Prerequisites:

  • Windows Server 2003 SP1 with Domain Controller (Active Directory, e.g. smspasscode.local; e.g. Administrator\test\email\Impero@123!)
  • Microsoft .NET 3.5 SP1 Framework (addition: e.g. Chrome browser)

 Installing the Internet Authentication Service (IAS)

  1. Go to the Control Panel and click on Add/Remove Programs.
  2. Click on Add/Remove Windows Components:
  3. A list of Windows Components appears. Scroll down to Networking Services.
    1. Mark Networking Services.
    2. Click on the Details button
  4. A list of Networking Services appears.
    1. Check Internet Authentication Service.
    2. Click on the OK button.
  5. Click on the OK button.
  6. Click on the Next button.
  7. Click on the Finish button. IAS has now been installed.

 

Configuring RADIUS Protection on Windows Server 2003

Configure all RADIUS clients in the usual way by specifying the IAS server as the RADIUS server. If you are in doubt how to perform the configuration, please refer to the configuration guide of the specific RADIUS client in question.  Important! The user experience is best for RADIUS clients supporting Challenge Response. If Challenge Response support is configurable on the RADIUS client, please enable it.

  1. Start the IAS Management Console:
    1. In the Windows Start menu, select Run…
    2. Enter ias.msc.
    3. Click OK
  2. To create a RADIUS Client:
    1. Right-click the RADIUS Clients node.
    2. Select New RADIUS Client
  3. The New RADIUS Client dialog appears.
    1. Enter a “friendly name” of the RADIUS Client.
    2. Enter the IP address of the RADIUS Client.
    3. Click Next
  4. New fields appear in the New RADIUS Client dialog.

a. Enter and confirm the Shared Secret. It must match the shared secret configured on the RADIUS Client.

b. Click Finish.

Installing SMSPASSCODE

(version SmsPasscode-700-x86.exe)

  1. Log on to the machine using a user account with local administrator rights
  2. Copy SmsPasscode-700-x86.exe (32-bit) or SmsPasscode-700-x64.exe (64-bit) to a local path on the machine.
  3. A Welcome dialog appears. Click the Next button.
  4. An End-User License Agreement (EULA) appears. Please read the agreement carefully. If you accept the EULA:
    1. Click on I accept the terms in the license agreement.
    2. Click the Next button.
  5. A dialog for component selection appears. This is where you decide which components are to be installed on the current machine.
  6. Make your component selections. Please note: The selections you make are not permanent. You can always run the installation again afterwards and change your selections.
  7. Select Database Service, Web Administration Interface, Transmitter Service, Load Balancing Service.
  8. Click the Next button.
  9. If a dialog for entering license information appears:
    1. Enter the license code from the license e-mail. Use copy and paste.
    2. Click the Next button.
  10. If a dialog for selecting the installation folder appears:
    1. It is recommended to use the proposed default installation folder. In case you want to change the path, click the Change button and select a new path.
    2. Click the Next button.
  11. If a dialog for specifying the default prefix appears:
    1. Specify the default prefix for phone numbers. All phone numbers without an explicit prefix will have this prefix automatically added (e.g. +40)
    2. Click the Next button.
  12. If a dialog for setting up the Web Administration Interface appears:
    1. It is recommended to use the proposed default path for the Web Administration Interface installation folder. If you want to change the path, click the Change button and select a new path.
    2. It is recommended to use the proposed default TCP port for the Web Administration Interface site. If you want to change the TCP port, e.g. because of a port conflict with another application or another web site, then enter a different TCP port.
    3. Click the Next button.
  13. A dialog for selecting Authentication Clients appears.
    1. Select RADIUS Protection.
    2. Click the Next button.
  14. Enable ASP.NET 20 (dialog).
  15. At some stage during the installation the SMS PASSCODE® Configuration Tool is automatically started (except during an upgrade, because in this case the settings from the previous installation are preserved):

Radius Client Protection

  1. Authentication: add default domain
  2. Authorization: Active directory resolve provider -> select LDAP

Network -> enter shared secret

Post installation

After having completed the SMS PASSCODE® installation you should perform some configurations, before SMS PASSCODE® is ready for use:

(! If the SMS PASSCODE USERS is not created, you can added from AD Users and Computers)

Use the Web Administration Interface for the following tasks:

Settings -> General:

  1. Misc. Settings -> AD integration (enabled)
  2. Authentication monitoring (enabled)
  3. Globalization options -> Email, Token, Personal passcode (selected)
  4. Save.

Policies-> User Integration Policies:

  1. Data Source -> LDAP,  AD credentials
  2. Data Filtering-> Phone number and  email required
  3. Save.

In AD Users and Computers:

  1. Add user: test with Telephone number and email details.
  2. Member of SMS Passcode Administrator and Users (addition: Domain Users, Administrator, Remote Desktop Users).

Use the Web Administration Interface for the following tasks:

Users -> Maintain Users:

  1. Sync now

Transmission-> Email Dispatchers

1        Add new email dispatcher -> SMTP: 10.202.0.2; Sender email: email@company.com; transmitter hosts – enabled

Policies->Token Policies

  1. Default Token Policy: Token mode: OATH/TOTP; Token type: Software Token (enable Show QR code for….).
  2. Email Token: Token mode: OATH/TOTP; Token type: Software Token.

Policies ->Passcode Policies

  1. Default Passcode Policy: Passcode composition: Digits only.
  2. Email Policy: Passcode composition: Digits only.

Policies ->User Group Policies

  1. Default User Group Policy (sms token).
  2. Add new-> Email Group Policies.

Users -> Maintain Users:

  1. Email user->User Group Policy Settings:
    1. User Group Policy: email group policies
    2. Passcode policy: email policies
    3. Auth. Policy: default
    4. Token Policy: email token
    5. Passcode type: one-time passcode (OTP)
    6. Dispatch type: send passcode by email
    7. Token auth.: Allow
  2. test user->User Group Policy Settings:
    1. Token auth.: Allow