Setting up RADIUS Authentication

Follow

If you have a Professional or Enterprise subscription, you can augment system authentication with RADIUS authentication. This means that connecting VNC Viewer users must first provide the credentials they usually use to log on to their user account. Then, they enter a TOTP code or other credential, and/or perform one or more authorization operations, mandated by a RADIUS server.

*If your RADIUS server gives you the number of authentication factors you need, you can specify RADIUS authentication on its own using a custom scheme.

VNC_Server_Options_Dialog_Radius_Authentication.png

Note the following requirements:

  • The VNC Server computer must be set up to communicate with a RADIUS server. RSA SecurID, Duo and FreeRADIUS are currently supported, but VNC Server should be compatible with any identity management provider implementing the RADIUS protocol.
  • Each prospective VNC Viewer user must be registered with the identity management provider, identified by user account name.
  • The user account of each prospective VNC Viewer user must be registered with VNC Server, and suitable session permissions assigned.

Setting up the VNC Server computer

Perform the following steps:

  1. Specify this authentication scheme, either by:

    • Opening VNC Server’s Options > Security page and selecting <platform> password + RADIUS authentication from the Authentication dropdown.
    • Setting the VNC Server Authentication parameter.
  2. Set up VNC Server to communicate with your RADIUS server by completing the Set up VNC Server for RADIUS dialog (below), or alternatively by setting the VNC Server RadiusServer parameter (and potentially other Radius* parameters).
    VNC_Server_Options_Dialog_Radius_Authentication_Setup.png *If connecting users encounter problems, try changing the Authentication protocol to PAP.

  3. Register the user accounts of all prospective VNC Viewer users with VNC Server, either by:

    Note prior configuration is required to register domain accounts under Linux. You may also need to qualify user names with the domain name, for example DEV.ACMECORP.COM\johndoe.

Was this article helpful?
7 out of 9 found this helpful

Comments

0 comments

Article is closed for comments.