Integration Guide for NetMotion Mobility

Before starting, make sure GreenRADIUS is configured with users imported from your LDAP and can communicate with your NetMotion Mobility Server

Configuring GreenRADIUS for NetMotion Mobility

In the GreenRADIUS web admin interface, add the NetMotion Mobility Server as a RADIUS client.

  1. Click the Domain tab
  2. Click the domain name where you want to add the NetMotion Mobility Server as a RADIUS client
  3. Click the RADIUS Clients tab
  4. Enter the IP address of the NetMotion Mobility Server. Then enter the same RADIUS secret twice. Then click the Add button.

RADIUS Client Configuration

Configuring the NetMotion Mobility Server

Add GreenRADIUS as a RADIUS Server

  1. Log in to the NetMotion Mobility Server console
  2. In the main menu, click on the Configure tab > "Authentication Settings"
  3. Under the "Authentication" section, click "User Authentication Protocol"
  4. In the "Global Authentication Setting" section, select "RADIUS - EAP (PEAP and EAP-TLS)". Then click "Apply".

RADIUS Authentication Setting

  1. Under the "RADIUS: Device Authentication" section, click "Servers"
  2. In the "RADIUS Servers" section, click the "Add..." button

Add RADIUS Server

  1. Enter the following:
  • Host Address: [IP address or hostname of GreenRADIUS]
  • Port: 1812
  • Shared secret: [enter the same RADIUS secret as configured in GreenRADIUS]
  • Confirm shared secret: [enter the same RADIUS secret as configured in GreenRADIUS]
  • Load balancing zone: 0

Add GreenRADIUS

  1. Click OK
  2. The GreenRADIUS entry should now be listed
  3. Under the "RADIUS: User Authentication" section, click "Servers"
  4. Repeat Steps 6 - 8 above

Add GreenRADIUS

  1. Under the "EAP-GTC" section, click "Auto-Response Mode"
  2. Uncheck the checkbox for "Auto-response mode" and click Apply

Auto-response mode setting

  1. In the main menu, click on the Configure tab > "Server Settings"
  2. Under the "Virtual Address" section, click "Allocation Method IPv4"
  3. In the "Global Setting" section, set the Method as "DHCP". Then click "Apply.

DHCP setting

  1. In the main menu, click on the Configure tab > "Client Settings"
  2. Under the "Logon" section, click "Default Credentials"
  3. In the "Global Setting" section, set as "Windows user"

Windows user setting

  1. In the main menu, click on the Configure tab > "Authentication Settings"
  2. Under the "Authentication" section, click "Mode"
  3. In the "Global Authentication Setting" section, set as "User authentication only". Then click "Apply".

User authentication only

NetMotion Mobility Client Configuration

  1. When installing the NetMotion Mobility client on a Windows machine, be sure to enter the IP address of the NetMotion Mobility server.

Client server IP address config

  1. After installation, restart the Windows machine.
  2. After restarting, the following screen may appear, because the NetMotion Mobility client is not yet configured. Click "Skip".

Skip this screen

  1. Open the NetMotion Mobility client, and click on the "Configuration" button

Configuration button

  1. Click the "Server Certificates" tab. Then uncheck the checkbox for "Validate server certificate", and click OK.

Uncheck validate server cert

  1. Click the "User Certificates" tab. Then uncheck the checkbox for "Allow user certificates", and click OK.

Uncheck allow user cert

  1. Restart the Windows machine
  2. After restarting, log in with a user that already has a token assigned (or will have a YubiKey auto-provisioned upon the first successful login).

Windows login

  1. After logging into Windows, the Mobility client login screen will appear. The user should enter his password followed by an OTP (either from a YubiKey or an Authenticator app).

Mobility client login screen

  1. If the username, password, and OTP are authenticated successfully by GreenRADIUS, the user will be connected to the NetMotion server, and the network will become active and show a status of "Connected".

NetMotion connected

Avoiding Entering Passwords Twice (Optional)

If you would like users to avoid entering passwords twice (once at the Windows logon screen and again on the NetMotion Mobility client), GreenRADIUS can be configured to skip password validation and only validate token OTPs.

  1. In the GreenRADIUS web admin interface, under the "Global Configuration" tab, click the "General" icon.
  2. Set "Enable Password Authentication Through GreenRADIUS" to "No". Then click the "Save" button.

IMPORTANT: This is a global setting, so this would only be recommended if NetMotion is the only 2FA integration with GreenRADIUS.

Skip password auth

  1. When users see the NetMotion Mobility client login screen, users will only need to enter an OTP from their token to log in.

Mobility client login screen

Web Analytics Made Easy - StatCounter

Updated 2023-02-13
© 2024 Green Rocket Security Inc. All rights reserved.