LDAP auth issue with veyon 4.1.4.0-win64
-
Hi,
I'm now trying to get veyon working for windows10 classrooms.
Trying to limit access to veyon master to ldap group members.
I configured everything. In configurator : ldap server connexion test OK, Base DN test OK, I can see the users group list in access control.
BUT :
If I don't pick any group in authorized users group field, nobody's authorized (just as we hope). The issue is when I pick a group (which ever group I choose), all users are authorized (with the test button, even a blank login is OK).
I tried a lot of possibilities found in configurator (activate domain groups or not, use different filters for groups or users in advanced parameters for LDAP, ... and I always had the same behaviour : select a group means give access to everyone (even people not in this group), select none gives acces to nobodyI already used ldap access control for linux rooms, it works fine, but for windows, no way.
If you could give me a hint, I'd be pleased
-
Re,
Below, you'll find the .json file exported from configurator. Maybe it could help to find where I'm missing something.
(Of course, I don't use "mydomain" in real conf, this is the only thing I changed in json file) :
This is basic conf, just to make master's auth working (rooms and everything will takeplace later, when auth will be OK).
<code>
{
"AccessControl": {
"AccessRestrictedToUserGroups": "true",
"AuthorizedUserGroups": [
"cn=fst-veyon-master"
],
"UserGroupsBackend": "{6f0a491e-c1c6-4338-8244-f823b0bf8670}"
},
"Authentication": {
"Method": 0,
"PrivateKeyBaseDir": "%GLOBALAPPDATA%\keys\private",
"PublicKeyBaseDir": "%GLOBALAPPDATA%\keys\public"
},
"Core": {
"InstallationID": "e6caf172-e8fb-4e76-ad6b-c12578b2ff06",
"PluginVersions": {
"JsonStoreObject": {
"{14bacaaa-ebe5-449c-b881-5b382f952571}": "1.1",
"{1b08265b-348f-4978-acaa-45d4f6b90bd9}": "1.1",
"{1baa01e0-02d6-4494-a766-788f5b225991}": "1.1",
"{1bdb0d1c-f8eb-4d21-a093-d555a10f3975}": "1.1",
"{2917cdeb-ac13-4099-8715-20368254a367}": "1.1",
"{2ad98ccb-e9a5-43ef-8c4c-876ac5efbcb1}": "1.1",
"{387a0c43-1355-4ff6-9e1f-d098e9ce5127}": "1.1",
"{39d7a07f-94db-4912-aa1a-c4df8aee3879}": "1.1",
"{4122e8ca-b617-4e36-b851-8e050ed2d82e}": "1.1",
"{4790bad8-4c56-40d5-8361-099a68f0c24b}": "1.1",
"{67dfc1c1-8f37-4539-a298-16e74e34fd8b}": "1.1",
"{6f0a491e-c1c6-4338-8244-f823b0bf8670}": "1.1",
"{85f6c631-e75a-4c78-8cb2-a7f3f502015a}": "1.1",
"{8ae6668b-9c12-4b29-9bfc-ff89f6604164}": "1.1",
"{a54ee018-42bf-4569-90c7-0d8470125ccf}": "1.1",
"{b47bcae0-24ff-4bf5-869c-484d64af5c4c}": "1.1",
"{ee322521-f4fb-482d-b082-82a79003afa7}": "1.1"
}
}
},
"Demo": {
"FramebufferUpdateInterval": 100,
"KeyFrameInterval": 10,
"MemoryLimit": 128
},
"Directories": {
"Screenshots": "%APPDATA%\Screenshots",
"UserConfiguration": "%APPDATA%\Config"
},
"ExternalVncServer": {
"ServerPort": 5900
},
"LDAP": {
"BaseDN": "ou=posix_groups,dc=mydomain,dc=fr",
"ServerHost": "ldap.mydomain.fr",
"ServerPort": 389
},
"Logging": {
"LogFileDirectory": "$TEMP",
"LogFileRotationCount": 10,
"LogFileRotationEnabled": false,
"LogFileSizeLimit": 100,
"LogFileSizeLimitEnabled": false,
"LogLevel": 4,
"LogToStdErr": true,
"LogToSystem": false
},
"Master": {
"AccessControlForMasterEnabled": "true",
"ComputerMonitoringBackgroundColor": "#ffffff",
"ComputerMonitoringUpdateInterval": 1000,
"LocalComputerHidden": "true"
},
"Network": {
"DemoServerPort": 11400,
"FeatureWorkerManagerPort": 11300,
"FirewallExceptionEnabled": true,
"PrimaryServicePort": 11100,
"VncServerPort": 11200
},
"NetworkObjectDirectory": {
"UpdateInterval": 60
},
"Service": {
"Autostart": true,
"FailedAuthenticationNotifications": true,
"HideTrayIcon": false,
"RemoteConnectionNotifications": false,
"SoftwareSASEnabled": true
},
"UI": {
"ApplicationName": "",
"Language": ""
},
"UltraVNC": {
"CaptureLayeredWindows": "true",
"Configured": "true",
"LowAccuracy": "true",
"PollFullScreen": "true"
}
}
</code> -
Ok,
As this rooms PCs are windows PCs, joined to an Active Directory, I used AD, and auth works fine (because my organization's AD master did it with me).
I guess I needed some more configuration in env and advanced parameters to make it work.
I didn't have to do that with linux, as my PCs were LDAP auth based, and in access control, I just had to choose "default (local groups and users)", and not LDAP, as I have to with AD joined windows PCs.I didn't test further ldap conf, as I finally don't need it
Answer this post could help other people with the same question, though