doc/0.9.7/gug/administration.html

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Administration</title><link rel="stylesheet" type="text/css" href="gug.css" /><meta name="generator" content="DocBook XSL-NS Stylesheets V1.78.1" /><link rel="home" href="index.html" title="Guacamole Manual" /><link rel="up" href="users-guide.html" title="Part I. User's Guide" /><link rel="prev" href="using-guacamole.html" title="Chapter 9. Using Guacamole" /><link rel="next" href="troubleshooting.html" title="Chapter 11. Troubleshooting" />
            <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no, target-densitydpi=device-dpi"/>
        </head><body>
            <!-- CONTENT -->

            <div id="page"><div id="content">
        <div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Administration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="using-guacamole.html">Prev</a> </td><th width="60%" align="center">Part I. User's Guide</th><td width="20%" align="right"> <a accesskey="n" href="troubleshooting.html">Next</a></td></tr></table><hr /></div><div xml:lang="en" class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a id="administration"></a>Chapter 10. Administration</h2></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="section"><a href="administration.html#session-management">Managing sessions</a></span></dt><dd><dl><dt><span class="section"><a href="administration.html#filtering-sessions">Filtering and sorting</a></span></dt></dl></dd><dt><span class="section"><a href="administration.html#user-management">User management</a></span></dt><dt><span class="section"><a href="administration.html#connection-management">Connections and groups</a></span></dt><dd><dl><dt><span class="section"><a href="administration.html#connection-group-management">Connection organization and balancing</a></span></dt></dl></dd></dl></div><a id="idm139865878334848" class="indexterm"></a><p>Users, connections, and active sessions can be administered from within the web interface
        if the underlying authentication module supports this. The only officially-supported
        authentication modules supporting this are the MySQL and PostgreSQL extensions, which are
        documented in <a class="xref" href="jdbc-auth.html" title="Chapter 6. Database authentication">Chapter 6, <em>Database authentication</em></a>.</p><p>If you are using the default authentication mechanism, or another authentication
        extension, this chapter probably does not apply to you, and the management options will not
        be visible in the Guacamole interface. If, on the other hand, you are using one of the
        database authentication providers, and you are logged in as a user with sufficient
        privileges, you will see management sections listed within the settings screen:</p><div class="informalfigure"><div class="mediaobject"><img src="images/guacamole-settings-sections.png" width="135" /><div class="caption"><p>Sections within the Guacamole settings screen.</p></div></div></div><p>Clicking any of these options will take you to a corresponding management section where
        you can perform administrative tasks.</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="session-management"></a>Managing sessions</h2></div></div></div><a id="idm139865878350512" class="indexterm"></a><p>Clicking "Active Sessions" navigates to the session management screen. The session
            management screen displays all active sessions and allows system administrators to kill
            them as needed.</p><p>When any user accesses a particular remote desktop connection, a unique session is
            created and will appear in the list of active sessions in the session management screen.
            Each active session is displayed in a sortable table, showing the corresponding user's
            username, how long the session has been active, the IP address of the machine from which
            the user is connecting, and the name of the connection being used.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/manage-sessions.png" width="450" /><div class="caption"><p>Session management interface</p></div></div></div></div><p>To kill one or more sessions, select the sessions by clicking their checkboxes. Once
            all desired sessions have been selected, clicking "Kill Sessions" will immediately
            disconnect those users from the associated connection.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="filtering-sessions"></a>Filtering and sorting</h3></div></div></div><p>The table can be resorted by clicking on the column headers. Clicking any column
                will resort the table by the values within that column, while clicking a column
                which is already sorted will toggle between ascending and descending order.</p><p>The content of the table can be limited through search terms specified in the
                "Filter" field. Entering search terms will limit the table to only sessions
                containing those terms. For example, to list only connections by the user
                "guacadmin" which have been active since March, 2015, you would enter: "guacadmin
                2015-03". Beware that if a search term needs to contain spaces, it must be enclosed
                in double quotes to avoid being interpreted as multiple terms.</p><div class="informalfigure"><div class="mediaobject"><img src="images/session-filter-example-1.png" width="450" /></div></div><p>If you wish to narrow the content of the table to only those connections which
                originate from a particular block of IP addresses, you can do this by specifying the
                block in standard CIDR notation, such "10.0.0.0/8" or "2001:db8:1234::/48". This
