Forum Discussion
APM / VMware View 6 / Radius and Active Directory Auth
Hi,
i'm using APM and the VMware View iAPP to provide Access to VMware View Connection Brokers. I have extended the Access Profile with Radius Authentication for 2-Factor Auth. But there is a Little Problem: If i try to Login with the View Fat Client, it asks me to enter my radius credentials (fine so far). If i enter the correct credentials the Client asks for the AD credentials, but between Radius and AD credentials, the Client is showing a Access denied error. It seems that APM passes the Radius credentials to the active Directory Login page:
Here is the Access profile:
i also tried to clear session username and Password after radius authentication, but with no success. Login will success if i enter AD credentials, but the Access denied error message before entering the the AD credentials still apears. Could somebody help me with that?
Kind regards, Frank
Hi Franck, I have solved my problem. I have deleted the AD View Logon page and AD authentication boxes in the VPE. That works fine and the AD authentication is made by the Connexion Server. That differs with the previous 11.4.1 HF2. Regards. Patrice
- Frank_ZoechlingNimbostratus
Radius Secret contains 21 alphanumeric characters without special characters. AD binding is anonymous.
I don't think your issue is related to configuration. I ran through our standard RADIUS/OTP configuration in the lab, and it's pretty straight forward. Do you happen to have a support case open, so we can take a deeper look at the issue. The errors I see in the screen shots/logs you included could point to a couple of different things.
- Frank_ZoechlingNimbostratus
Hi Justin, thanks for your reply, i will open a Support case. regards, Frank
- coquin_150361Altostratus
Hi Franck Just to say I have the same issue. All worked fine on 11.4 HF2 and the issue appeared since I have upgraded to 11.6 HF5 It seems that the Radius credentials are automatically rerun at the AD authentication step. Have you received some help from the Support ? I will also open one from my side and keep you posted. Regards, Patrice
- Frank_ZoechlingNimbostratus
Hi Patrice,
"It seems that the Radius credentials are automatically rerun at the AD authentication step" Yes, i think thats the Problem, i have tried to clear session.last.password and session.last.username but with also no luck, currently i'm waiting of F5 Support Response.
regards, Frank
- coquin_150361Altostratus
Hi Franck, I have solved my problem. I have deleted the AD View Logon page and AD authentication boxes in the VPE. That works fine and the AD authentication is made by the Connexion Server. That differs with the previous 11.4.1 HF2. Regards. Patrice
- Frank_ZoechlingNimbostratus
Hi Patrice, thanks, thats works for me too. Nice workaround :-) Regards, Frank
- Frank_ZoechlingNimbostratus
Hi, just for Information, answer from F5 support:
The issue you are affected by is ID526275 VMware View RSA/RADIUS two factor auth fails. The fix will be introduced in the next HF rollup, I have been informed there is an engHF available. Let me if you are ok to wait for HF6 for 11.6.0 or want an engHF on top of HF5, as far as I know HF6 should be released at the end of September.
regards, Frank
- coquin_150361Altostratus
Thanks Franck. I will wait this HF6. Regards,
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com