Currently we are doing authentication through radius with tokens as the second factor when logging into the SA.
Now I am trying to setup web access to Windows File Shares. I would like to make the logon to the Windows File Share as easy as possible for the users. The credentials for the the Windows File Shares are NOT synced with the radius credentials used to logon to the SA.
Having said that, in most cases the username is the same, and in a lot of cases people end up using the same password for the Windows FIle Shares and the radius. We are not an AD shop, and not everyone who will logon to the SA has AD credentials, this is my we use radius.
I have been playing with the SSO settings. I think what I would like to do is attempt to re-use the username and password from the radius logon and somehow pass the domain name as well. If the credentials fail (since they aren't always the same) I would like to prompt the user for the password and autofill in the domain (since this never changes) and the username since it is usually the same as the radius username.
I was hoping I could get some advise on how to do this, or something else that would be as easy for the user as possible.
- My users are already providing two factors at login to the SA, so I'm trying to limit how many times they need to login.
- Users don't know what their domain is, so if they need to enter this it may prove difficult for them.
I appreciate the help...
Since the password is not synced, it is not recommended to do SSO as user's can get failure messages to log on.
Under resource policies--->Files--->windows SSO, configure an SSO policy for the file share with action set to
It will force user to type in the username and password for the file share with domain name populated.
Domain will be populated but the username cannot be populated. Because when we enter the username in the setting and when the password is left blank SSO would be tried and would fail as the password is a null password..
If we know or have something in common for users who have same credential on both radius and windows share. we can configure a detailed rule as to whom this policy needs to be applied to
Just wanted to let everyone know it is possible to try to SSO into a Windows file share with credentials in case they are the same as the primary authentication (Radius) and then prompt the user if they are not correct : )