                will work with both IPv4 and IPv6 addresses.</p><div class="informalfigure"><div class="mediaobject"><img src="images/session-filter-example-2.png" width="450" /></div></div></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="user-management"></a>User management</h2></div></div></div><a id="idm139865878621456" class="indexterm"></a><p>Clicking "Users" within the list of settings sections will take you to the user
            management screen. Here you can add new users or edit the properties and privileges of
            existing users.</p><p>To add a new user, type the username of the new user within the text box inside the
            user management screen, and click the "New User" button. The new user will be added and
            made available. The new user will have no access to any existing connections, nor any
            administrative privileges, and you will need to manually set the user's password before
            they will be able to log in.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/manage-users.png" width="450" /><div class="caption"><p>User management interface</p></div></div></div></div><p>To edit a user, just click on the user you wish to edit. You will be taken to a screen
            which allows you to change the user's password, expire their password (such that it must
            be changed at next login), add or remove administrative permissions, and add or remove
            read access to specific connections or groups.</p><p>If you have delete permission on the user, you will also see a "Delete" button.
            Clicking this button will permanently delete the user. Alternatively, if you only wish
            to temporarily disable the account, checking "Login disabled" will achieve the same
            effect while not removing the user entirely. If they attempt to log in, the attempt will
            be rejected as if their account did not exist at all.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/edit-user.png" width="450" /><div class="caption"><p>Editing a user</p></div></div></div></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="connection-management"></a>Connections and groups</h2></div></div></div><a id="idm139865878345488" class="indexterm"></a><a id="idm139865878344592" class="indexterm"></a><a id="idm139865878343696" class="indexterm"></a><p>Clicking "Connections" within the list of settings sections will take you to the
            connection management screen. The connection management screen allows administrators to
            create and edit connections and connection groups.</p><p>To add a new connection or group, click the "New Connection" or "New Group" button.
            This will take you to a screen where you will be allowed to enter the details of the new
            object, such as its location, parameters, and name. This name should be descriptive, but
            must also be unique with respect to other connections or groups in the same
            location.</p><p>Once you click "Save", the new object will be added, but will initially only be usable
            by administrators and your current user. To grant another user access to the new
            connection or group, you must edit that user, checking the box corresponding to the
            connection or group you created.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/manage-connections.png" width="450" /><div class="caption"><p>Connection management interface</p></div></div></div></div><p>Editing connections and groups works identically to editing a user. Click on the
            object you wish to edit, and you will be taken to screen which allows you to edit it.
            The screen will display all properties of the object, including its usage history, if
            applicable.</p><p>If you have delete permission on the object, you will also see a "Delete" button.
            Clicking this button will permanently delete the object being edited.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/edit-connection.png" width="450" /><div class="caption"><p>Editing a connection</p></div></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="connection-group-management"></a>Connection organization and balancing</h3></div></div></div><p>Connection groups can be either "organizational" or "balancing". Each group can
                contain any number of other connections or groups, but the semantics of the group
                change depending on the type.</p><p>An organizational group behaves exactly as a folder or directory in a file system.
                It simply contains connections and other groups, but provides no other behavior.
                Clicking on an organizational group within a connection list will expand the group,
                revealing its contents.</p><p>A balancing group behaves as a connection. It dynamically balances load across the
                connections it contains, choosing the connection with the fewest number of active
                users. Unlike organizational groups, clicking on a balancing group causes a new
                connection to be opened. The actual underlying connection used depends on which
                connection has the least load at the time the group was clicked.</p><div class="informalfigure"><div class="screenshot"><div class="mediaobject"><img src="images/edit-group.png" width="450" /><div class="caption"><p>Editing a connection group</p></div></div></div></div></div></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="using-guacamole.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="users-guide.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="troubleshooting.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 9. Using Guacamole </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 11. Troubleshooting</td></tr></table></div>

            </div></div>

<!-- Google Analytics -->
<script type="text/javascript">
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-75289145-1', 'auto');
  ga('send', 'pageview');

</script>
<!-- End Google Analytics -->
        </body></html>