Posts

Horizon View 2-factor Authentication for Free! with Google Authenticator or others

Image
So after quite a bit of work on my proof of concept google authenticator server, a colleague pointed out that LinOPT has already created this, along a whole slew of other options. So after spending a couple of nights reading and testing I figured id post a simple walk-through to get this up and running in your environment.

As mentioned in the title this is a Free solution , however if you are wanting to scale this in a large organization you would most likely want to explore their support contracts, this is a good fall back when things just don't work and this also help the developers keep this type of software free for the rest of us.

To start off we want to create 2 objects in Active Director. The first is just a standard user account LinOTP will use to connect to your domain. You can put these any where in your domain as we will access them directly later. In my case i create one called 'LinOTP Svc' and put it in the default Users OU.


Next create a Global or Universal S…

Google Authenticator Server - Proof of concept | VMware Horizon View or Identity Manager

Image
Update 10/2017:  Since starting this project I was informed that such a thing already existed, so I will not be moving forward with this. You can use LinOTP in your enterprise environment.


As a continuation of my previous post I wanted to see if I could build a simple server to to allow users to generate google authentication keys, and authenticate to Horizon View.  After some research I was finally able to get a 'functional' server up and running and easily deplorable.

No going forward please realize as I said before this is a PROOF OF CONCEPT, you should not deploy this in your production environment, you have been warned (See notes at the end of this page), however if you want something to mess around with to build your own , here ya go.

To being your going to need an ubuntu server, see my original posts Part1 and Part2 to get a working Ubuntu server in your environment.(make the username gauth as it will make ruining the config scripts easier)

Once your have your ubuntu s…

Recovery of data off a Netgear Ready Nas NV+ SPARC edition

Ran into an issue where the NIC got fried on my Readynas , I had backups of most of the data through USB but some data (expendable) was not backed up.
However I still wanted to recover this data and found this post:

http://home.bott.ca/webserver/?p=306

This actually worked with a few changes:

First remove your drives from the ready nas 1 by 1, and mark on each one the number it is starting from left to right ( 1,2,3,4)
Now place them in a PC and this is probably important , put them on each sata port in order, in my case my ports are 0,1,2,3.

Download ubuntu 1604 LTS desktop IS for ease of use
Down load Rufus to convert the ISO to a bootable USB https://rufus.akeo.ie/

make sure you computer has internet access

boot the linux USB , choose try Ubuntu


once booted to the desktop open up a terminal
run the following:
sudo su
gedit /etc/apt/sources.list

This will open up the graphical txt editor, Add the following line to the end of the file


deb http://us.archive.ubuntu.com/ubuntu precise m…

Access Point Gui 3.0.2 - Final

Image
Access Point Gui 3.0.1 3.0.2

Ok so this is My last, last version of this as I am moving on to other projects.

Last Updates include:
config options for vIDM
config options for system settings.
removal of background image (it was causing long load times.
some code cleanup.

Also forgot to add a thumbprint box for vIDM
Note about auto thumbprint for vidm, this will get the thumbprint from the server however it will not add the sha value at the beginning, this is due to a framework limitation, and i dont have the time figure out a new way, so if you auto generate your thumbprint, make sure to put a 'shat1:" or "sha256:" in front before submitting.


Enjoy!



Download Here













Access Point Gui 3.0 ( For AP 2.7.2)

Image
Access Point Gui 3.0 ( For AP 2.7.2)

So I didn't think id write another one of these since I figured there would be one in the latest realease of AP. Well I guess they skipped any sort of Gui again, so here we go!


Requirements:
.NET 4.5.2 or greater
A deployed AP (just needs to be accessible via management IP)

So to start download , extract and double click the Access Point Gui.exe

Once the App has loaded you will be presented with a console 


Enter your AP's management IP or the host name and password. At this point you could continue filling out the settings but lets see what we currently have set by clicking the [Get Current Info] button.





OK Great , there are our current settings, we can copy those off some where in case we need them.



Click the View Enabled? check box to open up the rest of the settings.

Fill out the rest of the settings as required. I have added a function to get the Thumbprint for the connection server (or LB server) of the supplied certificate. After you …

VMware View 2-factor authentication with Google Authenticator - Part Four

Image
Adding View to the Mix.
Now that we have (almost) everything setup on the Linux server side, we just need to finish the view configuration and the client portion.


Open up the View administrator, navigate to View Configuration > servers.
Select the Connection Servers tab
Select your Server and click the Edit button.

in the "Edit Connection Server Settings" pop up window, change 2-Factor authentication to RADIUS
Check enforce 2-factor and windows user name matching


On Select Authenticator Select New.

Update the fields with your information.




We are now down with the View Configuration.

download and install the google authenticator app for your device:
https://support.google.com/accounts/answer/1066447?hl=en


Now we sill set up the user to authenticate.
Open up a putty session to your ubuntu server.
type
su someADusername
you should now be logged in as that users
run gauth, this will generate the QR code to scann from the install app on your device.



From your device, select the…

VMware View 2-factor authentication with Google Authenticator - Part Three

Image
Installing Google Authenticator pbis-open and freeradius
Now that we have the VM and Ubuntu installed, we now need to install our packages.

First make sure you have a DNS record for the server in active directory, as we are going to need it. This must be done first!

Also create a AD security group named:
GG_S_GOOGLE_AUTH_DISABLED

Once done, go back to your console and run the following:
sudo su
enter your password

apt-get update

apt-get dist-upgrade
say Y when prompted

apt-get install ntp
say Y when prompted

apt-get install ntpdate
should not prompt

ntpdate pool.ntp.org

Now we are going to install pbis-open for our connection to Active Directory

wget -O - http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis|sudo apt-key add - 
wget -O /etc/apt/sources.list.d/pbiso.list http://repo.pbis.beyondtrust.com/apt/pbiso.list 
apt-get update
apt-get install pbis-open
say Y when prompted

Once that completes we can Join our Ubuntu server to the domain.
domainjoin-cli join yourdomain.com administrator@yourd…