Wikid integration with palo Alto and windows radius server

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Wikid integration with palo Alto and windows radius server

Georgesquire
Hello,

Hoping someone can help with my new set up.

I have a palo Alto networks firewall with a globalprotect vpn configured.
Clients authenticate with this vpn through a windows radius server on the same subnet and same trust zone.
This works fine.

I have deployed a wikid virtual machine and followed setup correctly.  I can ping the wikid server from my Windows server.
I have configured radius to forward requests to wikid for 2 factor authentication.

I have ran a packet capture from the windows server to the wikid server and made an authentication request from an android device.
The radius challenge is sent to the wikid server as per set up but the wikid server returns a radius reject...


I need some assistance in getting this working so clients (android)  can first authenticate with radius and then wikid with a token.  

Any further information please ask :)

Regards,

George
Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

Nick Owen
Administrator
George:

Please see: https://www.wikidsystems.com/support/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests/.

I like running tcpdump on the server to see the requests.  Is your
user enabled on WiKID?  Sometimes they get disabled.

Also, if the tcpdump shows a different IP than is listed on the
network client page, that could be an issue.

Let me know!

nick

On Tue, Mar 22, 2016 at 5:23 PM, Georgesquire [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Hello,
>
> Hoping someone can help with my new set up.
>
> I have a palo Alto networks firewall with a globalprotect vpn configured.
> Clients authenticate with this vpn through a windows radius server on the
> same subnet and same trust zone.
> This works fine.
>
> I have deployed a wikid virtual machine and followed setup correctly.  I can
> ping the wikid server from my Windows server.
> I have configured radius to forward requests to wikid for 2 factor
> authentication.
>
> I have ran a packet capture from the windows server to the wikid server and
> made an authentication request from an android device.
> The radius challenge is sent to the wikid server as per set up but the wikid
> server returns a radius reject...
>
>
> I need some assistance in getting this working so clients (android)  can
> first authenticate with radius and then wikid with a token.
>
> Any further information please ask :)
>
> Regards,
>
> George
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Wikid-integration-with-palo-Alto-and-windows-radius-server-tp7575223.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

Georgesquire

Hi nick,

Many thanks for your very fast reply! 
One of those head banging against a wall moments.
I'll be sure to check this as soon as possible and update you.

Thanks,

George

Sent from my Sony Xperia™ smartphone



---- Nick Owen [via WiKID Strong Authentication Forums] wrote ----

George:

Please see: https://www.wikidsystems.com/support/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests/.

I like running tcpdump on the server to see the requests.  Is your
user enabled on WiKID?  Sometimes they get disabled.

Also, if the tcpdump shows a different IP than is listed on the
network client page, that could be an issue.

Let me know!

nick

On Tue, Mar 22, 2016 at 5:23 PM, Georgesquire [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Hello,
>
> Hoping someone can help with my new set up.
>
> I have a palo Alto networks firewall with a globalprotect vpn configured.
> Clients authenticate with this vpn through a windows radius server on the
> same subnet and same trust zone.
> This works fine.
>
> I have deployed a wikid virtual machine and followed setup correctly.  I can
> ping the wikid server from my Windows server.
> I have configured radius to forward requests to wikid for 2 factor
> authentication.
>
> I have ran a packet capture from the windows server to the wikid server and
> made an authentication request from an android device.
> The radius challenge is sent to the wikid server as per set up but the wikid
> server returns a radius reject...
>
>
> I need some assistance in getting this working so clients (android)  can
> first authenticate with radius and then wikid with a token.
>
> Any further information please ask :)
>
> Regards,
>
> George
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Wikid-integration-with-palo-Alto-and-windows-radius-server-tp7575223.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP



To unsubscribe from Wikid integration with palo Alto and windows radius server, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

georgesquire
In reply to this post by Nick Owen
Hi Nick,

Still having trouble setting this up.....

