From b468271894bdb840834c23946bd3b5004f0eb9ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakob=20Aar=C3=B8e=20Dam?= Date: Tue, 28 Apr 2015 15:03:30 +0200 Subject: [PATCH 1/2] Update README.md --- README.md | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index bb51fd3..6a19f90 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,23 @@ -# RDSFactor +# RDS Factor -Two-factor authentication for Remote Desktop Services (RDS) +Two-factor authentication for Remote Desktop Services (RDS). -http://www.isager.dk/is/CICRadarR/SMStokenforWindows2012RDGateway.aspx +RDS Factor consist of two components: +* A server component that talks RADIUS with RD Web and the RD Gateway +* An updated version of the RD Web pages that interacts with the RADIUS server and ask users to enter one-time passwords sent to their phone before letting them in. + +Tested on Windows 2012 R2. ## Prerequisites -An RDS setup. The minimal RDS setup for use with RDSFactor consist of two servers: +An RDS setup. There are many options for orchestrating the RDS setup; the minimal RDS setup for use with RDS Factor consist of two servers: * Active Directory; and * RDS with Gateway component enabled ## Installation -### RDWeb update -RDSfactor comes with a customized version of the RDWeb pages. To install these run: +### RD Web update +RDS factor comes with a customized version of the RD Web pages. To install these run: ``` $ install-web.bat @@ -31,7 +35,12 @@ The RADIUS server component can be installed on any server reacheable by both th $ install-server.bat ``` -TODO: NPS config, Web config +After install go and configure the server. Open the file RDSFactor/server/bin/release/conf.ini for editing. You should configure the following settings: +* LDAPDomain (IP of server to authenticate the user against and lookup phonenumber) +* ADField (LDAP attribute to use for looking the user's phonenumber) +* {client}={shared secret} should be added in the clients section + +Note that the client should be the IP of RD Web, and the shared secret must match the value of RadiusSecret in the IIS. ## Acknowledgements From 7bb1c7d84d053ce2a31b4954f3377dd34dd2f9ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakob=20Aar=C3=B8e=20Dam?= Date: Tue, 28 Apr 2015 15:06:16 +0200 Subject: [PATCH 2/2] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 6a19f90..470c1a2 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,11 @@ After install go and configure the server. Open the file RDSFactor/server/bin/re Note that the client should be the IP of RD Web, and the shared secret must match the value of RadiusSecret in the IIS. +To reload the configuration restart the RADIUS server service by running +``` +$ restart-server.bat +``` + ## Acknowledgements * Claus Isager - for the proof of concept two factor RDS authentication