If you have a Professional or Enterprise subscription, you can augment system authentication with RADIUS authentication. This means that connecting VNC Viewer users must first provide the credentials they usually use to log on to their user account. Then, they enter a TOTP code or other credential, and/or perform one or more authorization operations, mandated by a RADIUS server.
*If your RADIUS server gives you the number of authentication factors you need, you can specify RADIUS authentication on its own using a custom scheme.
Note the following requirements:
- The VNC Server computer must be set up to communicate with a RADIUS server. RSA SecurID, Duo and FreeRADIUS are currently supported, but VNC Server should be compatible with any identity management provider implementing the RADIUS protocol.
- Each prospective VNC Viewer user must be registered with the identity management provider, identified by user account name.
- The user account of each prospective VNC Viewer user must be registered with VNC Server, and suitable session permissions assigned.
Setting up the VNC Server computer
Perform the following steps:
-
Specify this authentication scheme, either by:
- Opening VNC Server’s Options > Security page and selecting <platform> password + RADIUS authentication from the Authentication dropdown.
- Setting the VNC Server Authentication parameter.
-
Set up VNC Server to communicate with your RADIUS server by completing the Set up VNC Server for RADIUS dialog (below), or alternatively by setting the VNC Server
RadiusServer
parameter (and potentially otherRadius*
parameters).
*If connecting users encounter problems, try changing the Authentication protocol toPAP
. -
Register the user accounts of all prospective VNC Viewer users with VNC Server, either by:
- Opening VNC Server’s Options > Users & Permissions page and following these instructions.
- Setting the VNC Server Permissions parameter.
Note prior configuration is required to register domain accounts under Linux. You may also need to qualify user names with the domain name, for example
DEV.ACMECORP.COM\johndoe
.
Comments
Article is closed for comments.