Primary authentication 编辑
You can configure authentication servers such as RADIUS or TACACS+ to authenticate remote users logging on to Citrix SD-WAN Center. Primary authentication is the first authenticating factor for remote users when two-factor authentication is enabled. For more information, see Two-factor authentication.
Note
Ensure that user accounts are created on the required authentication servers.
RADIUS authentication server
To use RADIUS authentication, you must specify and configure at least one RADIUS server. Optionally, you configure redundant backup servers, up to a maximum of three RADIUS servers. The servers are checked sequentially, starting with the server listed first in the Servers section. Ensure that the required user accounts are created on the RADIUS authentication server.
To enable and configure RADIUS authentication:
In the Citrix SD-WAN Center web interface, navigate to Administration > User/Authentication Settings.
In the Primary Authentication > RADIUS Authentication section, select the Enable RADIUS Authentication check box.
Note
If TACACS+ authentication is already enabled, it gets disabled.
In the Timeout field, enter the time interval (in seconds) to wait for an authentication response from the RADIUS server.
The timeout value should be less than or equal to 10 seconds.
In the Server Key field, enter a secret key to use when connecting to the RADIUS servers.
In the Confirm Server Key fields, reenter the secret key.
Note
The Timeout and Server Key settings are applied to all configured servers.
Select Enable Two-factor, to enable two-factor authentication.
Note
The Enable Two-factor option appears only when the secondary authentication server is configured.
Configure a secondary authentication server, either RADIUS, or TACAS+. For more information, see Secondary authentication.
Click the plus icon (+) next to Servers to add a RADIUS server.
In the IP Address field, enter the host IP address for the RADIUS server.
In the Port field, enter the port number for RADIUS server. The default port number is 1812.
Click Apply.
Click Verify to verify the connection to the RADIUS server. The Verify RADIUS Server Settings dialog box appears.
Enter a valid username and password for the authentication servers, and click Verify.
To configure more servers, repeat the steps 7 through 12.
TACACS+ authentication server
To use TACACS+, you must specify and configure at least one TACACS+ server. Optionally, you configure redundant backup servers, up to a maximum of three TACACS+ servers. The servers are checked sequentially, starting with the server listed first in the Servers section. Ensure that the required user accounts are created on the TACACS+ authentication server.
To enable and configure TACACS+ authentication:
In the Citrix SD-WAN Center web interface, navigate to Administration > User/Authentication Settings.
In the Primary Authentication > TACACS+ Authentication section, select the Enable TACACS+ Authenticationcheck box.
Note
If RADIUS authentication is already enabled, it gets disabled.
In the Timeout field, enter the time interval (in seconds) to wait for an authentication response from the TACACS+ server.
The timeout value should be less than or equal to 10 seconds.
In the Authentication Type field, select the encryption method to use to send the username and password to the TACACS+ server.
In the Server Key field, enter a secret key to use when connecting to the TACACS+ servers.
In the Confirm Server Key fields, reenter the secret key.
Note
The Timeout, Authentication Type, and Server Key settings are applied to all the configured servers.
Select Enable Two-factor, to enable two-factor authentication.
Note
The Enable Two-factor option appears only when the secondary authentication server is configured.
Configure a secondary authentication server, either RADIUS, or TACAS+. For more information, see Secondary authentication.
Click the plus icon (+) next to Servers to add a TACACS+ server.
In the IP Address field, enter the host IP address for the TACACS+ server.
In the Port field, enter the port number for TACACS+ server. The default port number is 49.
Click Apply.
Click Verify to verify the connection to the RADIUS server. The Verify TACACS+ Server Settings dialog box appears.
Enter a valid username and password for the authentication servers, and click Verify.
To configure more servers, repeat the steps 8 through 13.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论