Use RADIUS authentication with Remote Desktop Services

rdp windows-terminal-services radius
9,516

The only way I can think to do this easily is by using a Remote Desktop Gateway. The call to the gateway can then go to a Network Policy Server (NPS) which can issue remote RADIUS calls. I don't know of any way to issue RADIUS requests for direct Remote Desktop Access since at that point you have already gottent to the client and the client follows its normal authentication route.

With the Remote Desktop Gateway you essentially setup a RDP over HTTPS environment and the server does the first pass authentication which can include RADIUS calls. It essentially offloads the authentication and authorization to either a local or central NPS box. You can easily configure the NPS box to look to your custom RADIUS box. Once past the server the client still has to authenticate with the client but the idea is that the server already did your two-factor authentication, the client is really just a formality at that point.

Hope that helps.

Share:
9,516

Related videos on Youtube

tacos_tacos_tacos
Author by

tacos_tacos_tacos

Updated on September 18, 2022

Comments

  • tacos_tacos_tacos
    tacos_tacos_tacos over 1 year

    I have a PhoneFactor implementation that I love and cherish for VPN access. PhoneFactor provides us a RADIUS server that checks against an approved-users list and our Active Directory implementation, then calls to provide two-factor auth. I want to set up Remote Desktop Services in Windows Server 2008 R2 to have RDP authenticate against RADIUS rather than AD itself. Is there a way to accomplish this?

  • tacos_tacos_tacos
    tacos_tacos_tacos over 11 years
    This is what I was kind of thinking, and that helps. My only concern about RDP-over-HTTPS would be performance... do you have any personal experience with perfomance issues when switching from RDP to the RDP Gateway-based service?
  • Brent Pabst
    Brent Pabst over 11 years
    Nope. It depends on your overall connection, but since RDP traffic is typically already secure its about the same. There is some initial delay simplly because it has to hop through the gateway but none that I have found. Can't speak to adding a RADIUS box to the mix. We ran two load-balanced RDG boxes with two failover NPS boxes worked like a champ. On a single failure the traffic would all fail over within 20-30 seconds, only a brief lockup for the clients.
  • tacos_tacos_tacos
    tacos_tacos_tacos over 11 years
    I forgot the term for this, but what do you think about a method where the user has to connect to some small web app that basically does RADIUS auth and then grants them the ability to connect to the public rdp server via a firewall rule change.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How Can I Pass a Variable Parameter to A Windows RemoteApp?
Install SSL certificate for RDP on Windows 2003?
Windows Server 2008 r2: Updating RDP 6.1 to 7.1
TS Gateway support for Mac?
Binding the RDP listener to 127.0.0.1 only
Thin-client with dual-monitor support
Terminal server serial COM port redirection and USB-to-Serial adapter
RDP ts port redirection
How can I determine how much RAM and Processer each RDP session is using on a terminal server
Remote Desktop session remote control always returns Error 5: Access denied