A username and password are no longer enough to authenticate users. Weak or stolen user credentials are the preferred weapons used by hackers, and are behind approximately 76 percent of all network intrusions.
With Adaptive Multi-factor Authentication from SMS PASSCODE you are effectively taking the hackers preferred weapon away.
So after setting up a Radius server on 2012 R2 & the SMS Passcode kit (modem and GSM device), you’ll need to reconfigure your Netscaler by doing the following:
1. Create a Radius authentication server
2. Create a Radius authentication policy
3. Bind the SMS Passcode authentication policy as primary and the LDAP authentication policy as secondary to the AGVIP & do not forget to modify the Credential Index on the session profiles accordingly…
After binding the authentication servers you ‘ll be seeing the famous Password 1 & Password 2 on Netscaler logon page…
In this case we do not need the Password 2 field so we need to remove it somehow. To do that…
1. WinSCP to your Netscaler, Open login.js (Located at: var/netscaler/ns_gui/vpn/login.js) and you should be seeing the following if toy are using NS10.1 and above…
function ns_showpwd_default()
{
var pwc = ns_getcookie(“pwcount”);
document.write(‘<TR><TD align=right style=”padding-right:10px;white-space:nowrap;”><SPAN class=CTXMSAM_LogonFont>’ + _(“Password”));
if ( pwc == 2 ) { document.write(‘ 1’); }
document.write(‘:</SPAN></TD>’);
document.write(‘<TD colspan=2 style=”padding-right:8px;”><input class=CTXMSAM_ContentFont type=”Password” title=”‘ + _(“Enter password”) + ‘” name=”passwd” size=”30″ maxlength=”127″ style=”width:100%;”></TD></TR>’);
if ( pwc == 2 ) {
document.write(‘<TR><TD align=right style=”padding-right:10px;white-space:nowrap;”><SPAN class=CTXMSAM_LogonFont>’ + _(“Password2″) + ‘</SPAN></TD> <TD colspan=2 style=”padding-right:8px;”><input class=CTXMSAM_ContentFont type=”Password” title=”‘ + _(“Enter password”) + ‘” name=”passwd1″ size=”30″ maxlength=”127″ style=”width:100%;”></TD></TR>’);
}
UnsetCookie(“pwcount”);
}
function ns_showpwd()
{
var pwc = ns_getcookie(“pwcount”);
document.write(‘<div class=”field CredentialTypepassword”><div class=”left”><label class=”label plain”><SPAN>’ + _(“Password”));
if ( pwc == 2 ) { document.write(‘ 1’); }
document.write(‘:</SPAN></label></div>’);
document.write(‘<div class=”right”><input class=”prePopulatedCredential” autocomplete=”off” spellcheck=”false” type=”Password” title=”‘ + _(“Enter password”) + ‘” name=”passwd” size=”30″ maxlength=”127″></div></div>’);
if ( pwc == 2 ) {
document.write(‘<div class=”field CredentialTypepassword”><div class=”left”><label class=”label plain”><SPAN>’ + _(“Password2″) + ‘</SPAN></label></div><div class=”right”><input class=”prePopulatedCredential” autocomplete=”off” spellcheck=”false” type=”Password” title=”‘ + _(“Enter password”) + ‘” name=”passwd1″ size=”30″ maxlength=”127″></div></div>’);
}
UnsetCookie(“pwcount”);
}
Simply remove the document.write statements (in bold style) so the lines looks like this instead:
function ns_showpwd_default()
{
var pwc = ns_getcookie(“pwcount”);
document.write(‘<TR><TD align=right style=”padding-right:10px;white-space:nowrap;”><SPAN class=CTXMSAM_LogonFont>’ + _(“Password”));
if ( pwc == 2 ) {}
document.write(‘:</SPAN></TD>’);
document.write(‘<TD colspan=2 style=”padding-right:8px;”><input class=CTXMSAM_ContentFont type=”Password” title=”‘ + _(“Enter password”) + ‘” name=”passwd” size=”30″ maxlength=”127″ style=”width:100%;”></TD></TR>’);
if ( pwc == 2 ) {}
UnsetCookie(“pwcount”);
}
function ns_showpwd()
{
var pwc = ns_getcookie(“pwcount”);
document.write(‘<div class=”field CredentialTypepassword”><div class=”left”><label class=”label plain”><SPAN>’ + _(“Password”));
if ( pwc == 2 ) {}
document.write(‘:</SPAN></label></div>’);
document.write(‘<div class=”right”><input class=”prePopulatedCredential” autocomplete=”off” spellcheck=”false” type=”Password” title=”‘ + _(“Enter password”) + ‘” name=”passwd” size=”30″ maxlength=”127″></div></div>’);
if ( pwc == 2 ) {}
UnsetCookie(“pwcount”);
}