Please see the TCP Dump -

10:45:44.646210 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 105)
    10.0.0.1.46883 > 10.0.0.2.radius: [udp sum ok] RADIUS, length: 77
        Access Request (1), id: 0xe6, Authenticator: 4883206b07e2bedda6c081f69cc073a8
          Username Attribute (1), length: 16, Value: squire\gsquire
            0x0000:  7371 7569 7265 5c67 7371 7569 7265
          Password Attribute (2), length: 18, Value:
            0x0000:  574b cc30 25ef 92d7 0e1f a608 5227 c077
          NAS ID Attribute (32), length: 17, Value: AD-local-RADIUS
            0x0000:  4144 2d6c 6f63 616c 2d52 4144 4955 53
          NAS IP Address Attribute (4), length: 6, Value: 192.168.0.69
            0x0000:  c0a8 0045
10:45:44.646657 IP (tos 0x0, ttl 128, id 757, offset 0, flags [none], proto UDP (17), length 145)
    10.0.0.2.51349 > squire.local.radius: [udp sum ok] RADIUS, length: 117
        Access Request (1), id: 0x04, Authenticator: 4883206b07e2bedda6c081f69cc073a8
          Username Attribute (1), length: 16, Value: squire\gsquire
            0x0000:  7371 7569 7265 5c67 7371 7569 7265
          Password Attribute (2), length: 18, Value:
            0x0000:  574b cc30 25ef 92d7 0e1f a608 5227 c077
          NAS ID Attribute (32), length: 17, Value: AD-local-RADIUS
            0x0000:  4144 2d6c 6f63 616c 2d52 4144 4955 53
          NAS IP Address Attribute (4), length: 6, Value: 192.168.0.69
            0x0000:  c0a8 0045
          Proxy State Attribute (33), length: 22, Value: .▒
            0x0000:  fe80 0000 0000 0000 0c04 c127 baae 3322
            0x0010:  0000 0045
          Message Authentication Attribute (80), length: 18, Value: &.A..'.K...Y....
            0x0000:  26e6 418f f927 9e4b c612 ca59 e4f0 0e9d
10:45:44.653649 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 88)
    squire.local.radius > 10.0.0.2.51349: [bad udp cksum bcb5!] RADIUS, length: 60
        Access Reject (3), id: 0x04, Authenticator: 3b691a4f581f0d43d6c8c0d2c503fd4f
          Message Authentication Attribute (80), length: 18, Value: 6.c..I._.R...t..
            0x0000:  36cc 63f2 ae49 915f bf52 829b 1774 da1d
          Proxy State Attribute (33), length: 22, Value: .▒
            0x0000:  fe80 0000 0000 0000 0c04 c127 baae 3322
            0x0010:  0000 0045
10:45:44.654410 IP (tos 0x0, ttl 128, id 759, offset 0, flags [DF], proto UDP (17), length 48)
    10.0.0.2.radius > 10.0.0.1.46883: [udp sum ok] RADIUS, length: 20
        Access Reject (3), id: 0xe6, Authenticator: 074ba640b7f6046bd1c0af43557bfac1

-----

10.0.0.1 is the interface on my Palo Alto sending RADIUS auth request to my Windows server.
10.0.0.2 is my RADIUS Windows server
10.0.0.69 is my WiKID server
Squire.local is my domain
squire\gsquire is my username.

User is showing on WiKID.

Please see WiKID logs:

2016-03-23 10:45:44.653 INFO com.wikidsystems.radius.log.DBSvrLogImpl <4> Access-Request(1) LEN=117 10.0.0.2:51349 Access-Request by squire\gsquire Failed: AccessRejectException: Access Denied
2016-03-23 10:45:44.653 INFO com.wikidsystems.radius.access.WikidAccess4 Access denied for squire\gsquire, domain code: 010000000069 client: /10.0.0.2
2016-03-23 10:45:44.649 INFO com.wikidsystems.radius.access.WikidAccess4 Passcode is not a number.
2016-03-23 10:41:01.299 INFO com.wikidsystems.radius.log.DBSvrLogImpl <3> Access-Request(1) LEN=117 10.0.0.2:51349 Access-Request by squire\gsquire Failed: AccessRejectException: Access Denied

I'm certainly missing something!

My Network Client configuration on WiKID is set to 10.0.0.2 (RADIUS Server) with domain = squire.local
No return attributes have yet been set.

I would like the WiKID server to then ask my client devices for a pin which I can generate from the Android app or a windows machine with token software. I am not getting this far.
Currently I am using squire\gsquire as username and my LDAP password.

Any ideas? :)

Many thanks,

George

Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

Nick Owen
Administrator

Passcode is not a number means just that. It should be a 6 digit #.  Is the shared secret correct?

On Mar 23, 2016 6:51 AM, "georgesquire [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Hi Nick,

Still having trouble setting this up.....

