Tips & Warnings
- After authenticating to RADIUS, the user may get another prompt if the RADIUS server responded with a supported Access Challenge. Full generic RADIUS challenge/response is not supported, but a limited access challenge for a string token code is supported.
- In the admin configuration of RADIUS authentication under Advanced Authentication, if Enforce 2-factor and Windows user name matching is ticked then the Windows login prompt after RADIUS authentication will force the username to be the same as the RADIUS username and the user will not be able to modify this. This feature is the same as with RSA SecurID authentication.
- Similarly, if Use same username and password for RADIUS and Windows authentication is ticked then the user will not be prompted for Windows credentials after RADIUS authentication if the RADIUS authentication used Windows username and password.
- This feature is used in cases where the initial RADIUS authentication uses Windows authentication which triggers an out-of-band transmission of a tokencode which is used as part of a RADIUS challenge. This then avoids the need for the user to re-enter the Windows username and password after RADIUS authentication.
- This feature will not work in Windows View clients older than 5.1.
- To disable RADIUS Accounting requests being sent from View, set Accounting port to 0. If the RADIUS server does not support accounting messages it will most likely ignore these, resulting in a delay in authentication while these messages are retried. Only set this port to a non-zero value if RADIUS accounting should be enabled and the RADIUS server supports it.
- If a Realm prefix string is specified for the authenticator, this is placed at the beginning of the username when it is sent to the RADIUS server.
- Example: If the username entered in the View Client is jdoe and a Realm prefix of DOMAIN-A\ is specified, then a username of DOMAIN-A\jdoe is sent to the RADIUS server.
- Similarly if a Realm suffix string of @mycorp.com is specified instead, then a username of firstname.lastname@example.org is sent to the RADIUS server.