Versions Compared

Old Version 3

changes.mady.by.user Paul Ruvin

Saved on

compared with

New Version 4

changes.mady.by.user Paul Ruvin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In On the DualShield authentication server Authentication Server, we need to create a RADIUS application which that will be used for the two-factor authentication in NetMotion Mobility XE. An application in DualShield needs a logon procedure which that defines how users will be authenticated when they attempt to logon log on to the application.


Add a Logon Procedure:

Section
bordertrue


Column

Log on to the DualShield Administration Console and go to Authentication>Logon Procedure 


Column
width60%


Panel
borderColor#9EBEE5
bgColor#FFFFFF
borderWidth1px

Image Added



Click on Image Added on the top right.

Section
bordertrue


Column

In the new Logon Procedure window, please enter the following information:

OptionValue
Name:Enter a friendly name
Type:Radius

Click: Save


Column
width60%



Panel
borderColor#9EBEE5
bgColor#FFFFFF
borderWidth1px

Image Added



Add Logon Steps






Table of Contents

Create a Logon Procedure

  1. Login to the DualShield Management Console
  2. In the main menu, select “Authentication | Logon procedure”
  3. Click the “Create” button on the toolbar
  4. Enter “Name” and select “RADIUS” as the type



  5. Click “Save”
  6. Click the Context Menu icon of the newly create logon procedure, select “Logon Steps”
  7. In the popup windows, click the “Create” button on the toolbar
  8. Select the “Static Password” as the authenticator



  9. Click "Save"

Create a Application 

  1. In the main menu, select “Authentication | Applications”
  2. Click the “Create” button on the toolbar
  3. Enter “Name”
  4. Select “Realm”
  5. Select the logon procedure that was just created



  6. Click “Save”
  7. Click the context menu of the newly created application, select “Agent”



  8. Select the DualShield Radius server, e.g. ”Local Radius Server”
  9. Click “Save”
  10. Click the context menu of the newly created application, select “Self Test”

Certificates Configuration

As the authentication protocol between NetMotion server and DualShield Radius server is Radius and the method is EAP/PEAP, we need a SSL server certificate for the DualShield Radius server.

...

Expand
titleCreate a Self-Signed Certificate

Certificate Authority 

  1. In main menu, select “Repository | Certificate Management | Certificate Authority”
  2. Click “Create” in the toolbar
  3. Fill in the form



  4. Click "Save"

SSL Certificate 

To create a SSL certificate,

  1. In main menu, select “Repository | Certificate Management | Server Certificates”

  2. Click “Create” in the toolbar

  3. Select the CA created in the previous step
  4. Fill in the form
  5. Click “Save” 

Register Radius Client 

We need to register NetMotion server as a Radius client in DualShield

  1. In the main menu, select “RADIUS | Clients”
  2. Click the “Register” button on the toolbar



  3. Select the application that was created in the previous steps
  4. Enter NetMotion Server’s IP in the IP address
  5. Enter the Shared Secret which will be used later in the NetMotion Server.
  6. Click “Save”

Configure Radius Server

  1. In the main menu, select “RADIUS | Server”
  2. Click the context menu of the Radius Server, select “EAP options”
  3. Select the “General” tab. In the "Default EAP Type" box select "PEAP"



  4. Select the "TLS" tab. In the "Server Certificate" box select the SSL certificate to be used as the RADIUS server certificate. The SSL server certificate must include its private key. If device authentication is required then in the "Trusted Certificate Authorities" box you must also provide the CA certificates that were used to issue the client certificate, otherwise you can leave it empty.



  5. Select the "PEAP" tab. In the "Default Inner EAP Type" box select "GTC"



  6. Select the "GTC" tab. In the "Default Challenge" box leave it be "Password:"



  7. Click "Save"