NetIQ Advanced Authentication Framework - Network Policy Server (NPS) Plugin. Administrator's Guide. Version 5.1.0

Similar documents
NetIQ Advanced Authentication Framework - Password Filter. Installation Guide. Version 5.1.0

NetIQ Access Manager - Advanced Authentication Plugin. User's Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework

NetIQ Advanced Authentication Framework - Citrix XenDesktop Plugin. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Smartphone Applications

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - MacOS Client

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Quest Soft Token for Windows Phone User Guide

USING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

Integrating LANGuardian with Active Directory

Business Portal for Microsoft Dynamics GP Field Service Suite

TrueEdit Remote Connection Brief

McAfee One Time Password

McAfee Endpoint Encryption for PC 7.0

In this topic we will cover the security functionality provided with SAP Business One.

5. For Display name, Your Full Name or the name you want to appear in the from box when writing or responding to click Next

DIGIPASS Pack for Citrix on WI 4.5 does not detect a login attempt. Creation date: 28/02/2008 Last Review: 04/03/2008 Revision number: 2

Using Device Discovery

Training module 2 Installing VMware View

Configuring IBM Cognos Controller 8 to use Single Sign- On

OTP Server Integration Module

Vyapin Office 365 Management Suite

Using ELM Reports in WhatsUp Gold. This guide provides information about configuring ELM reports in WhatsUp Gold v15.0

Download and Launch Instructions for WLC Client App Program

Orthopaedics SharePoint Site: User Guide. Version: Page 1 of 19

Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy

pcanywhere Advanced Configuration Guide

Authenticating users of Cisco NCS or Cisco Prime Infrastructure against Microsoft NPS (RADIUS)

Introduction. Activating the CFR Module License. CFR Configuration

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Using Microsoft Active Directory Server and IAS Authentication

IceWarp Server. Log Analyzer. Version 10

Configuring Eduroam in Windows Vista

Using the ECM VPN with OSX devices

Security Guidelines for MapInfo Discovery 1.1

Log Analyzer Reference

Step by step guide for connecting PC to wired LAN at dormitories of University of Pardubice

Using the ECM VPN with Windows 7

for Networks Installation Guide for the application on a server September 2015 (GUIDE 2) Memory Booster version 1.3-N and later

Using RD Gateway with Azure Multifactor Authentication

Internet Explorer 7 for Windows XP: Obtaining MIT Certificates

Connection and Printer Setup Guide

How to Access Coast Wi-Fi

Configuring Outlook 2013 For IMAP Connections

SafeNet Cisco AnyConnect Client. Configuration Guide

How to connect to the diamonds wireless network with Vista.

Administration Guide. . All right reserved. For more information about Specops Password Sync and other Specops products, visit

JORAM 3.7 Administration & Monitoring Tool

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

Configuring the Active Directory Plug-in

Windows Vista: Connecting to the wireless network at Hood College

Copyright 2012 Trend Micro Incorporated. All rights reserved.

ScriptLogic File System Auditor User Guide

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

NovaBACKUP xsp Version 15.0 Upgrade Guide

Phone: Fax: Box: 230

CIFS Permissions Best Practices Nasuni Corporation Natick, MA

Changing Passwords in Cisco Unity 8.x

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

Change Advanced Proxy Server Configuration Settings

1 SIP Carriers. 1.1 Tele Warnings Vendor Contact Versions Verified Interaction Center 2015 R2 Patch

Windows PEAP-GTC Supplicant Plug-In

Microsoft Dynamics GP Release

Capture Pro Software FTP Server System Output

Configure VPN between ProSafe VPN Client Software and FVG318

Creating a User Profile for Outlook 2013

Windows Vista and Windows 7 Wireless Configuration For NCC Faculty and Staff Owned Laptops

Implementation Guide for protecting

Yubico Authenticator User's Guide

NODE4 SERVICE DESK SYSTEM

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Kaseya 2. User Guide. Version 1.1

Setting up SMTP in Talis Decisions

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7.

1. Data Domain Pre-requisites. 2. Enabling OST

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Connec ng to Northwest s WIFI with Windows 7

Management Utilities Configuration for UAC Environments

Issue 1. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Fireware How To Authentication

T his feature is add-on service available to Enterprise accounts.


Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

802.1X Client Software

Configuring Microsoft RADIUS Server and Gx000 Authentication. Configuration Notes. Revision 1.0 February 6, 2003

SETTING UP MICRSOFT OUTLOOK Sending and receiving mail through the Outlook 2013

Digipass Plug-In for IAS troubleshooting guide. Creation date: 15/03/2007 Last Review: 24/09/2007 Revision number: 3

INSTANT CONNECT SERVICE USER GUIDE

Windows Live Mail Setup Guide

Plugin Integration Guide

BlackShield ID Agent for Remote Web Workplace

Transcription:

NetIQ Advanced Authentication Framework - Network Policy Server (NPS) Plugin Administrator's Guide Version 5.1.0

Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 Fail Wrong Password Logon Policy 4 NPS Logon Method Selection 5 Troubleshooting 8 Impossible To Authenticate Using One of Methods of Authentication 8 Authentication Using OTP Has Failed 9 Index 10 2

Introduction About This Document Purpose of the Document This NPS Administrator Guide is intended for system administrators and describes the work of NetIQ Advanced Authentication Framework Network Policy Server Plugin. Document Conventions This document uses the following conventions: Warning. This sign indicates requirements or restrictions that should be observed to prevent undesirable effects. Important notes. This sign indicates important information you need to know to use the product successfully. Notes. This sign indicates supplementary information you may need in some cases. Tips. This sign indicates recommendations. Terms are italicized, e.g.: Authenticator. Names of GUI elements such as dialogs, menu items, and buttons are put in bold type, e.g.: the Logon window. 3

Fail Wrong Password Logon Policy The Fail wrong password logon policy is used in version 4.10.212 and earlier. With the Fail wrong password logonpolicy disabled NetIQ will pass the user credentials to the next authentication module in NPS which allows the user to be authenticated by other methods than NetIQ. The policy is enabled by default. If NPS plugin is installed, OATH OTP or Smartphone authentication provider are used in RADIUS authentication instead of usual domain password. If the Fail wrong password logonpolicy is enabled, NPS plugin is installed and the user has inputted domain password instead of OTP, the authentication should be successful. Both OTP and domain password will cause successful authentication. 4

NPS Logon Method Selection The NPS Logon Method Selection policy allows you to link users belonging to a specific group with the given authentication method. AD group names should be specified in the fields. Users should be included in these groups directly (group inheritance doesn't work). If the user is the member of several groups, the first group from the list will be used and the corresponding authentication method will be selected. If the user is not a member of any group, it will be required to enter the domain password during authentication. The policy is included in the NPS subfolder of the Security section which is located in Group Policy Management Editor under Computer Configuration -> Policies -> Administrative Templates: Policy definitions -> NetIQ Advanced Authentication Framework. MSCHAPv2 protocol is supported by all authentication providers except for SMS AP. SMS AP requires PAP protocol. To access policy sections, NetIQ Administrative Tools or NetIQ Group Policy Templates should be preliminary installed. The Challenge Timeout option is available starting from NetIQ Advanced Authentication Framework v4.11. It provides with a capability to specify time during which authentication with an applicable authentication provider should be confirmed. 5

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\NetIQ\NetIQ Advanced Authentication Framework NPSLogonMethodSelection: type: REG_DWORD value: 0x00000001 (1) description: 1 means that the policy is enabled ChallengeTimeout: type: REG_DWORD value: 0x0000012c (300) description: 300 displays duration of NPS logon timeout (in seconds) DomainPasswordUserGroup: type: REG_SZ value: DomainPassword description: DomainPassword displays the name of the group for which authentication with domain password will be selected OathUserGroup: 6

type: REG_SZ value: OathGroup description: OathGroup displays the name of the group for which OATH OTP authentication method will be selected OobUserGroup: type: REG_SZ value: SmartphoneGroup description: SmartphoneGroup displays the name of the group for which Smartphone authentication method will be selected SmsUserGroup: type: REG_SZ value: SMSGroup description: SMSGroup displays the name of the group for which SMS authentication method will be selected VoiceUserGroup: type: REG_SZ value: VoiceCallGroup description: VoiceCallGroup displays the name of the group for which Voice Call authentication method will be selected 7

Troubleshooting This chapter provides solutions for known issues. If you encounter any problems that are not mentioned here, please contact the support service. Impossible To Authenticate Using One of Methods of Authentication Description: Authentication using one of methods of authentication has failed. Cause: An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request. Solution: Please, try to authenticate using the correct method of authentication. If the reason of the failed authentication is another, then open Event Viewer > Windows logs> Security to find out the reason of the failed authentication. 8

Authentication Using OTP Has Failed Description: Authentication using OTP has failed. Cause: NPS plugin is not installed. Solution: Please, install NPS plugin to authenticate using OTP. 9

Index A Administrator 1, 3 Authentication 1, 3, 5, 8-9 Authenticator 3 E Event Viewer 8 L Logon 3, 5 N Network 1, 3 O OATH 4, 7 OTP 4, 9 P Password 4 Policy 5 S Security 5 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information