Forum Discussion
NimbostratusHorizon View 2FA with AD and Radius
Hi everybody.
I'm trying to set up a Horizon View solution through BigIP with APM. I've got my View environment to work, and I'm able to log in with 2FA via the browser and open my VDI resources. My issue is when I'm trying to configure 2FA with the Horizon View Client.
My AP looks as following:
As a 2FA we're using a raduis server that sends an SMS to a mobile phone. As stated above, this configuration works when using a browser, but not when using the Horizon View client. The same radius server is used for both the Client and browser. When using the Horizon View Client, I'm first asked for my username and password and this is authenticated towards AD. This is by design and is working as it should. I'm then trying to do a radius auth, I receive the SMS, but when I type it in the client just ask for a new code.
AD login works fine:
First prompt for radius authentication:
Second prompt for radius authentication opens up regardless of whether the password in the first attempt was correct or not:
When I use the browser, the experience is the same with first an AD login, and then prompted for the PASSCODE. After the passcode is entered, "Browser RADIUS Auth" is successful and access is allowed. If I remove the "View RADIUS Auth" from the VPE, everything works fine.
My "View Radius Auth" looks like this:
Any ideas?
Ryan77777Altocumulus
If you enable 'show extended error' does it return any other feedback?
If you look at the RADIUS logs, does it provide any other feedback? Correct login attempt? Missing information?
I'm wondering is the Username/Password Source variable might need a tweak. Perhaps the username is getting overwritten after the second password is being submitted? Reaching... guessing... but that's where I would start if it were me.
MortenInfo to anyone that might bump into this problem. It's fixed in v14.1, as there was a bug:
After upgrading to v14.1 this is no longer a problem
- boneyard
MVP
thanks for posting the answer
