Gucamole-trigger is a plugin for guacamole that makes it possible to start and stop you remote desktop on demand. You can wright you own scripts that fits your environment.
License: Apache License 2.0
We have users being externally authenticated via LDAP, and the LDAP response returns a group name to guacamole, which in turn is associated with a connection group of type 'balancing'. The idea is that we have a pool of machines available, and guacamole will assign an available one to the incoming user. We'd like to use guacamole-trigger (using 1.4.0) to do some setting up on the machine that's been assigned.
The connection group is set so the maximum number of connections is equal to the number of available machines, and maximum connections per user is 1.
A basic test with a START_COMMAND defined in our docker config of "ls -al", just to prove the setup is working, results in users being unable to log in. They are successfully authenticated and are then immediately greeted with this:
I can see in the admin pages that Guac believes there is an active connection from that user to a target machine, but for some reason it looks like a second connection is attempted from the user side. This doesn't happen with the trigger extension disabled.
In the docker logs, I see this for a successful login with the extension disabled:
guacd_compose | guacd[1]: INFO: Creating new client for protocol "rdp"
guacd_compose | guacd[1]: INFO: Connection ID is "$4967804c-837e-45be-887f-9928618e3282"
guacd_compose | guacd[8]: INFO: Security mode: NLA
guacd_compose | guacd[8]: INFO: Resize method: none
guacd_compose | guacd[8]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
guacd_compose | guacd[8]: INFO: User "@2a679446-bbbf-4c44-ad1a-620492fe0634" joined connection "$4967804c-837e-45be-887f-9928618e3282" (1 users now present)
guacd_compose | guacd[8]: INFO: Loading keymap "base"
guacd_compose | guacd[8]: INFO: Loading keymap "en-gb-qwerty"
guacd_compose | guacd[8]: INFO: Connected to RDPDR 1.13 as client 0x0003
guacamole_compose | 08:28:06.550 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "test1" connected to connection group "1".
guacd_compose | guacd[8]: INFO: Connected to RDPDR 1.13 as client 0x0002
guacd_compose | guacd[8]: INFO: RDPDR user logged on
and with the extension active:
guacd_compose | guacd[1]: INFO: Creating new client for protocol "rdp"
guacd_compose | guacd[1]: INFO: Connection ID is "$05e63756-9aa7-49b4-a604-e8512fc7f1f4"
guacd_compose | guacd[8]: INFO: Security mode: NLA
guacd_compose | guacd[8]: INFO: Resize method: none
guacd_compose | guacd[8]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
guacd_compose | guacd[8]: INFO: User "@720f0588-19c3-4908-830f-233e5a449c15" joined connection "$05e63756-9aa7-49b4-a604-e8512fc7f1f4" (1 users now present)
guacd_compose | guacd[8]: INFO: Loading keymap "base"
guacd_compose | guacd[8]: INFO: Loading keymap "en-gb-qwerty"
guacd_compose | guacd[8]: INFO: Connected to RDPDR 1.13 as client 0x0003
guacamole_compose | 08:29:26.932 [http-nio-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService - User "test1" connected to connection group "1".
guacamole_compose | 08:29:26.941 [NioProcessor-2] WARN o.a.d.a.l.c.a.l.StoreMatchedDN - MSG_05107_NO_SUCH_OBJECT_MATCHED_DN_NOT_SET ()
guacamole_compose | 08:29:26.944 [NioProcessor-2] WARN o.a.d.a.l.c.a.l.StoreMatchedDN - MSG_05107_NO_SUCH_OBJECT_MATCHED_DN_NOT_SET ()
guacamole_compose | 08:29:26.948 [NioProcessor-2] WARN o.a.d.a.l.c.a.l.StoreMatchedDN - MSG_05107_NO_SUCH_OBJECT_MATCHED_DN_NOT_SET ()
guacamole_compose | 08:29:26.950 [NioProcessor-2] WARN o.a.d.a.l.c.a.l.StoreMatchedDN - MSG_05107_NO_SUCH_OBJECT_MATCHED_DN_NOT_SET ()
guacamole_compose | 08:29:26.953 [http-nio-8080-exec-4] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: can't handle unconfigerd sockets
guacamole_compose | 08:29:27.045 [http-nio-8080-exec-3] WARN o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: Cannot connect. Connection group already in use by this user.
guacd_compose | guacd[8]: INFO: Connected to RDPDR 1.13 as client 0x0002
guacd_compose | guacd[8]: INFO: RDPDR user logged on
guacd_compose | guacd[8]: ERROR: User is not responding.
guacd_compose | guacd[8]: INFO: User "@720f0588-19c3-4908-830f-233e5a449c15" disconnected (0 users remain)
guacd_compose | guacd[8]: INFO: Last user of connection "$05e63756-9aa7-49b4-a604-e8512fc7f1f4" disconnected
guacd_compose | guacd[8]: INFO: Internal RDP client disconnected
guacd_compose | guacd[1]: INFO: Connection "$05e63756-9aa7-49b4-a604-e8512fc7f1f4" removed.
Is there anything about our setup which might cause this? Does the extension rely on users being defined within Guac itself, as opposed to authenticated externally?
Now gucamole-trigger settings apply to all connections.
But you might want only use this plugin on some connections.
Or have different command for different connections.
This is easy to do for default authentication via user-mappings.xml.
But have to find out you can make it so you can also set it via mysql/posgress etc authentication
Gucamole plugin will kill start/stop command when they take longer then command-timeout
But this wont kill children of this process, end if child proces exists when its parent is killed.
Java wont reap it so it can becomes a zombie proces.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.