Adding the Radius Server to the Connection Broker.
I’ll always recommend using the Unified Access Gateway, even for internal only deployments and adding the first Challenge of the 2FA there. However we can add it the the connection broker if needed. The following is done via the HTML interface, it’s where the admin console is heading so you might as well get started now. Next post will be how to add it to the Unified Access Gateway.
- Log into to your connection broker on https://<connection>/newadmin/
- Expand Settings and Click on Servers and Connection Servers.
- Select the connection server and click Edit.
- Select Authentication and scroll down to Advanced Authentication.
- Under Advanced Authentication:
- Fill in blank and required details. no real need to change the defaults:
- Label – Give it a name like Centos 2FA.
- Hostname/Address – hostname of the 2FA server we built in Part 1.
- Share Secret – We defined this in Part 1 as the secret in the client.conf file.
- Click Next.
- Add in the details of a second server (if created)
- Click Finish.
- Select the Authenticator you just created.
- and select OK.
Next time a user tries to log into the connection broker to get a desktop they’ll be prompted for their 2FA key.
Do you mind if I quote a few of your articles
as long as I provide credit and sources back to your website?
My blog is in the very same niche as yours and my visitors would certainly benefit from some of the information you present here.
Please let me know if this okay with you. Thanks!
Hi, Thats no problem at all! Knowledge is for sharing!
Thank you for all your informations !
I read and followed your procedure.
However I get an “Access Denied” message when connecting to Horizon with my AD account. Do you have an idea ?
Thank you
Hi Michael,
There could be a few reasons. I would look at the following:\?
1. Are you using the full AD name:
2. Double check DNS and NTP
3. Does “realm list” on the linux box give you the domain details?
I’ll spin up a fresh copy in my lab and see if I can replicate the error.
Hi Carel,
1. I try with full AD name (domain\user, user@domain and only username)
2. After control, yes DNS and NTP are correct
3. The realm list give me all details from the AD
Ok I wait your information if you can replicate the issue.
Thank you for your time.