Different login seqence on Parallels client on mac relative to Windows client when using Radius

Discussion in 'Parallels Client for Mac' started by Michielv1, Apr 10, 2017.

  1. Michielv1

    Michielv1 Junior Member

    Messages:
    13
    Hi,

    I have a question about using Radius in combination with the Parallels client on a mac:
    When I login on to my RAS Server on a Windows machine then first I type a username and password en second the one time password (OTP). After that I connect to my Remote Desktop Application.
    When I use the client on my mac then it asks first for the OTP password and then it asks only the password of my useraccount, The username I must save in the client or it won't work.
    Is there a reason that it works differently on the mac? And can this be changed so it works the same as Windows?

    Kind regards,
    David Bot
     
  2. Alexey Kutuzov

    Alexey Kutuzov Parallels Team

    Messages:
    83
    Hi David,
    From the server point of view the first is always 2nd level auth then AD. This protects AD from attacks. Password prompt is mandatory to start the session but the password is not sent unless 2nd level auth is not complete.
    There is one place when AD password is used before 2nd level auth. It happens when the user creates the OTP for Deepnet and in this case the first auth requires AD only. If AD credentials are valid then an OTP token is created. After that normal way takes place where 2nd level auth is the first then AD.

    Best Regards,
    Alexey Kutuzov
     
  3. Michielv1

    Michielv1 Junior Member

    Messages:
    13
    Hi Alexey,

    I understand what you are saying and this may sound logical. But in our environment every client (Parallels for Windows or HTML5) logs first with their AD credentials and after that I get the OTP screen. Even when I use HTML5 on the Mac, I also get first the AD Creds and then OTP. Only when I use the Parallels client on the Mac then it works the other way.
    So there is a difference when we use Mac OS . I am wondering why and can I change the sequence? (We use PrivacyIDEA as 2FA Solution)

    Kind regards,
    David Bot
     
  4. Alexey Kutuzov

    Alexey Kutuzov Parallels Team

    Messages:
    83
    Hi David,
    We will align Mac OS Client behaviour with other clients in one of the upcoming releases.

    Thank you,
    Alexey
     
  5. Michielv1

    Michielv1 Junior Member

    Messages:
    13
    Dear Alexey,

    Last we updated to the latest client 16.283 but the login sequence is still the same on the mac.
    Any news on which update this will be changed?
     

Share This Page