Radius proxy request to other radius for OTP auth

Alan DeKok aland at deployingradius.com
Fri Oct 27 14:43:25 CEST 2017


On Oct 26, 2017, at 10:58 PM, Satish Patel <satish.txt at gmail.com> wrote:
> Recently we decided to create multiple Group Policy for VPN and every
> group will have own permission to access application, like Sales,
> Finance and contractor etc, In short contractor can't access Finance
> related application etc.

  I'm not sure that's possible in RADIUS.  You can send policies to the VPN (maybe), but the VPN may ignore them.

> After reading found ASA support RADIUS attribute Class 25 where i can
> create OU=sales and implement policy base on whatever LDAP memberOf
> list users.

  That's vague... what, exactly are you doing?  What piece of the network is doing what?

> But unfortunately onelogin doesn't support that kind of attributes
> mapping and now we stuck here so only solution is to deploy on radius
> server and integrate with google authenticator.

  How does deploying a RADIUS server help with controlling access to applications?

> So i have question is there anyway i can use FreeRadius locally and
> use attributes Class 25 and then proxy authentication to onlelogin
> RADIUS?

  FreeRADIUS can use Class.  So?  What does it *do* with it?

> What should i do and what you guys suggest here?

  First, you have to describe what you're doing.  Which network machines are involved?  What are they doing?  What information do they exchange?

  Alan DeKok.




More information about the Freeradius-Users mailing list