running? I'm on pgina v3.1.8.0 and Guac v1.3.0

Ali Zamani · Answer 6 · Thu Sep 09 2021 19:12:44 GMT+0800 (China Standard Time)

It works but randomly sending guaca credentials to "other user" mode in pgina. Trying to find a way to solve this. Same version: guaca 1.3.0 and pgina 3.1.8.0 stable.
Just put username: ${GUAC_USERNAME} and password: ${GUAC_PASSWORD} in guaca connection setting and it will pass same login credential to pgina to login. ATM, looking for the setting to make LDAP login in pgina default, so it directly logs into windows without further manual authentication.

wyatt-made · Answer 7 · Thu Sep 09 2021 21:21:58 GMT+0800 (China Standard Time)

That's what I've been trying ($GUAC_Credentials) and it won't pass through to pGina. Would you mind sharing your guac connection settings?

…

On Thu, Sep 9, 2021 at 7:12 AM Ali Zamani ***@***.***> wrote: It works but randomly sending guaca credentials to "other user" mode in pgina. Trying to find a way to solve this. Same version: guaca 1.3.0 and pgina 3.1.8.0 stable. Just put username: ${GUAC_USERNAME} and password: ${GUAC_PASSWORD} in guaca connection setting and it will pass same login credential to pgina to login. ATM, looking for the setting to make LDAP login in pgina default, so it directly logs into windows without further manual authentication. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#365 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ARPGZ3KW7RLUNLQWHW6ASHDUBCJDRANCNFSM4IT5ITXA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

-- *Wyatt Madej* *Desktop Operations System Administrator* Riverdale, NY 10471 ***@***.*** ***@***.***>

Ali Zamani · Answer 8 · Fri Sep 10 2021 09:51:56 GMT+0800 (China Standard Time)

EDIT CONNECTION
Protocol: RDP

PARAMETERS
Network
Hostname: IP/Domain
Port: 3389
Authentication
Username: ${GUAC_USERNAME}
Password: ${GUAC_PASSWORD}

Ali Zamani · Answer 9 · Fri Sep 10 2021 10:09:31 GMT+0800 (China Standard Time)

If it takes you to pGina "other user" mode saying your credential's incorrect, try to login to Windows with ldap credential and disconnect session, then re-try to login by refreshing the page or establishing the connection in guaca home (dashboard) and you'll get through directly with no further manual authentication. Trying to make ldap authentication in pgina default, still no success. Have made pgina default authentication tool as well but no change: https://www.thewindowsclub.com/assign-default-credential-provider-windows-10

wyatt-made · Answer 10 · Tue Sep 14 2021 23:18:30 GMT+0800 (China Standard Time)

I figured out why it's giving me issues. It's not a Guac issue, but rather how we have our SSO/login configured. In our case, guac never sees the users actual password, so using the respective parameter token just inputs a random string into the password entry. That being said, I'm using Guac in an educational computer lab environment, with a variety of different users logging in, and the "Other User" has never been an issue for us since we have pgina set to delete the user and profile once they logout.

…

On Thu, Sep 9, 2021 at 10:09 PM Ali Zamani ***@***.***> wrote: if it takes you to pGina "other user" mode saying your credential's incorrect, try to login with ldap credential and disconnect session, then re-try by refreshing the page to establishing the connection in guaca home/dashboard and you'll get through directly with no further manual authentication. Trying to male ldap authentication in pgina default still no success. Have made pgina default authentication tool as well but no change: https://www.thewindowsclub.com/assign-default-credential-provider-windows-10 — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#365 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ARPGZ3PPLXROQLCFHG5MG3TUBFSGPANCNFSM4IT5ITXA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

-- *Wyatt Madej* *Desktop Operations System Administrator* Riverdale, NY 10471 ***@***.*** ***@***.***>

PGina <-> Guacamole

EDIT CONNECTION Protocol: RDP

EDIT CONNECTION
Protocol: RDP