Configuring RADIUS Authentication 编辑
Configuring RADIUS Authentication
You can configure Citrix Gateway to authenticate user access with one or more RADIUS servers. If you are using RSA SecurID, SafeWord, or Gemalto Protiva products, each of these products is configured by using a RADIUS server.
Your configuration might require using a network access server IP address (NAS IP) or a network access server identifier (NAS ID). When configuring Citrix Gateway to use a RADIUS authentication server, use the following guidelines:
- If you enable use of the NAS IP, the appliance sends its configured IP address to the RADIUS server, rather than the source IP address used in establishing the RADIUS connection.
- If you configure the NAS ID, the appliance sends the identifier to the RADIUS server. If you do not configure the NAS ID, the appliance sends its host name to the RADIUS server.
- When you enable the NAS IP, the appliance ignores any NAS ID that is configured using the NAS IP to communicate with the RADIUS server.
Configuring Gemalto Protiva
Protiva is a strong authentication platform that Gemalto developed to use the strengths of Gemalto’s smart card authentication. With Protiva, users log on with a user name, password, and a one-time password that the Protiva device generates. Similar to RSA SecurID, the authentication request is sent to the Protiva authentication server and the server either validates or rejects the password. To configure Gemalto Protiva to be compatible with Citrix Gateway, use the following guidelines:
- Install the Protiva server.
- Install the Protiva SAS Agent Software, that extends the Internet Authentication Server (IAS), on a Microsoft IAS RADIUS server. Make sure you note the IP address and port number of the IAS server.
- Configure a RADIUS authentication profile on Citrix Gateway and enter the settings of the Protiva server.
Configuring SafeWord
The SafeWord product line provides secure authentication using a token-based passcode. After the user enters the passcode, SafeWord immediately invalidates the passcode and it cannot be used again. When you configure the SafeWord server, you need the following information:
- The IP address of Citrix Gateway. The IP address must be the same IP address that you configured in the RADIUS server client configuration. Citrix Gateway uses the internal IP address to communicate with the RADIUS server. When you configure the shared secret, use the internal IP address. If you configure two appliances for high availability, use the virtual internal IP address.
- A shared secret.
- The IP address and port of the SafeWord server. The default port number is 1812.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论