On 9 Mar 2016, at 19:26, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 9 Mar 2016, at 18:18, Andy P. <pmaspec@gmail.com> wrote:
2016-03-09 16:05 GMT+01:00 Alan DeKok <aland@deployingradius.com>:
On Mar 9, 2016, at 4:09 AM, Andy P. <pmaspec@gmail.com> wrote:
...
Is it simply a matter of the the Authorization/Authentication sections definition, or requires some development?
A better question is: why do you need this?
Multi-factor authentication. The passwords for the 2 (or more) authentications are different. Just like with the Duo authentication proxy, but not linked to their service for the secondary authentication.
The session-state list makes this much easier in v3.0.x.
It handles creating a State attribute in the response, to tie together multiple rounds of authentication.
You still need cooperation from the NAS though, to prompt the user multiple times when it receives an Access-Challenge.
For EAP, multi-factor authentication is not possible, unless the two factors are presented in a single round e.g. otp + password.
Ah misunderstood, you want to submit the credentials to multiple services. Yes you can do that. Just call the .authenticate method of the module you want to use in the authorize {} section and then perform a proxy. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2