Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Veyon Community Forum

  1. Home
  2. Help & Troubleshooting
  3. LDAP auth issue with veyon 4.1.4.0-win64

LDAP auth issue with veyon 4.1.4.0-win64

Scheduled Pinned Locked Moved Help & Troubleshooting
3 Posts 1 Posters 821 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z Offline
    Z Offline
    zeltron80
    wrote on last edited by
    #1

    Hi,

    I'm now trying to get veyon working for windows10 classrooms.
    Trying to limit access to veyon master to ldap group members.
    I configured everything. In configurator : ldap server connexion test OK, Base DN test OK, I can see the users group list in access control.
    BUT :
    If I don't pick any group in authorized users group field, nobody's authorized (just as we hope). The issue is when I pick a group (which ever group I choose), all users are authorized (with the test button, even a blank login is OK).
    I tried a lot of possibilities found in configurator (activate domain groups or not, use different filters for groups or users in advanced parameters for LDAP, ... and I always had the same behaviour : select a group means give access to everyone (even people not in this group), select none gives acces to nobody

    I already used ldap access control for linux rooms, it works fine, but for windows, no way.

    If you could give me a hint, I'd be pleased

    Z 1 Reply Last reply
    0
    • Z zeltron80

      Hi,

      I'm now trying to get veyon working for windows10 classrooms.
      Trying to limit access to veyon master to ldap group members.
      I configured everything. In configurator : ldap server connexion test OK, Base DN test OK, I can see the users group list in access control.
      BUT :
      If I don't pick any group in authorized users group field, nobody's authorized (just as we hope). The issue is when I pick a group (which ever group I choose), all users are authorized (with the test button, even a blank login is OK).
      I tried a lot of possibilities found in configurator (activate domain groups or not, use different filters for groups or users in advanced parameters for LDAP, ... and I always had the same behaviour : select a group means give access to everyone (even people not in this group), select none gives acces to nobody

      I already used ldap access control for linux rooms, it works fine, but for windows, no way.

      If you could give me a hint, I'd be pleased

      Z Offline
      Z Offline
      zeltron80
      wrote on last edited by
      #2

      Re,

      Below, you'll find the .json file exported from configurator. Maybe it could help to find where I'm missing something.
      (Of course, I don't use "mydomain" in real conf, this is the only thing I changed in json file) :
      This is basic conf, just to make master's auth working (rooms and everything will takeplace later, when auth will be OK).
      <code>
      {
      "AccessControl": {
      "AccessRestrictedToUserGroups": "true",
      "AuthorizedUserGroups": [
      "cn=fst-veyon-master"
      ],
      "UserGroupsBackend": "{6f0a491e-c1c6-4338-8244-f823b0bf8670}"
      },
      "Authentication": {
      "Method": 0,
      "PrivateKeyBaseDir": "%GLOBALAPPDATA%\keys\private",
      "PublicKeyBaseDir": "%GLOBALAPPDATA%\keys\public"
      },
      "Core": {
      "InstallationID": "e6caf172-e8fb-4e76-ad6b-c12578b2ff06",
      "PluginVersions": {
      "JsonStoreObject": {
      "{14bacaaa-ebe5-449c-b881-5b382f952571}": "1.1",
      "{1b08265b-348f-4978-acaa-45d4f6b90bd9}": "1.1",
      "{1baa01e0-02d6-4494-a766-788f5b225991}": "1.1",
      "{1bdb0d1c-f8eb-4d21-a093-d555a10f3975}": "1.1",
      "{2917cdeb-ac13-4099-8715-20368254a367}": "1.1",
      "{2ad98ccb-e9a5-43ef-8c4c-876ac5efbcb1}": "1.1",
      "{387a0c43-1355-4ff6-9e1f-d098e9ce5127}": "1.1",
      "{39d7a07f-94db-4912-aa1a-c4df8aee3879}": "1.1",
      "{4122e8ca-b617-4e36-b851-8e050ed2d82e}": "1.1",
      "{4790bad8-4c56-40d5-8361-099a68f0c24b}": "1.1",
      "{67dfc1c1-8f37-4539-a298-16e74e34fd8b}": "1.1",
      "{6f0a491e-c1c6-4338-8244-f823b0bf8670}": "1.1",
      "{85f6c631-e75a-4c78-8cb2-a7f3f502015a}": "1.1",
      "{8ae6668b-9c12-4b29-9bfc-ff89f6604164}": "1.1",
      "{a54ee018-42bf-4569-90c7-0d8470125ccf}": "1.1",
      "{b47bcae0-24ff-4bf5-869c-484d64af5c4c}": "1.1",
      "{ee322521-f4fb-482d-b082-82a79003afa7}": "1.1"
      }
      }
      },
      "Demo": {
      "FramebufferUpdateInterval": 100,
      "KeyFrameInterval": 10,
      "MemoryLimit": 128
      },
      "Directories": {
      "Screenshots": "%APPDATA%\Screenshots",
      "UserConfiguration": "%APPDATA%\Config"
      },
      "ExternalVncServer": {
      "ServerPort": 5900
      },
      "LDAP": {
      "BaseDN": "ou=posix_groups,dc=mydomain,dc=fr",
      "ServerHost": "ldap.mydomain.fr",
      "ServerPort": 389
      },
      "Logging": {
      "LogFileDirectory": "$TEMP",
      "LogFileRotationCount": 10,
      "LogFileRotationEnabled": false,
      "LogFileSizeLimit": 100,
      "LogFileSizeLimitEnabled": false,
      "LogLevel": 4,
      "LogToStdErr": true,
      "LogToSystem": false
      },
      "Master": {
      "AccessControlForMasterEnabled": "true",
      "ComputerMonitoringBackgroundColor": "#ffffff",
      "ComputerMonitoringUpdateInterval": 1000,
      "LocalComputerHidden": "true"
      },
      "Network": {
      "DemoServerPort": 11400,
      "FeatureWorkerManagerPort": 11300,
      "FirewallExceptionEnabled": true,
      "PrimaryServicePort": 11100,
      "VncServerPort": 11200
      },
      "NetworkObjectDirectory": {
      "UpdateInterval": 60
      },
      "Service": {
      "Autostart": true,
      "FailedAuthenticationNotifications": true,
      "HideTrayIcon": false,
      "RemoteConnectionNotifications": false,
      "SoftwareSASEnabled": true
      },
      "UI": {
      "ApplicationName": "",
      "Language": ""
      },
      "UltraVNC": {
      "CaptureLayeredWindows": "true",
      "Configured": "true",
      "LowAccuracy": "true",
      "PollFullScreen": "true"
      }
      }
      </code>

      1 Reply Last reply
      0
      • Z Offline
        Z Offline
        zeltron80
        wrote on last edited by
        #3

        Ok,

        As this rooms PCs are windows PCs, joined to an Active Directory, I used AD, and auth works fine (because my organization's AD master did it with me).
        I guess I needed some more configuration in env and advanced parameters to make it work.
        I didn't have to do that with linux, as my PCs were LDAP auth based, and in access control, I just had to choose "default (local groups and users)", and not LDAP, as I have to with AD joined windows PCs.

        I didn't test further ldap conf, as I finally don't need it
        Answer this post could help other people with the same question, though 😉

        1 Reply Last reply
        0

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        Reply
        • Reply as topic
        Log in to reply
        • Oldest to Newest
        • Newest to Oldest
        • Most Votes


        Powered by NodeBB | Contributors
        • Login

        • Don't have an account? Register

        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Users
        • Groups