work notes

• this are just some notes how i compiled the extension

VERS=1.5.1
git clone https://github.com/alphabet5/guacamole-auth-radius.git
cd guacamole-auth-radius
sed -i "s/ARG VERSION=.*/ARG VERSION=$VERS/" Dockerfile
docker build --tag guacamole-auth-radius --build-arg VERSION=$VERS .
docker run -d --name=guacamole-auth-radius guacamole-auth-radius
docker cp guacamole-auth-radius:/guacamole-auth-radius-$VERS.jar .
docker container prune -f
docker image prune -a -f


docker run --rm -it --entrypoint bash guacamole-auth-radius:latest
   find /guacamole-client-*/extensions/*/target/*.jar | while read f; do cp $f /; done
   ls -1 /*.jar | xargs echo

for f in /guacamole-auth-duo-$VERS.jar /guacamole-auth-header-$VERS.jar /guacamole-auth-json-$VERS.jar /guacamole-auth-ldap-$VERS.jar /guacamole-auth-quickconnect-$VERS.jar /guacamole-auth-radius-$VERS.jar /guacamole-auth-totp-$VERS.jar
do
   docker cp guacamole-auth-radius:$f .
done

scp guacamole-auth-* root@test01:

vi /etc/guacamole/guacamole.properties
------------
radius-hostname 192.168.111.222
radius-auth-port 1812
radius-auth-protocol pap
radius-shared-secret xxx...xxx
------------
systemctl restart nginx guacd tomcat

cp -v guacamole-auth-radius-$VERS.jar /usr/share/tomcat/.guacamole/extensions/aaa-guacamole-auth-radius-$VERS.jar

TEST
------------
- existing freeipa user without totp -> ok
- existing freeipa user with totp -> ok
- freeipa user created with totp enforced
  - password changed
  - totp created
  - guacamole login via radius (password+token) -> ok

- freeipa user created with totp enforced
  - password changed
  - totp NOT created *****ACHTUNG*****
  - guacamole login via radius (password) -> ok, but allowed by freeipa design