Configuring RADIUS Authentication 编辑

Configuring RADIUS Authentication

You can configure Citrix Gateway to authenticate user access with one or more RADIUS servers. If you are using RSA SecurID, SafeWord, or Gemalto Protiva products, each of these products is configured by using a RADIUS server.

Your configuration might require using a network access server IP address (NAS IP) or a network access server identifier (NAS ID). When configuring Citrix Gateway to use a RADIUS authentication server, use the following guidelines:

  • If you enable use of the NAS IP, the appliance sends its configured IP address to the RADIUS server, rather than the source IP address used in establishing the RADIUS connection.
  • If you configure the NAS ID, the appliance sends the identifier to the RADIUS server. If you do not configure the NAS ID, the appliance sends its host name to the RADIUS server.
  • When you enable the NAS IP, the appliance ignores any NAS ID that is configured using the NAS IP to communicate with the RADIUS server.

Configuring Gemalto Protiva

Protiva is a strong authentication platform that Gemalto developed to use the strengths of Gemalto’s smart card authentication. With Protiva, users log on with a user name, password, and a one-time password that the Protiva device generates. Similar to RSA SecurID, the authentication request is sent to the Protiva authentication server and the server either validates or rejects the password. To configure Gemalto Protiva to be compatible with Citrix Gateway, use the following guidelines:

  • Install the Protiva server.
  • Install the Protiva SAS Agent Software, that extends the Internet Authentication Server (IAS), on a Microsoft IAS RADIUS server. Make sure you note the IP address and port number of the IAS server.
  • Configure a RADIUS authentication profile on Citrix Gateway and enter the settings of the Protiva server.

Configuring SafeWord

The SafeWord product line provides secure authentication using a token-based passcode. After the user enters the passcode, SafeWord immediately invalidates the passcode and it cannot be used again. When you configure the SafeWord server, you need the following information:

  • The IP address of Citrix Gateway. The IP address must be the same IP address that you configured in the RADIUS server client configuration. Citrix Gateway uses the internal IP address to communicate with the RADIUS server. When you configure the shared secret, use the internal IP address. If you configure two appliances for high availability, use the virtual internal IP address.
  • A shared secret.
  • The IP address and port of the SafeWord server. The default port number is 1812.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:98 次

字数:2979

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文