AWS AD + NPS + WIKID

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

AWS AD + NPS + WIKID

lezampieri
Hi,

My environment:
 
·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
·         MFA WIKID box  IP 10.0.0.86

Links used:
https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/ 
https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/


I enabled the communication with AWS AD and Radius and I can get the passcode from WIKID box.

My problem is, when I try to login using MFA - WIKID it doesn't work, if I disable the MFA option I can login. I am not sure where exactly but I think that is some issue communication between RADIUS and WIKID.

As it is a POC, all networks port are opened.
Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

Nick Owen
Administrator
Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:

> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

lezampieri

I am trying to login on the AWS console like this link:

 

https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-amazon-workspaces/

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 12:47 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:


> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML




--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575396.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

Nick Owen
Administrator

On May 9, 2017 7:32 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

I am trying to login on the AWS console like this link:

 

https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-amazon-workspaces/

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 12:47 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:


> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML




--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575396.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML




If you reply to this email, your message will be added to the discussion below:
http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575397.html
To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

Nick Owen
Administrator
In reply to this post by lezampieri
It is important to see if the radius requests are reaching the WiKID server. That doc will show you how. 

On May 9, 2017 8:56 PM, "Nick Owen" <[hidden email]> wrote:

On May 9, 2017 7:32 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

I am trying to login on the AWS console like this link:

 

https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-amazon-workspaces/

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 12:47 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:


> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML




--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575396.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML




If you reply to this email, your message will be added to the discussion below:
http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575397.html
To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

lezampieri

Thanks,

 

I have tried this and now I have this error:

 

 

 

I have searched this error (21). The reason code 21 means that the request was rejected by a third-party (WIKID) extension DLL file. How can I fix it?

 

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 11:51 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

It is important to see if the radius requests are reaching the WiKID server. That doc will show you how. 

 

On May 9, 2017 8:56 PM, "Nick Owen" <[hidden email]> wrote:

I see. Please see this doc on troubleshooting radius issues: https://www.wikidsystems.com/support/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests/

 

Let me know if that helps. 

 

Nick

 

On May 9, 2017 7:32 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

I am trying to login on the AWS console like this link:

 

https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-amazon-workspaces/

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 12:47 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:


> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML




--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575396.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575397.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575399.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

Nick Owen
Administrator
The WiKID logs show that it accepted the creds. We don't use a dll on NPS either.

Check the event viewer and see if there's more helpful info. Perhaps one of the NPS policies?

On May 9, 2017 11:27 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Thanks,

 

I have tried this and now I have this error:

 

 

 

I have searched this error (21). The reason code 21 means that the request was rejected by a third-party (WIKID) extension DLL file. How can I fix it?

 

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 11:51 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

It is important to see if the radius requests are reaching the WiKID server. That doc will show you how. 

 

On May 9, 2017 8:56 PM, "Nick Owen" <[hidden email]> wrote:

I see. Please see this doc on troubleshooting radius issues: https://www.wikidsystems.com/support/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests/

 

Let me know if that helps. 

 

Nick

 

On May 9, 2017 7:32 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

I am trying to login on the AWS console like this link:

 

https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-amazon-workspaces/

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 12:47 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:


> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML




--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575396.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575397.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575399.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML




If you reply to this email, your message will be added to the discussion below:
http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575400.html
To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

lezampieri

As this is a POC, I have setup the NPS like this link https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/

 

Both policies (Connection Request Police and Network Polices) are setup like this:

 

 

The only event that I have on the event viewer when I try to login on the AWS console is this:

 

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 1:44 pm
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

The WiKID logs show that it accepted the creds. We don't use a dll on NPS either.

 

Check the event viewer and see if there's more helpful info. Perhaps one of the NPS policies?

 

On May 9, 2017 11:27 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Thanks,

 

I have tried this and now I have this error:

 

 

 

I have searched this error (21). The reason code 21 means that the request was rejected by a third-party (WIKID) extension DLL file. How can I fix it?

 

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 11:51 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

It is important to see if the radius requests are reaching the WiKID server. That doc will show you how. 

 

On May 9, 2017 8:56 PM, "Nick Owen" <[hidden email]> wrote:

I see. Please see this doc on troubleshooting radius issues: https://www.wikidsystems.com/support/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests/

 

Let me know if that helps. 

 

Nick

 

On May 9, 2017 7:32 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

I am trying to login on the AWS console like this link:

 

https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-amazon-workspaces/

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 12:47 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:


> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML




--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575396.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575397.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575399.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575400.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575401.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

lezampieri
In reply to this post by Nick Owen

Another point is:

 

Log shows that the user is accepted, but after awhile it rejects.

