| <?xml version="1.0" encoding="UTF-8" standalone="no"?> |
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Administration</title><link rel="stylesheet" type="text/css" href="gug.css" /><meta name="generator" content="DocBook XSL-NS Stylesheets V1.78.1" /><link rel="home" href="index.html" title="Guacamole Manual" /><link rel="up" href="users-guide.html" title="Part I. User's Guide" /><link rel="prev" href="using-guacamole.html" title="Chapter 9. Using Guacamole" /><link rel="next" href="troubleshooting.html" title="Chapter 11. Troubleshooting" /> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no, target-densitydpi=device-dpi"/> |
| </head><body> |
| <!-- CONTENT --> |
| |
| <div id="page"><div id="content"> |
| <div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Administration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="using-guacamole.html">Prev</a> </td><th width="60%" align="center">Part I. User's Guide</th><td width="20%" align="right"> <a accesskey="n" href="troubleshooting.html">Next</a></td></tr></table><hr /></div><div xml:lang="en" class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a id="administration"></a>Chapter 10. Administration</h2></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="section"><a href="administration.html#session-management">Managing sessions</a></span></dt><dd><dl><dt><span class="section"><a href="administration.html#filtering-sessions">Filtering and sorting</a></span></dt></dl></dd><dt><span class="section"><a href="administration.html#user-management">User management</a></span></dt><dt><span class="section"><a href="administration.html#connection-management">Connections and groups</a></span></dt><dd><dl><dt><span class="section"><a href="administration.html#connection-group-management">Connection organization and balancing</a></span></dt></dl></dd></dl></div><a id="idm139865878334848" class="indexterm"></a><p>Users, connections, and active sessions can be administered from within the web interface |
| if the underlying authentication module supports this. The only officially-supported |
| authentication modules supporting this are the MySQL and PostgreSQL extensions, which are |
| documented in <a class="xref" href="jdbc-auth.html" title="Chapter 6. Database authentication">Chapter 6, <em>Database authentication</em></a>.</p><p>If you are using the default authentication mechanism, or another authentication |
| extension, this chapter probably does not apply to you, and the management options will not |
| be visible in the Guacamole interface. If, on the other hand, you are using one of the |
| database authentication providers, and you are logged in as a user with sufficient |
| privileges, you will see management sections listed within the settings screen:</p><div class="informalfigure"><div class="mediaobject"><img src="images/guacamole-settings-sections.png" width="135" /><div class="caption"><p>Sections within the Guacamole settings screen.</p></div></div></div><p>Clicking any of these options will take you to a corresponding management section where |
| you can perform administrative tasks.</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="session-management"></a>Managing sessions</h2></div></div></div><a id="idm139865878350512" class="indexterm"></a><p>Clicking "Active Sessions" navigates to the session management screen. The session |
| management screen displays all active sessions and allows system administrators to kill |
| them as needed.</p><p>When any user accesses a particular remote desktop connection, a unique session is |
| created and will appear in the list of active sessions in the session management screen. |
| Each active session is displayed in a sortable table, showing the corresponding user's |
| username, how long the session has been active, the IP address of the machine from which |
| the user is connecting, and the name of the connection being used.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/manage-sessions.png" width="450" /><div class="caption"><p>Session management interface</p></div></div></div></div><p>To kill one or more sessions, select the sessions by clicking their checkboxes. Once |
| all desired sessions have been selected, clicking "Kill Sessions" will immediately |
| disconnect those users from the associated connection.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="filtering-sessions"></a>Filtering and sorting</h3></div></div></div><p>The table can be resorted by clicking on the column headers. Clicking any column |
| will resort the table by the values within that column, while clicking a column |
| which is already sorted will toggle between ascending and descending order.</p><p>The content of the table can be limited through search terms specified in the |
| "Filter" field. Entering search terms will limit the table to only sessions |
| containing those terms. For example, to list only connections by the user |
| "guacadmin" which have been active since March, 2015, you would enter: "guacadmin |
| 2015-03". Beware that if a search term needs to contain spaces, it must be enclosed |
| in double quotes to avoid being interpreted as multiple terms.</p><div class="informalfigure"><div class="mediaobject"><img src="images/session-filter-example-1.png" width="450" /></div></div><p>If you wish to narrow the content of the table to only those connections which |
| originate from a particular block of IP addresses, you can do this by specifying the |
| block in standard CIDR notation, such "10.0.0.0/8" or "2001:db8:1234::/48". This |
| will work with both IPv4 and IPv6 addresses.</p><div class="informalfigure"><div class="mediaobject"><img src="images/session-filter-example-2.png" width="450" /></div></div></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="user-management"></a>User management</h2></div></div></div><a id="idm139865878621456" class="indexterm"></a><p>Clicking "Users" within the list of settings sections will take you to the user |
