summary requirements · 2019-07-13 · summary this article describes how to configure radius...
Post on 20-Jul-2019
214 Views
Preview:
TRANSCRIPT
Summary This article describes how to configure RADIUS Authentication on Windows Server 2008 for use with Citrix Web Interface 5.x.
These steps are performed on Windows Server 2008 with the Network Policy and Access Services (formerly known as Internet Authentication Service) role installed.
Requirements To configure RADIUS on Windows Server 2008 you must have the following components:
• Citrix Web Interface 5.x.• Windows Server 2008 with Network Policy and Access Services role installed.
Note: For Web Interface 5.2 or later, there is a new requirement to configure RADIUS authentication as a second factor authentication, which is the RADIUS NAS-IDENTIFIER. This new requirement was introduced to comply with RADIUS RFC 2865. However, it is NOT mandatory to configure the RADIUS server to check for RADIUS NAS-IDENTIFIER as a condition. For more information regarding this requirement, refer to Citrix eDocs – Web Interface.
Web Interface 5.3 is used for the purpose of this article.
Procedure From Windows Server 2008
1. Open the Server Manager and select Roles > Install New Role Service.
2. Select Network Policy and Access Services > Network Policy Server and clickInstall.
Page 1
How to Configure Citrix Web Interface 5.x with
Microsoft Network Policy Server (RADIUS) Using Windows Server 2008
3. Create a RADIUS Client and configure a Network Policy to allow RADIUS
authentication over Citrix Access Gateway. To launch the Network Policy Server, go to Start > All Programs > Administrative Tools > Network Policy Server.
4. Under RADIUS Clients and Servers, right-click RADIUS clients and select New RADIUS Client.
5. Complete the fields specified in the following screen shot. For Vendor Name, leave the option default which is RADIUS Standard and Click OK.
Page 3
6. Configure the Network Policies. Right-click Network Policies and click New.
7. Enter a Policy Name and set the Type of network access server to Unspecified and
then select Next. Page 4
8. Under Specify Conditions, click Add, select User Groups > Add Groups and enter the Domain Users Group that should be allowed to authenticate using RADIUS.
Page 5
10. Under Configure Authentication Methods, select Unencrypted authentication (PAP, SPAP) only. Any other authentication methods should be unchecked. Then, click Next.
Page 7
12. Under Configure Settings > RADIUS Attributes > Standard, remove the Framed-Protocol and Service-Type attributes.
Page 9
From Citrix Web Interface 5.x 1. Launch the Citrix Web Interface Management console.
2. Create a Web Interface site using the Authentication Point > At Web Interface.
3. Go to Authentication Methods > Explicit > Properties > Two-factor Authentication.
4. From the drop-down menu, select RADIUS.
5. Enter the RADIUS server IP Address and port number.
6. Close the Web Interface Management console.
7. Go to C:\inetpub\wwwroot\Citrix\<site_name>\conf folder and create a file calledradius_secret.txt.
Page 12
8. Open this text file and enter the RADIUS shared secret passcode.
9. Save the file and close it.
10. For Web Interface 5.2 or later: Go to C:\inetpub\wwwroot\Citrix\<site_name>\ folder and open the file Web.config with a text editor like Notepad. On Java application servers, the file is web.xml file.
11. Search for line # 102 or the following parameter: <add key="RADIUS_NAS_IDENTIFIER" value="" />
Page 13
12. For value, enter any alphanumeric value longer than 3 characters.
13. Save the Web.config file and test your Web Interface site.
More Information Citrix eDocs - Web Interface Administrator’s Guide
Page 14
top related