Solved: VMWare View 5.1 and RADIUS Authentication - Passwo...

taopiglet · ‎09-11-2012

I am using Trustwave for 2-Factor Authentication on a View 5.1.1 Server. The Trustwave Proxy Server requires you input your Active Directory Password followed by a comma and then the passcode provided by Trustwave. After that you get the normal VMWare View Login where you have to put in your Active Directory Password. Is there a way to strip out the comma and passcode from the first login box and just have it pass the Active Directory Password to the 2nd dialog box?? See the two dialog boxes below.

NOTE: It all works fine, but it is confusing to the user to input their Active Directory Password twice.

NOTE: When I check the box in the Manage Authenticators to use the same User Name and Password for RADIUS and Windows authentication, I naturally get an error because it is passing the Active Directory Password, the comma, and the Trustwave passcode to the 2nd login box.

Dave Hudson Sr. Systems Admin - Virtualization

markbenson · ‎09-12-2012

taopiglet wrote:
... Is there a way to strip out the comma and passcode from the first login box and just have it pass the Active Directory Password to the 2nd dialog box?
...

No.

What happens with many RADIUS servers is that the first prompt is for username and AD password. There is then an Access-Challenge to obtain the token code. In this case you can configure View to skip the next AD password prompt as View can take the original RADIUS passcode (AD password) and use this for the AD authentication part.

Quite a few RADIUS vendors work this way.

If the Trustwave RADIUS server can be configured to perform an Access-Challenge, then that would be a more standard approach than trying to parse password fields in this way.

I can see why this would be irritating to users.

Mark.

View solution in original post

markbenson · ‎09-12-2012