2016-03-09 22:08 GMT+01:00 Alan DeKok <aland@deployingradius.com>:
On Mar 9, 2016, at 1:18 PM, Andy P. <pmaspec@gmail.com> wrote:
Multi-factor authentication. The passwords for the 2 (or more) authentications are different. Just like with the Duo authentication proxy, but not linked to their service for the secondary authentication.
Except that RADIUS packets don't have two passwords.
Right, and I'm not going to use the challenge-response. The following is planned: submit an auth. request containing the userid and the password which is the concatenation of the AD password and of the OTP (with a separator character in-between); then FreeRADIUS would split the request and authenticate the (userid, AD password) against the AD (via ntlm or LDAP) and the (userid, OTP) against that other RADIUS server.
So... again, what *exactly* do you want to do?
I already gave a suggestion about using ntlm_auth. Did you try it?
No, I don't have the entire environment available yet. At this time I'm looking to validate -on paper - the feasibility. Thank you!
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html