Please see the TCP Dump -

10:45:44.646210 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 105)
    10.0.0.1.46883 > 10.0.0.2.radius: [udp sum ok] RADIUS, length: 77
        Access Request (1), id: 0xe6, Authenticator: 4883206b07e2bedda6c081f69cc073a8
          Username Attribute (1), length: 16, Value: squire\gsquire
            0x0000:  7371 7569 7265 5c67 7371 7569 7265
          Password Attribute (2), length: 18, Value:
            0x0000:  574b cc30 25ef 92d7 0e1f a608 5227 c077
          NAS ID Attribute (32), length: 17, Value: AD-local-RADIUS
            0x0000:  4144 2d6c 6f63 616c 2d52 4144 4955 53
          NAS IP Address Attribute (4), length: 6, Value: 192.168.0.69
            0x0000:  c0a8 0045
10:45:44.646657 IP (tos 0x0, ttl 128, id 757, offset 0, flags [none], proto UDP (17), length 145)
    10.0.0.2.51349 > squire.local.radius: [udp sum ok] RADIUS, length: 117
        Access Request (1), id: 0x04, Authenticator: 4883206b07e2bedda6c081f69cc073a8
          Username Attribute (1), length: 16, Value: squire\gsquire
            0x0000:  7371 7569 7265 5c67 7371 7569 7265
          Password Attribute (2), length: 18, Value:
            0x0000:  574b cc30 25ef 92d7 0e1f a608 5227 c077
          NAS ID Attribute (32), length: 17, Value: AD-local-RADIUS
            0x0000:  4144 2d6c 6f63 616c 2d52 4144 4955 53
          NAS IP Address Attribute (4), length: 6, Value: 192.168.0.69
            0x0000:  c0a8 0045
          Proxy State Attribute (33), length: 22, Value: .▒
            0x0000:  fe80 0000 0000 0000 0c04 c127 baae 3322
            0x0010:  0000 0045
          Message Authentication Attribute (80), length: 18, Value: &.A..'.K...Y....
            0x0000:  26e6 418f f927 9e4b c612 ca59 e4f0 0e9d
10:45:44.653649 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 88)
    squire.local.radius > 10.0.0.2.51349: [bad udp cksum bcb5!] RADIUS, length: 60
        Access Reject (3), id: 0x04, Authenticator: 3b691a4f581f0d43d6c8c0d2c503fd4f
          Message Authentication Attribute (80), length: 18, Value: 6.c..I._.R...t..
            0x0000:  36cc 63f2 ae49 915f bf52 829b 1774 da1d
          Proxy State Attribute (33), length: 22, Value: .▒
            0x0000:  fe80 0000 0000 0000 0c04 c127 baae 3322
            0x0010:  0000 0045
10:45:44.654410 IP (tos 0x0, ttl 128, id 759, offset 0, flags [DF], proto UDP (17), length 48)
    10.0.0.2.radius > 10.0.0.1.46883: [udp sum ok] RADIUS, length: 20
        Access Reject (3), id: 0xe6, Authenticator: 074ba640b7f6046bd1c0af43557bfac1

-----

10.0.0.1 is the interface on my Palo Alto sending RADIUS auth request to my Windows server.
10.0.0.2 is my RADIUS Windows server
10.0.0.69 is my WiKID server
Squire.local is my domain
squire\gsquire is my username.

User is showing on WiKID.

Please see WiKID logs:

2016-03-23 10:45:44.653 INFO com.wikidsystems.radius.log.DBSvrLogImpl <4> Access-Request(1) LEN=117 10.0.0.2:51349 Access-Request by squire\gsquire Failed: AccessRejectException: Access Denied
2016-03-23 10:45:44.653 INFO com.wikidsystems.radius.access.WikidAccess4 Access denied for squire\gsquire, domain code: 010000000069 client: /10.0.0.2
2016-03-23 10:45:44.649 INFO com.wikidsystems.radius.access.WikidAccess4 Passcode is not a number.
2016-03-23 10:41:01.299 INFO com.wikidsystems.radius.log.DBSvrLogImpl <3> Access-Request(1) LEN=117 10.0.0.2:51349 Access-Request by squire\gsquire Failed: AccessRejectException: Access Denied

I'm certainly missing something!

My Network Client configuration on WiKID is set to 10.0.0.2 (RADIUS Server) with domain = squire.local
No return attributes have yet been set.

I would like the WiKID server to then ask my client devices for a pin which I can generate from the Android app or a windows machine with token software. I am not getting this far.
Currently I am using squire\gsquire as username and my LDAP password.

Any ideas? :)

Many thanks,

George




To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

Nick Owen
Administrator
In reply to this post by georgesquire
And you are logging in with the username and OTP, right?

