2FA Challenge via Proxy Realm with valid State

Bill Noyce billnoyce75 at gmail.com
Wed Feb 12 16:47:21 CET 2020


Hi,

I was hoping to follow the clearly written Wiki article:
https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy

My problem is that the 2FA Radius Proxy used to verify the OTP requires a
valid State value, so currently the login process is a 3 step process! I
have allowed State in the Pre-Proxy Attributes filter.

So the current flow is:
1) Username/Password request via AD LDAP
2) Unsuccessful OTP request with invalid State value ( returns valid State
value from the remote OTP Radius server )
3) Successful OTP request

Anyone able to suggest how I go about getting a valid State value from the
OTP radius during the first Access-Request so that the
first Access-Challenge response contains this valid State value?

Thanks,
Bill


More information about the Freeradius-Users mailing list