Adding the Radius Server to the Connection Broker.
I’ll always recommend using the Unified Access Gateway, even for internal only deployments and adding the first Challenge of the 2FA there. However we can add it the the connection broker if needed. The following is done via the HTML interface, it’s where the admin console is heading so you might as well get started now. Next post will be how to add it to the Unified Access Gateway.
- Log into to your connection broker on https://<connection>/newadmin/
- Expand Settings and Click on Servers and Connection Servers.
- Select the connection server and click Edit.
- Select Authentication and scroll down to Advanced Authentication.
- Under Advanced Authentication:
- Fill in blank and required details. no real need to change the defaults:
- Label – Give it a name like Centos 2FA.
- Hostname/Address – hostname of the 2FA server we built in Part 1.
- Share Secret – We defined this in Part 1 as the secret in the client.conf file.
- Click Next.
- Add in the details of a second server (if created)
- Click Finish.
- Select the Authenticator you just created.
- and select OK.
Next time a user tries to log into the connection broker to get a desktop they’ll be prompted for their 2FA key.