« Back to docs

Setting up RADIUS authentication

If you have a Professional or Enterprise subscription, you can augment system authentication with RADIUS authentication. This means that connecting VNC Viewer users must first provide the credentials they usually use to log on to their user account. Then, they enter a TOTP code or other credential, and/or perform one or more authorization operations, mandated by a RADIUS server.

Note

If your RADIUS server gives you the number of authentication factors you need, you can specify RADIUS authentication on its own using a custom scheme.

_images/VNC_Server_Options_Dialog_Radius_Authentication.png

Note the following requirements:

  • The VNC Server computer must be set up to communicate with a RADIUS server. RSA SecurID, Duo and FreeRADIUS are currently supported, but VNC Server should be compatible with any identity management provider implementing the RADIUS protocol.
  • Each prospective VNC Viewer user must be registered with the identity management provider, identified by user account name.
  • The user account of each prospective VNC Viewer user must be registered with VNC Server, and suitable session permissions assigned.

Setting up the VNC Server computer

Perform the following steps:

  1. Specify this authentication scheme, either by:

    • Selecting the <Platform> password + RADIUS authentication option from the Authentication dropdown.
    • Setting the VNC Server Authentication parameter.
  2. Set up VNC Server to communicate with your RADIUS server by completing the Set up VNC Server for RADIUS dialog:

    _images/VNC_Server_Options_Dialog_Radius_Authentication_Setup.png

    Note

    If users encounter problems connecting, try changing the Authentication protocol to PAP.

    Alternatively, set the RadiusServer parameter (and potentially other Radius* parameters).

  3. Register the user accounts of all prospective VNC Viewer users with VNC Server, either by:

    Note prior configuration is required to register domain accounts under Linux. You may also need to qualify user names with the domain name, for example DEV.ACMECORP.COM\johndoe.

×