Trying again to set up RADIUS auth on UAG 3.0 appliances (previously trying on 2.9 UAGs). We have working basic UAG ini files where we can enable RADIUS on the underlying Windows servers and everything works the way we'd like.
When we use the Windows servers to do RADIUS auth, we check this box and it's great - users enter their AD creds, are prompted for their token, and get right in to their desktop(s).
In deploying UAGs anew today and trying (again) to leverage the UAGs for RADIUS, I have the following settings in my .ini files:
[Horizon]
<snip the tunnel and blast stuff here>
authMethods=radius-auth && sp-auth
matchWindowsUserName=true
windowsSSOEnabled=true
[RADIUSAuth]
hostName=10.xx.xx.xx
authType=PAP
authPort=1812
radiusDisplayHint=ENT
Users are prompted for their AD creds, enter their token info, and then are re-prompted for their AD creds.
Should the UAG's pass the user's creds through to the Windows servers and not re-prompt for those creds before letting people in?