How to configure RADIUS 2nd factor authentication

How to configure RADIUS 2nd factor authentication


Problem:  Would like to setup RADIUS (token) authentication as a 2nd factor authentication method.


Prerequisite(s):
  • RADIUS server IP/port#
  • RADIUS server secret key
  • Access to Server Management console (8090 console)

Solution(s):  It's important to have the 8090 console because if you misconfigure the RADIUS settings you will not be able to login from traditional login page.  You will need to go in through 8090 console -> Settings -> webAdmin Dashboard to turn off RADIUS authentication.  If you are unfamiliar with the previous description, do NOT continue and contact support for assistance.

Steps how-to enable:
  1. Go to webAdmin -> Tree Root -> Stoneware
  2. Expand DefaultLoginPolicy (or equivalent login policy object)
  3. Right-click on DefaultLoginPolicy and create a new object of type Login Attribute
  4. Enter name RadiusAttribute
  5. Enter the following information:
    Application type: Authorization
    Description: Radius-Password
    Name: [RADIUS.password]
  6. Click Save button
  7. Click on DefaultLoginPolicy object
  8. Under Ordered Attributes, click + button to add
  9. Add in the RadiusAttribute
  10. Go to the Options panel
  11. Turn on Radius Authentication checkbox
  12. Enter the IP address for the Authentication Server
  13. Enter the Authentication Port
  14. Enter the IP address for the Accounting Server (Optional)
  15. Enter the Accounting Port (Optional)
  16. Enter the shared secret for the RADIUS server
  17. Click Save button
  18. Restart relay from 8090 console
  19. Test login


Steps how-to disable:

  1. Go to webAdmin -> Tree Root -> Stoneware
  2. Go back to the DefaultLoginPolicy
  3. Under the Ordered Attributes box, select the RadiusAttribute and click X to remove it
  4. Go to the Options panel
  5. Uncheck the Radius Authentication checkbox
  6. Click the Save button
  7. Restart relay from 8090 console


Debugging:

com.stoneware.auth.RADIUSAuthenticator


Keywords: 2-Factor, Two-Factor

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...

      • Related Articles

      • Two-factor Authentication Options in Unified Workspace

        Issue: What Two-factor authentication options are available in Unified Workspace? Solution: We currently have three Two-factor authentication options in Unified Workspace, that are supported across all browsers. Challenge Authentication Image ...

      • webDav & Additional Authentication Methods.

        When deciding to use additional methods for authentication like Radius or additional attributes on the login page, keep in mind that features like webDav / webDrive do not support these optional attributes and can only authenticate using a ...

      • Desktop Authentication known issues and recommendations

        Problem:  What are the known issues of using Desktop Authentication feature to automatically log users into the portal? Cause:  Desktop Authentication feature uses Windows Integrated Authentication (NTLMv1).  Most browsers do not support auto-login ...

      • Issues with NTLM Authentication

        Are there any issues with using NTLM authentication when doing SSO to a back end application ? Update 10-31-2014 : With webNetwork 6.2.1.182 and higher there have been many updates made to handle NTLM v2 applications that do not also maintain a ...

      • Troubleshooting issues with authentication

        Issue: A user is receiving a Failed Login Attempt error every-time they try to login to Unified Workspace.  How can we determine the root cause of the failed login? Solution: Enable the Authentication debug logging: Browse to the 8090 Management ...