On Wed, Mar 23, 2016 at 7:00 AM, Nick Owen <[hidden email]> wrote:

> Passcode is not a number means just that. It should be a 6 digit #.  Is the
> shared secret correct?
>
> On Mar 23, 2016 6:51 AM, "georgesquire [via WiKID Strong Authentication
> Forums]" <[hidden email]> wrote:
>>
>> Hi Nick,
>>
>> Still having trouble setting this up.....
>>
>> Please see the TCP Dump -
>>
>> 10:45:44.646210 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP
>> (17), length 105)
>>     10.0.0.1.46883 > 10.0.0.2.radius: [udp sum ok] RADIUS, length: 77
>>         Access Request (1), id: 0xe6, Authenticator:
>> 4883206b07e2bedda6c081f69cc073a8
>>           Username Attribute (1), length: 16, Value: squire\gsquire
>>             0x0000:  7371 7569 7265 5c67 7371 7569 7265
>>           Password Attribute (2), length: 18, Value:
>>             0x0000:  574b cc30 25ef 92d7 0e1f a608 5227 c077
>>           NAS ID Attribute (32), length: 17, Value: AD-local-RADIUS
>>             0x0000:  4144 2d6c 6f63 616c 2d52 4144 4955 53
>>           NAS IP Address Attribute (4), length: 6, Value: 192.168.0.69
>>             0x0000:  c0a8 0045
>> 10:45:44.646657 IP (tos 0x0, ttl 128, id 757, offset 0, flags [none],
>> proto UDP (17), length 145)
>>     10.0.0.2.51349 > squire.local.radius: [udp sum ok] RADIUS, length: 117
>>         Access Request (1), id: 0x04, Authenticator:
>> 4883206b07e2bedda6c081f69cc073a8
>>           Username Attribute (1), length: 16, Value: squire\gsquire
>>             0x0000:  7371 7569 7265 5c67 7371 7569 7265
>>           Password Attribute (2), length: 18, Value:
>>             0x0000:  574b cc30 25ef 92d7 0e1f a608 5227 c077
>>           NAS ID Attribute (32), length: 17, Value: AD-local-RADIUS
>>             0x0000:  4144 2d6c 6f63 616c 2d52 4144 4955 53
>>           NAS IP Address Attribute (4), length: 6, Value: 192.168.0.69
>>             0x0000:  c0a8 0045
>>           Proxy State Attribute (33), length: 22, Value: .▒
>>             0x0000:  fe80 0000 0000 0000 0c04 c127 baae 3322
>>             0x0010:  0000 0045
>>           Message Authentication Attribute (80), length: 18, Value:
>> &.A..'.K...Y....
>>             0x0000:  26e6 418f f927 9e4b c612 ca59 e4f0 0e9d
>> 10:45:44.653649 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP
>> (17), length 88)
>>     squire.local.radius > 10.0.0.2.51349: [bad udp cksum bcb5!] RADIUS,
>> length: 60
>>         Access Reject (3), id: 0x04, Authenticator:
>> 3b691a4f581f0d43d6c8c0d2c503fd4f
>>           Message Authentication Attribute (80), length: 18, Value:
>> 6.c..I._.R...t..
>>             0x0000:  36cc 63f2 ae49 915f bf52 829b 1774 da1d
>>           Proxy State Attribute (33), length: 22, Value: .▒
>>             0x0000:  fe80 0000 0000 0000 0c04 c127 baae 3322
>>             0x0010:  0000 0045
>> 10:45:44.654410 IP (tos 0x0, ttl 128, id 759, offset 0, flags [DF], proto
>> UDP (17), length 48)
>>     10.0.0.2.radius > 10.0.0.1.46883: [udp sum ok] RADIUS, length: 20
>>         Access Reject (3), id: 0xe6, Authenticator:
>> 074ba640b7f6046bd1c0af43557bfac1
>>
>> -----
>>
>> 10.0.0.1 is the interface on my Palo Alto sending RADIUS auth request to
>> my Windows server.
>> 10.0.0.2 is my RADIUS Windows server
>> 10.0.0.69 is my WiKID server
>> Squire.local is my domain
>> squire\gsquire is my username.
>>
>> User is showing on WiKID.
>>
>> Please see WiKID logs:
>>
>> 2016-03-23 10:45:44.653 INFO com.wikidsystems.radius.log.DBSvrLogImpl <4>
>> Access-Request(1) LEN=117 10.0.0.2:51349 Access-Request by squire\gsquire
>> Failed: AccessRejectException: Access Denied
>> 2016-03-23 10:45:44.653 INFO com.wikidsystems.radius.access.WikidAccess4
>> Access denied for squire\gsquire, domain code: 010000000069 client:
>> /10.0.0.2
>> 2016-03-23 10:45:44.649 INFO com.wikidsystems.radius.access.WikidAccess4
>> Passcode is not a number.
>> 2016-03-23 10:41:01.299 INFO com.wikidsystems.radius.log.DBSvrLogImpl <3>
>> Access-Request(1) LEN=117 10.0.0.2:51349 Access-Request by squire\gsquire
>> Failed: AccessRejectException: Access Denied
>>
>> I'm certainly missing something!
>>
>> My Network Client configuration on WiKID is set to 10.0.0.2 (RADIUS
>> Server) with domain = squire.local
>> No return attributes have yet been set.
>>
>> I would like the WiKID server to then ask my client devices for a pin
>> which I can generate from the Android app or a windows machine with token
>> software. I am not getting this far.
>> Currently I am using squire\gsquire as username and my LDAP password.
>>
>> Any ideas? :)
>>
>> Many thanks,
>>
>> George
>>
>>
>>
>> ________________________________
>> If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Wikid-integration-with-palo-Alto-and-windows-radius-server-tp7575223p7575226.html
>> To start a new topic under Support, email
>> [hidden email]
>> To unsubscribe from WiKID Strong Authentication Forums, click here.
>> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

