VMware View configuration
This chapter describes how to manage VMWARE View in radius context. When a user signs into the VMWARE View client, the VMWARE View server forwards the user’s credentials to this authentication server to verify the user’s identity. You will create one authentication server (an ActivIdentity 4TRESS AAA RADIUS Server) to validate the user’s one-time password generated by an ActivIdentity token.
Procedure 1 : Create New Radius Server Instance
1. On the VMware View Administrator (from a Web browser, access View Administrator on the Connection Server using https://hostname/admin and log in) select View Configuration, then Servers, select the Connection Servers tab and then Edit to bring up the Edit View Connection Server Settings and select the Authentication tab.
2. Under Advanced Authentication choose, for 2-factor authentication, the RADIUS tab.
3. Under Select Authenticator select Create new Authentication, this opens the Add RADIUS
Authenticator screen, this allows a Primary and Secondary RADIUS authentication servers to be
configured, enter the following:
- Label: A label shown to clients
4. Under Primary Authentication Server section :
- Hostname/Address: IP address of the 4TRESS AAA
- Authentication Type: select RADIUS authentication type, use PAP for initial setup.
- Shared secret: The shared secret, the same as entered on the 4TRESS AAA server
5. Complete the configuration for the RADIUS server and select Next
6. If there is a secondary RADIUS server then complete the settings for the secondary server and select
Procedure 2: Additional Configuration Options
1. After authenticating to RADIUS, you may get another prompt if the RADIUS server responded with a supported Access Challenge. Full generic RADIUS challenge/response is not supported, but a limited access challenge for a string token code is supported (for SMS authentication for example). For details on how authenticating with an Out-Of-Band SMS works, please refer to ActivIdentity 4TRESS AAA documentation.
2. In the admin configuration of RADIUS authentication under Advanced Authentication, if Enforce 2- factor and Windows user name matching is ticked then the Windows login prompt after RADIUS authentication will force the username to be the same as the RADIUS username and the user will not be able to modify this.
ActivIdentity 4TRESS AAA configuration
This chapter describes how to configure the ActivIdentity 4TRESS AAA Authentication Server.
Procedure 1: Configure VMWARE Gate
A gate for the ActivIdentity 4TRESS AAA Server is a group of Network Access Servers (NAS) that is used to simplify administration. For configuration details, refer to ActivIdentity 4TRESS AAA Server technical documentation.
1. In the left pane of the Administration Console, expand the Servers line.
2. Right-click on the server to which you want to add a gate, and then click New Gate