Radius proxy request to other radius for OTP auth
Satish Patel
satish.txt at gmail.com
Fri Oct 27 18:37:12 CEST 2017
> That still isn't clear. If the VPN doesn't support Class, then adding FreeRADIUS won't help.
VPN does support that Class
On Fri, Oct 27, 2017 at 12:10 PM, Alan DeKok <aland at deployingradius.com> wrote:
>
>> On Oct 27, 2017, at 12:05 PM, Satish Patel <satish.txt at gmail.com> wrote:
>>
>> In short this is what i am planning to do with FreeRadius instead of
>> IAS windows http://www.dasblinkenlichten.com/using-radius-attributes-during-webvpn-logon/
>
> You just configure FreeRADIUS to send the Class attribute back. That should be simple.
>
>> We have Multi Factor authentication (password+OTP) for VPN login, and
>> MFA (multi factor auth) provided by onelogin company, in my Cisco ASA
>> i tell my RADIUS server is onlogin in cloud and my asa authenticate
>> users from there, but that company doesn't support Attribute Class 25
>> which i posted in link,
>
> Then you can't do it.
>
>> so i was thinking to build Freeradius in-house
>> and do whatever i want there for grouping and then proxy request to
>> onlogin for OTP stuff. In short my local radius will act like Proxy
>> and forward request to onelogin in cloud for OTP.
>
> That still isn't clear. If the VPN doesn't support Class, then adding FreeRADIUS won't help.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list