| management screen. Here you can add new users or edit the properties and privileges of |
| existing users.</p><p>To add a new user, type the username of the new user within the text box inside the |
| user management screen, and click the "New User" button. The new user will be added and |
| made available. The new user will have no access to any existing connections, nor any |
| administrative privileges, and you will need to manually set the user's password before |
| they will be able to log in.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/manage-users.png" width="450" /><div class="caption"><p>User management interface</p></div></div></div></div><p>To edit a user, just click on the user you wish to edit. You will be taken to a screen |
| which allows you to change the user's password, expire their password (such that it must |
| be changed at next login), add or remove administrative permissions, and add or remove |
| read access to specific connections or groups.</p><p>If you have delete permission on the user, you will also see a "Delete" button. |
| Clicking this button will permanently delete the user. Alternatively, if you only wish |
| to temporarily disable the account, checking "Login disabled" will achieve the same |
| effect while not removing the user entirely. If they attempt to log in, the attempt will |
| be rejected as if their account did not exist at all.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/edit-user.png" width="450" /><div class="caption"><p>Editing a user</p></div></div></div></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="connection-management"></a>Connections and groups</h2></div></div></div><a id="idm139865878345488" class="indexterm"></a><a id="idm139865878344592" class="indexterm"></a><a id="idm139865878343696" class="indexterm"></a><p>Clicking "Connections" within the list of settings sections will take you to the |
| connection management screen. The connection management screen allows administrators to |
| create and edit connections and connection groups.</p><p>To add a new connection or group, click the "New Connection" or "New Group" button. |
| This will take you to a screen where you will be allowed to enter the details of the new |
| object, such as its location, parameters, and name. This name should be descriptive, but |
| must also be unique with respect to other connections or groups in the same |
| location.</p><p>Once you click "Save", the new object will be added, but will initially only be usable |
| by administrators and your current user. To grant another user access to the new |
| connection or group, you must edit that user, checking the box corresponding to the |
| connection or group you created.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/manage-connections.png" width="450" /><div class="caption"><p>Connection management interface</p></div></div></div></div><p>Editing connections and groups works identically to editing a user. Click on the |
| object you wish to edit, and you will be taken to screen which allows you to edit it. |
| The screen will display all properties of the object, including its usage history, if |
| applicable.</p><p>If you have delete permission on the object, you will also see a "Delete" button. |
| Clicking this button will permanently delete the object being edited.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/edit-connection.png" width="450" /><div class="caption"><p>Editing a connection</p></div></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="connection-group-management"></a>Connection organization and balancing</h3></div></div></div><p>Connection groups can be either "organizational" or "balancing". Each group can |
| contain any number of other connections or groups, but the semantics of the group |
| change depending on the type.</p><p>An organizational group behaves exactly as a folder or directory in a file system. |
| It simply contains connections and other groups, but provides no other behavior. |
| Clicking on an organizational group within a connection list will expand the group, |
| revealing its contents.</p><p>A balancing group behaves as a connection. It dynamically balances load across the |
| connections it contains, choosing the connection with the fewest number of active |
| users. Unlike organizational groups, clicking on a balancing group causes a new |
| connection to be opened. The actual underlying connection used depends on which |
| connection has the least load at the time the group was clicked.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/edit-group.png" width="450" /><div class="caption"><p>Editing a connection group</p></div></div></div></div></div></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="using-guacamole.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="users-guide.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="troubleshooting.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 9. Using Guacamole </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 11. Troubleshooting</td></tr></table></div> |
| |
| </div></div> |
| |
| <!-- Google Analytics --> |
| <script type="text/javascript"> |
| (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ |
| (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), |
| m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) |
| })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); |
| |
| ga('create', 'UA-75289145-1', 'auto'); |
| ga('send', 'pageview'); |
| |
| </script> |
| <!-- End Google Analytics --> |
| </body></html> |