No, Guacamole just goes through the user base dn using the ldap-user-search-filter so computer names or group names are not possible yet, except maybe if you change the search filter.
The reminds me of how I can filter what groups can log into Nextcloud by defining those variables in the LDAP query. For my use case, I tie my defined connections in Guacamole to SAMBA-AD groups to define access at scale.
Tested by updating exisiting 1.3 install and can confirm that both user1 & user1@domain.tdl work as described against SAMBA/AD.
EDIT/Update - Odd behavior but I thought Iād post it here. Initially to set up the guacamole LDAP I created a local user1 with group 1 in SAMBA-AD & Guacamole. I also created another user1 within Guacamole with a different password than SAMBA-AD that helped me verify the LDAP vs local login was actually working. After the update, I tested user1@domain.tdl and was able to login as expected. What I found odd is that Guacamole treated the SAMBA-AD logins of user1 & user1@domain.tdl as separate and different accounts with different permissions applied.
It would be nice to have a solution for this Mac issue but unfortunately I have no Mac to play around with. @Andy_Wismer wanted to do some testing (with Mac) too.
I guess we can push it live this week.
The bind entry in /etc/guacamole/guacamole.properties is generated the wrong way. It reads ldap-search-bind-dn: cn=CN=Administrator,OU=Users,OU=MyBusiness,DC=MYDOMAIN,DC=LOKAL,cn=Users,DC=myadmin,DC=LOKAL instead of CN=Administrator,OU=Users,OU=MyBusiness,DC=MYDOMAIN,DC=LOKAL
I see no users in Guacamole
I cannot login with AD users.
WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.42.52, 127.0.0.1] for user āxyā failed.
I removed and readded the domain membership and then it asked for a principal name as bindDN. I used administrator@myadmin.lokal and it seems to be correct also in Guacamole. However I still donāt see any users in guacamole (however in Cockpit of NS, I see users).
I did update from old 0.9 version. I did run the db upgrade scripts.
No VPN. Yes I tried all connection settings.
Very strange: I get a connection to the login screen but as soon I enter user/password it disconnects. A similar thing is when I provide the username/password in guacamole. It connects but when opening the start menu, it disconnects.
Mar 12 00:35:19 myneths guacd[12117]: Connection closed.
Mar 12 00:35:19 myneths guacd: guacd[12117]: ERROR:#011Connection closed.
Mar 12 00:35:19 myneths guacd: guacd[12117]: INFO:#011User ā@c3d367af-b946-459a-8b5a-4d5b5ecfe0efā disconnected (0 users remain)
Mar 12 00:35:19 myneths guacd: guacd[12117]: INFO:#011Last user of connection ā$8ad00a2c-4144-4742-b04d-a52183f68ef9ā disconnected
Mar 12 00:35:19 myneths guacd[12117]: User ā@c3d367af-b946-459a-8b5a-4d5b5ecfe0efā disconnected (0 users remain)
Mar 12 00:35:19 myneths guacd[12117]: Last user of connection ā$8ad00a2c-4144-4742-b04d-a52183f68ef9ā disconnected
Mar 12 00:35:19 myneths guacd: guacd[12117]: INFO:#011Internal RDP client disconnected
Mar 12 00:35:19 myneths guacd[12117]: Internal RDP client disconnected
Mar 12 00:35:19 myneths guacd[6107]: Connection ā$8ad00a2c-4144-4742-b04d-a52183f68ef9ā removed.
Mar 12 00:35:19 myneths guacd: guacd[6107]: INFO:#011Connection ā$8ad00a2c-4144-4742-b04d-a52183f68ef9ā removed.
Mar 12 00:35:19 myneths daemon.sh: 00:35:19.346 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User āguacadminā disconnected from connection ā3ā. Duration: 13646 millisecond
I have similar problems but with VNC on an updated machine. I have no solution so far, it works on a test VM with a fresh nethserver-guacamole install.
Iāll check on a Win 7 VM and reportā¦
EDIT:
Tested with Win 2019 Server as DC and Neth as domain member and guacamole login worked with port 389 and encryption ānoneā but for guacamole the users āNameā has to match, not the account / user logon name.
Usually the logon name has to match as it is in Neth. I tried with all attributes but no change. Need to test moreā¦
In the following example markus works but admin does not work (nethadmin would work in guacamole but not in neth).