The Citrix Access Gateway is an essential tool to allow connections from the internet into you XenApp and XenDeskop farms; basic logon points though can provide access to any internal web resource and autentication should always take place on the CAG. Here we look at using FreeRadius on openSUSE as our RADIUS server and creating a logon point that uses this for authentication.
We need to authorize the CAG on the RADIUS server. This is through the /etc/raddb/client.conf. We add an entry for the GAC and create a shared secret. We need to supply this shared secret when creating the authentication profile of the CAG. next we create users accounts on the RADIUS server in the /etc/raddb/users file. Now we are ready to go 🙂