VMware View 2-factor authentication with Google Authenticator - Part Four

Adding View to the Mix.
Now that we have (almost) everything setup on the Linux server side, we just need to finish the view configuration and the client portion.


Open up the View administrator, navigate to View Configuration > servers.
Select the Connection Servers tab
Select your Server and click the Edit button.

in the "Edit Connection Server Settings" pop up window, change 2-Factor authentication to RADIUS
Check enforce 2-factor and windows user name matching


On Select Authenticator Select New.

Update the fields with your information.




We are now down with the View Configuration.

download and install the google authenticator app for your device:
https://support.google.com/accounts/answer/1066447?hl=en


Now we sill set up the user to authenticate.
Open up a putty session to your ubuntu server.
type
su someADusername
you should now be logged in as that users
run gauth, this will generate the QR code to scann from the install app on your device.



From your device, select the settings > Setup account, then select scan bar-code.

this will setup your client.

Now open your View Client and connect to your connection server. you will be prompted for your pass code:


Enter your passcode for your google authentication, and if setup correctly you will be prompted for your domain credentials.

Thats it. You are now ready to integrate what ever front end service you want for generating QR codes for users to use 2-factor with google auth.

Some additional notes.


When troubleshooting, stop the freeradius service and start it with -X
service freeradisu stop
freradisu -X


Also helpful is tailing the auth log.
tail -f /var/log/auth.log

Thats basically it. leave some comments if you have any questions. Im hoping to get this in a deplorable OVF or docker, but that's down the road a ways.


Comments

  1. This guide is much better than several others out there I've come across and failed with. Thanks! I finally got all the way through yours and I am still not able to get it working though. My connection server is logging an error that it failed to communicate with the RADIUS server. The IP address it reports is correct, the connection server can ping the RADIUS server, and I even turned off the windows firewall just in case. Any ideas for me to try? Still running View 5.2 if that could be an issue.

    ReplyDelete
    Replies
    1. I found that the Ubuntu firewall was causing issues, easy fix. The Radius service would not start with the line "Reply-Message = "Your account has been disabled."" I commented this line out and the service started without issues, and everything worked fine.

      Delete
    2. Also, the -Q UTF8 part I had to remove to fix the QR codes. They weren't displaying properly with it.

      Delete
  2. This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

OSX Mavericks \ Yosemite on a T520 - i7 16GB 256GB SSD

VMware View 2-factor authentication with Google Authenticator - Part Three

Access Point Gui 3.0 ( For AP 2.7.2)