Radius OTP

Discussion in 'Parallels Remote Application Server' started by TouficS, Jul 29, 2017.

  1. TouficS

    TouficS Bit poster

    We are trying to implement OTP using Radius. No valuable information was found up till now on how it works in a real world scenario.
    We checked with support, they sent us useless documentation which are found on parallels website.
    Did anyone try to implement OTP using Radius?
    First thing we noticed is that RAS does not contact the radius until you provide it with OTP code. I believe that this issue defeats the OTP purpose. You need first to identify the user in order to issue the OTP. Parallels RAS is considering that you already have the OTP code. Is it possible to change that behavior?
    Any detailed info on how this functions will be much welcomed.
    Thank you.
  2. RichardS14

    RichardS14 Bit poster

    It works with Radius. The OTP dialog comes up sometimes before the password authentication. The username is preconfigured in the client.
    I don't think it matters which order the OTP token and the password are presented in, as the username has been configured in the client. There is no assumption that either method supersedes the other. They are different channels for authentication.

    The main thing is that you get it working for the first method (windows domain) and test that. Then you can add the second method on the next tab, after setting up your Radius based token and testing it. It might be important to consider the format of the username. It probably should include the NETBIOS domain in your Radius
    authentication system, say, if your OTP system is not integrated with your domain. Parallels may be sending the username and the domain.

Share This Page