 

 

From: Lessandro Zampieri <[hidden email]>
Date: Wednesday, 10 May 2017 at 1:55 pm
To: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

As this is a POC, I have setup the NPS like this link https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/

 

Both policies (Connection Request Police and Network Polices) are setup like this:

 

 

The only event that I have on the event viewer when I try to login on the AWS console is this:

 

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 1:44 pm
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

The WiKID logs show that it accepted the creds. We don't use a dll on NPS either.

 

Check the event viewer and see if there's more helpful info. Perhaps one of the NPS policies?

 

On May 9, 2017 11:27 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Thanks,

 

I have tried this and now I have this error:

 

 

 

I have searched this error (21). The reason code 21 means that the request was rejected by a third-party (WIKID) extension DLL file. How can I fix it?

 

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 11:51 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

It is important to see if the radius requests are reaching the WiKID server. That doc will show you how. 

 

On May 9, 2017 8:56 PM, "Nick Owen" <[hidden email]> wrote:

I see. Please see this doc on troubleshooting radius issues: https://www.wikidsystems.com/support/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests/

 

Let me know if that helps. 

 

Nick

 

On May 9, 2017 7:32 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

I am trying to login on the AWS console like this link:

 

https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-amazon-workspaces/

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 12:47 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:


> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML




--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575396.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575397.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575399.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575400.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575401.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: AWS AD + NPS + WIKID

Nick Owen
Administrator
Huh, if the otp is getting submitted more than once, it will get rejected.

Be sure to re-enable the user, it's probably been disabled. 

Tcpdump will show you if it is getting submitted too many times. 

On May 10, 2017 12:51 AM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Another point is:

 

Log shows that the user is accepted, but after awhile it rejects.

 

 

From: Lessandro Zampieri <[hidden email]>
Date: Wednesday, 10 May 2017 at 1:55 pm
To: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

As this is a POC, I have setup the NPS like this link https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/

 

Both policies (Connection Request Police and Network Polices) are setup like this:

 

 

The only event that I have on the event viewer when I try to login on the AWS console is this:

 

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 1:44 pm
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

The WiKID logs show that it accepted the creds. We don't use a dll on NPS either.

 

Check the event viewer and see if there's more helpful info. Perhaps one of the NPS policies?

 

On May 9, 2017 11:27 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Thanks,

 

I have tried this and now I have this error:

 

 

 

I have searched this error (21). The reason code 21 means that the request was rejected by a third-party (WIKID) extension DLL file. How can I fix it?

 

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 11:51 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

It is important to see if the radius requests are reaching the WiKID server. That doc will show you how. 

 

On May 9, 2017 8:56 PM, "Nick Owen" <[hidden email]> wrote:

I see. Please see this doc on troubleshooting radius issues: https://www.wikidsystems.com/support/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests/

 

Let me know if that helps. 

 

Nick

 

On May 9, 2017 7:32 PM, "lezampieri [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

I am trying to login on the AWS console like this link:

 

https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-amazon-workspaces/

 

From: "Nick Owen [via WiKID Strong Authentication Forums]" <ml+[hidden email]>
Date: Wednesday, 10 May 2017 at 12:47 am
To: Lessandro Zampieri <[hidden email]>
Subject: Re: AWS AD + NPS + WIKID

 

Are you trying to login to Windows?  or is there a VPN involved?


On Tue, May 9, 2017 at 1:51 AM, lezampieri [via WiKID Strong
Authentication Forums] <[hidden email]> wrote:


> Hi,
>
> My environment:
>
> ·         Microsoft AD AWS Enterprise – IP 10.0.1.38, 10.0.0.29
> ·         RADIUS box Windows Server 2K12 – IP 10.0.0.157
> ·         MFA WIKID box  IP 10.0.0.86
>
> Links used:
> https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/
> https://www.wikidsystems.com/support/manual/how-to-install-the-wikid-strong-authentication-server-enterprise-edition/
>
>
> I enabled the communication with AWS AD and Radius and I can get the
> passcode from WIKID box.
>
> My problem is, when I try to login using MFA - WIKID it doesn't work, if I
> disable the MFA option I can login. I am not sure where exactly but I think
> that is some issue communication between RADIUS and WIKID.
>
> As it is a POC, all networks port are opened.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML




--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575396.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575397.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575399.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575400.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575401.html

To unsubscribe from AWS AD + NPS + WIKID, click here.
NAML




If you reply to this email, your message will be added to the discussion below:
http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AWS-AD-NPS-WIKID-tp7575395p7575403.html
To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML