How to configure RADIUS 2nd factor authentication

How to configure RADIUS 2nd factor authentication


Problem:  Would like to setup RADIUS (token) authentication as a 2nd factor authentication method.


Prerequisite(s):
  • RADIUS server IP/port#
  • RADIUS server secret key
  • Access to Server Management console (8090 console)

Solution(s):  It's important to have the 8090 console because if you misconfigure the RADIUS settings you will not be able to login from traditional login page.  You will need to go in through 8090 console -> Settings -> webAdmin Dashboard to turn off RADIUS authentication.  If you are unfamiliar with the previous description, do NOT continue and contact support for assistance.

Steps how-to enable:
  1. Go to webAdmin -> Tree Root -> Stoneware
  2. Expand DefaultLoginPolicy (or equivalent login policy object)
  3. Right-click on DefaultLoginPolicy and create a new object of type Login Attribute
  4. Enter name RadiusAttribute
  5. Enter the following information:
    Application type: Authorization
    Description: Radius-Password
    Name: [RADIUS.password]
  6. Click Save button
  7. Click on DefaultLoginPolicy object
  8. Under Ordered Attributes, click + button to add
  9. Add in the RadiusAttribute
  10. Go to the Options panel
  11. Turn on Radius Authentication checkbox
  12. Enter the IP address for the Authentication Server
  13. Enter the Authentication Port
  14. Enter the IP address for the Accounting Server (Optional)
  15. Enter the Accounting Port (Optional)
  16. Enter the shared secret for the RADIUS server
  17. Click Save button
  18. Restart relay from 8090 console
  19. Test login


Steps how-to disable:

  1. Go to webAdmin -> Tree Root -> Stoneware
  2. Go back to the DefaultLoginPolicy
  3. Under the Ordered Attributes box, select the RadiusAttribute and click X to remove it
  4. Go to the Options panel
  5. Uncheck the Radius Authentication checkbox
  6. Click the Save button
  7. Restart relay from 8090 console


Debugging:

com.stoneware.auth.RADIUSAuthenticator


Keywords: 2-Factor, Two-Factor

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...

      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • Related Articles

      • Two-factor Authentication Options in Unified Workspace

        Issue: What Two-factor authentication options are available in Unified Workspace? Solution: We currently have three Two-factor authentication options in Unified Workspace, that are supported across all browsers. Challenge Authentication Image ...

      • webDav & Additional Authentication Methods.

        When deciding to use additional methods for authentication like Radius or additional attributes on the login page, keep in mind that features like webDav / webDrive do not support these optional attributes and can only authenticate using a ...

      • Desktop Authentication known issues and recommendations

        Problem:  What are the known issues of using Desktop Authentication feature to automatically log users into the portal? Cause:  Desktop Authentication feature uses Windows Integrated Authentication (NTLMv1).  Most browsers do not support auto-login ...

      • Troubleshooting issues with authentication

        Issue: A user is receiving a Failed Login Attempt error every-time they try to login to Unified Workspace.  How can we determine the root cause of the failed login? Solution: Enable the Authentication debug logging: Browse to the 8090 Management ...

      • Issues with NTLM Authentication

        Are there any issues with using NTLM authentication when doing SSO to a back end application ? Update 10-31-2014 : With webNetwork 6.2.1.182 and higher there have been many updates made to handle NTLM v2 applications that do not also maintain a ...