georgesquire
Hi Nick,

I have managed to finally get an auth success!

I have configured the domain to be a public IP so I can VPN over 4G.

The auth requests get forwarded by RADIUS to WIKID and I log in fine with my OTP.

Now my problem is adding the 2nd factor authentication.

I would like my client device to be prompted for RADIUS / LDAP credentials and then the PIN or PIN then LDAP credentials. My guess is that this needs to be configured on the RADIUS server?
Or maybe with a return attribute setting on the WIKID server?

Thoughts?

Many thanks for your help so far :)

George
Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

Nick Owen
Administrator
I think you have two-factor authentication!

Unlike google authenticator and other TOTP or push OTP systems, WiKID
is true two-factor authentication represented in the passcode.  The
user must have knowledge of the PIN and possession of the private key
embedded in the token to get the OTP from your WiKID server.    NPS
can perform authorization using the username, it does not user the AD
password.  You just set the Network Policy condition to be a group
membership.

You might be able to get your Palo Alto vpn to ping AD with the user's
AD creds and then WiKID with the username/OTP, but it seems like extra
work for you and your users and I would argue that it is best to not
use AD passwords outside of the LAN.

Does that make sense?

On Wed, Mar 23, 2016 at 10:11 AM, georgesquire [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Hi Nick,
>
> I have managed to finally get an auth success!
>
> I have configured the domain to be a public IP so I can VPN over 4G.
>
> The auth requests get forwarded by RADIUS to WIKID and I log in fine with my
> OTP.
>
> Now my problem is adding the 2nd factor authentication.
>
> I would like my client device to be prompted for RADIUS / LDAP credentials
> and then the PIN or PIN then LDAP credentials. My guess is that this needs
> to be configured on the RADIUS server?
> Or maybe with a return attribute setting on the WIKID server?
>
> Thoughts?
>
> Many thanks for your help so far :)
>
> George
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Wikid-integration-with-palo-Alto-and-windows-radius-server-tp7575223p7575229.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

georgesquire
Hi Nick,

Brilliant :)

We can call this resolved.

My main reason for this set up was to replicate a user issue whereby Android users where unable to connect using the VPN due to the RADIUS State attribute being modified for an unknown reason whilst using 2 factor auth.
IOS / Windows where fine.
  So for me the AD credentials where needed for the lab.

Either way I'm happy with where I am at the minute and can work the rest out :)

Many thanks for your help Nick.

George
Reply | Threaded
Open this post in threaded view
|

Re: Wikid integration with palo Alto and windows radius server

Nick Owen
Administrator
Great!  Let us know what you need.

On Wed, Mar 23, 2016 at 11:00 AM, georgesquire [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Hi Nick,
>
> Brilliant :)
>
> We can call this resolved.
>
> My main reason for this set up was to replicate a user issue whereby Android
> users where unable to connect using the VPN due to the RADIUS State
> attribute being modified for an unknown reason whilst using 2 factor auth.
> IOS / Windows where fine.
>   So for me the AD credentials where needed for the lab.
>
> Either way I'm happy with where I am at the minute and can work the rest out
> :)
>
> Many thanks for your help Nick.
>
> George
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Wikid-integration-with-palo-Alto-and-windows-radius-server-tp7575223p7575231.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP