|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| − | {{Version|UCS=4.2}}
| |
| − | {{Cool Solutions Disclaimer|Repository=yes}}
| |
| | {{#seo: | | {{#seo: |
| | |title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|'|'}}|&|&}}|"|"}}|Cool Solution - |}} - {{SITENAME}} | | |title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|'|'}}|&|&}}|"|"}}|Cool Solution - |}} - {{SITENAME}} |
| | <!--|description=--> | | <!--|description=--> |
| | }} | | }} |
| − | Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC and RDP.
| |
| | | | |
| − | The version of Guacamole used in this article is Guacamole 0.9.13-incubating.
| + | Guacamole has been moved to the Univention App Center and can be reached under https://www.univention.com/products/univention-app-center/app-catalog/guacamole/. |
| − | | |
| − | == Installation ==
| |
| − | To successfully deploy and start Guacamole, two images are downloaded via Docker by a joinscript:
| |
| − | * guacd
| |
| − | * guacamole
| |
| − | | |
| − | In this article the following Guacamole docker containers are used:
| |
| − | * https://hub.docker.com/r/mjumper/guacd/
| |
| − | * https://hub.docker.com/r/mjumper/guacamole/
| |
| − | | |
| − | === Package "univention-guacamole-schema" ===
| |
| − | The package <code>univention-guacamole-schema</code> can only be installed on the following UCS server roles:
| |
| − | * UCS DC Master
| |
| − | * UCS DC Backup
| |
| − | | |
| − | Install the package with the following command:
| |
| − | <pre>
| |
| − | univention-install univention-guacamole-schema
| |
| − | </pre>
| |
| − | | |
| − | During the installation, the joinscript "99univention_register_guacamole_schema.inst" is called automatically and registers a new LDAP schema and adds two extended attributes to the UMC which extend the Groups module. After the joinscript is finished existing and new groups can be configured to provide a Guacamole configuration.
| |
| − | | |
| − | === Package "univention-guacamole-rollout" ===
| |
| − | This package <code>univention-guacamole-rollout</code> can be installed in all UCS server roles. The package provides two joinscripts: one which creates a search user for Guacamole, and one which deploys the two containers:
| |
| − | * guacd
| |
| − | * guacamole
| |
| − | | |
| − | Install the package with the following command:
| |
| − | <pre>
| |
| − | univention-install univention-guacamole-rollout
| |
| − | </pre>
| |
| − | | |
| − | ==== Creating the searchuser ====
| |
| − | The joinscript "98univention-guacamole-searchuser.inst" checks if the searchuser is already present in the LDAP. If not, the searchuser is created as a "Simple authentication account" user and the password is saved in the file <code>/etc/guacamole.secret</code>.
| |
| − | | |
| − | '''Attention''': If the package <code>univention-guacamole-rollout</code> is installed on a second server, the file <code>/etc/guacamole.secret</code> must be copied by hand, else the joinscript "99univention_install_guacamole.inst" will fail with an error message in the join.log file.
| |
| − | | |
| − | ==== Deploying Guacamole ====
| |
| − | The joinscript "99univention_install_guacamole-inst" must be executed either by running the joinscript via the UMC or on the shell via <code>univention-run-join-scripts</code>. The reaseon for this behaviour is that some Guacamole UCR variables should be checked first:
| |
| − | {|class="wikitable"
| |
| − | |-
| |
| − | ! UCR variable || Default value || Description
| |
| − | |-
| |
| − | | guacamole/user/dn || cn=users,dc=example,dc=com || Top-most DN to search for users
| |
| − | |-
| |
| − | | guacamole/config/base/dn || cn=groups,dc=example,dc=com || DN for configuration groups
| |
| − | |-
| |
| − | | guacamole/ldap/username/attribute || uid || Attribute to map usernames to
| |
| − | |-
| |
| − | | guacamole/external/port || 8080 || Port to which the Guacamole Tomcat should be mapped to
| |
| − | |-
| |
| − | | guacamole/ldap/user/searchfilter || (objectClass=*) || LDAP search filter to limit login to users matching the search filter
| |
| − | |}
| |
| − | | |
| − | After any of these variables is changed, '''<code>univention-guacamole-renew</code>''' must be run to recreate the Guacamole container. Additionally, when the UCR variable '''guacamole/external/port''' is changed, the Apache2 webserver must be reloaded:
| |
| − | <pre>
| |
| − | systemctl reload apache2.service
| |
| − | </pre>
| |
| − | | |
| − | Guacamole can be accessed from the Univention Portal.
| |
| − | | |
| − | == Configuration ==
| |
| − | Start by editing an existing group, or by creating a new group. On the tab '''Guacamole''' the protocol and parameter can be edited. Every user, that is a direct member of this group can access this configuration. Only one connection can be configured for a group.
| |
| − | | |
| − | === RDP ===
| |
| − | At least the following parameters must be provided for the connection to success:
| |
| − | * hostname
| |
| − | | |
| − | For a full list of parameters, please have a look at the [http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#rdp Guacamole manual].
| |
| − | | |
| − | === Telnet ===
| |
| − | At least the following parameters must be provided for the connection to success:
| |
| − | * hostname
| |
| − | * port
| |
| − | | |
| − | For a full list of parameters, please have a look at the [http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#telnet Guacamole manual].
| |
| − | | |
| − | === SSH ===
| |
| − | At least the following parameters must be provided for the connection to success:
| |
| − | * hostname
| |
| − | | |
| − | For a full list of parameters, please have a look at the [http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#ssh Guacamole manual].
| |
| − | | |
| − | === VNC ===
| |
| − | At least the following parameters must be provided for the connection to success:
| |
| − | * hostname
| |
| − | * port
| |
| − | | |
| − | For a full list of parameters, please have a look at the [http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#vnc Guacamole manual].
| |
| − | | |
| − | == Archive ==
| |
| − | There is a version of this article for [http://wiki.univention.de/index.php?title=Cool_Solution_-_Guacamole&oldid=11794 UCS 4.1].
| |
| − | | |
| − | [[Category: EN]]
| |
