Forum Discussion

Nick_Palmer_f5's avatar
Nick_Palmer_f5
Icon for Nimbostratus rankNimbostratus
May 26, 2017

APM: Dell Wyse Zero Client RADIUS Auth Issue

APM policy does 2-step verification (AD and RADIUS). Connecting from the Dell Wyse Zero client (Teradici) to VDI just stays on the logon screen after credentials are entered. Removing RADIUS Auth from the policy fixes the authentication issue for the Dell Wyse Zero client. Here is the excerpt from the APM log:

13:07:27 PDT 2017   notice  MyF5    tmm1[8211]  01490517    /Common/VMware-View_default.app/VMware-View_default:Common:c7e7b430: User-Agent header is absent or empty
13:07:27 PDT 2017   notice  MyF5    tmm1[8211]  01490500    /Common/VMware-View_default.app/VMware-View_default:Common:c7e7b430: New session from client IP 10.24.0.157 (ST=/CC=/C=) at VIP 10.160.153.7 Listener /Common/VMware-View_default.app/VMware-View_default_proxy_https (Reputation=Unknown)
13:07:29 PDT 2017   notice  MyF5    tmm1[8211]  01490517    /Common/VMware-View_default.app/VMware-View_default:Common:3da19544: User-Agent header is absent or empty
13:07:29 PDT 2017   notice  MyF5    tmm1[8211]  01490500    /Common/VMware-View_default.app/VMware-View_default:Common:3da19544: New session from client IP 10.24.0.157 (ST=/CC=/C=) at VIP 10.160.153.7 Listener /Common/VMware-View_default.app/VMware-View_default_proxy_https (Reputation=Unknown)
13:07:32 PDT 2017   notice  MyF5    apmd[10392] 01490010    /Common/VMware-View_default.app/VMware-View_default:Common:3da19544: Username 'MyUserName'

Authentications are successful when accessing via a browser of VMWare View client. Same behavior on APM v11.6.1 and 12.1.2

I do appreciate any feedback or guidance. Thanks!

application delivery
BIG-IP Access Policy Manager (APM)
    • Nick_Palmer_f5's avatar
      Nick_Palmer_f5
      Icon for Nimbostratus rankNimbostratus
      Nov 16, 2017

      Deployed VMWare iApp with its default settings in a test envt, and the issue was resolved. Didn't have time to look into some of our custom settings that break connections from Dell Wyse Zero client.

       

    • Nick_Palmer_f5's avatar
      Nick_Palmer_f5
      Icon for Nimbostratus rankNimbostratus
      Jun 04, 2018

      Adding to the subject. From Dell:

       

      "The thin client must have the required certs pre-installed and usually a second profile is created on the F5 just for WTOS. It looks for a user header wyse-1000. When it sees this user header the F5 knows the unit is a WTOS zero client. On the F5, the profile needs to be configured to allow pass-through of the Wyse devices directly to the broker address. If NAT is used the authentication will fail."