Forum Discussion
Frank_Zoechling
Nimbostratus
NimbostratusAPM / VMware View 6 / Radius and Active Directory Auth
Hi,
i'm using APM and the VMware View iAPP to provide Access to VMware View Connection Brokers. I have extended the Access Profile with Radius Authentication for 2-Factor Auth. But there is a Little Problem: If i try to Login with the View Fat Client, it asks me to enter my radius credentials (fine so far). If i enter the correct credentials the Client asks for the AD credentials, but between Radius and AD credentials, the Client is showing a Access denied error. It seems that APM passes the Radius credentials to the active Directory Login page:
Here is the Access profile:
i also tried to clear session username and Password after radius authentication, but with no success. Login will success if i enter AD credentials, but the Access denied error message before entering the the AD credentials still apears. Could somebody help me with that?
Kind regards, Frank
Hi Franck, I have solved my problem. I have deleted the AD View Logon page and AD authentication boxes in the VPE. That works fine and the AD authentication is made by the Connexion Server. That differs with the previous 11.4.1 HF2. Regards. Patrice
Justin_Venezia_Cirrus
Hi, Frank. What version of TMOS and iApp are you using? Also, what version of View (server & client) is in the mix here? What type of OTP mechanism are you using?
When you remove the OTP, does the authentication work as expected and can you establish a connection?
Justin
Frank_ZoechlingHi Justin, thanks for your reply. I'm using BIG-IP 11.6 HF5, View Client 3.4.0 build 2769709 and View Server 6.0.1 build-2088845. For OTP i'm using SafeNet with MobilePass. If I configure OTP or AD Auth standalone it is working, only if i confgure both authentication methods (OTP First / AD Second or AD First / OTP Second) I'm getting a Access denied message between the 2 Authentication methods, but it is working with the Access Denied Error: Enter Username and OTP -> Pass OTP Auth, Click OK on error message, enter AD User and Passwort, works. With the Webbrowser everything is fine, only the Horizon Client Shows the error message. Regards, Frank
- Justin_Venezia_
Are you accessing/experiencing the error through the APM webtop or the native View client?
- Frank_Zoechling
Hi Justin, the Problem only occurs if i start the native view Client without accessing the webtop. If i Login to the webtop and start the native Client from the webtop everything works fine. Kind regards, Frank
- Justin_Venezia_
Can you post screen shots of the VMware View Logon Page configuration for the OTP and for the AD View Logon page?
Thanks!
- Frank_Zoechling
Hi, here are the screenshots:
- Justin_Venezia_
To confirm, you don't have RADIUS enabled on the connection servers?
- Justin_Venezia_
To confirm, you don't have RADIUS enabled on the connection servers?
- Frank_Zoechling
yes, no 2 factor auth on Connection Server:
- Justin_Venezia_
Can you tell me how many characters are in your AD password and RADIUS password used for the AAA bindings?