{"id":4623,"date":"2020-05-05T13:12:45","date_gmt":"2020-05-05T13:12:45","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4623"},"modified":"2022-11-06T10:03:47","modified_gmt":"2022-11-06T10:03:47","slug":"citrix-netscaler-with-nps-extension-for-azure-mfa","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/citrix-netscaler-with-nps-extension-for-azure-mfa","title":{"rendered":"Citrix NetScaler with NPS Extension for Azure MFA"},"content":{"rendered":"<ul><li>Install a new NPS Server ( cannot be existing as MFA will take over existing requests such as Wifi! )\u00a0<\/li><li>Installed Azure AD NPS Plugin and Enroll in Azure AD<\/li><li>Add a Radius Client to the NPS server of the IP ( VIP ) of the Netscaler\u00a0<\/li><li>Add the Radius server in Authentication &#8211; Set Timeout to <strong>10Seconds<\/strong> , set Password to <strong>MsChapv2<\/strong> Set NASID to <strong>MFA<\/strong><\/li><li>NPS Server Policies<\/li><\/ul><p id=\"UXoXsha\"><img loading=\"lazy\" decoding=\"async\" width=\"718\" height=\"386\" class=\"alignnone size-full wp-image-4624  img-responsive\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb165916fef8.png\" alt=\"\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb165916fef8.png 718w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb165916fef8-300x161.png 300w\" sizes=\"auto, (max-width: 718px) 100vw, 718px\" \/><\/p><p id=\"JcnvVBQ\"><img loading=\"lazy\" decoding=\"async\" width=\"745\" height=\"409\" class=\"alignnone size-full wp-image-4626  img-responsive\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb166218ad5a.png\" alt=\"\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb166218ad5a.png 745w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb166218ad5a-300x165.png 300w\" sizes=\"auto, (max-width: 745px) 100vw, 745px\" \/><\/p><p>&nbsp;<\/p><p id=\"qVwJmiz\"><img loading=\"lazy\" decoding=\"async\" width=\"883\" height=\"349\" class=\"alignnone size-full wp-image-4625  img-responsive\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb165e23190c.png\" alt=\"\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb165e23190c.png 883w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb165e23190c-300x119.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2020\/05\/img_5eb165e23190c-768x304.png 768w\" sizes=\"auto, (max-width: 883px) 100vw, 883px\" \/><\/p><p>&nbsp;<\/p><p>&nbsp;<\/p><p>If you must use MS-CHAPv2, you can enable NTLMv2 authentication by adding this registry entry:<\/p><p>&nbsp;<\/p><ol><li>Select\u00a0<strong>Start<\/strong>\u00a0&gt;\u00a0<strong>Run<\/strong>, type\u00a0<em>regedit<\/em>\u00a0in the\u00a0<strong>Open<\/strong>\u00a0box, and then select\u00a0<strong>OK<\/strong>.<\/li><li>Locate and select the following registry subkey:<br \/>HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\RemoteAccess\\Policy<\/li><li>On the\u00a0<strong>Edit<\/strong>\u00a0menu, point to\u00a0<strong>New<\/strong>, and then select\u00a0<strong>DWORD Value<\/strong>.<\/li><li>Type\u00a0<em>Enable NTLMv2 Compatibility<\/em>, and then press ENTER.<\/li><li>On the\u00a0<strong>Edit<\/strong>\u00a0menu, select\u00a0<strong>Modify<\/strong>.<\/li><li>In the\u00a0<strong>Value data<\/strong>\u00a0box, type\u00a0<em>1<\/em>, and then select\u00a0<strong>OK<\/strong>.<\/li><li>Exit Registry Editor.<\/li><\/ol>","protected":false},"excerpt":{"rendered":"<p>Install a new NPS Server ( cannot be existing as MFA will take over existing requests such as Wifi! )\u00a0Installed Azure AD NPS Plugin and Enroll in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1464,646,2074,3224,2782],"class_list":["post-4623","post","type-post","status-publish","format-standard","hentry","category-research","tag-azure","tag-citrix","tag-netscaler","tag-nps","tag-radius"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=4623"}],"version-history":[{"count":3,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4623\/revisions"}],"predecessor-version":[{"id":6319,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4623\/revisions\/6319"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=4623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=4623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=4623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}