12 Feb
2020
12 Feb
'20
10:47 a.m.
Hi, I was hoping to follow the clearly written Wiki article: https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy My problem is that the 2FA Radius Proxy used to verify the OTP requires a valid State value, so currently the login process is a 3 step process! I have allowed State in the Pre-Proxy Attributes filter. So the current flow is: 1) Username/Password request via AD LDAP 2) Unsuccessful OTP request with invalid State value ( returns valid State value from the remote OTP Radius server ) 3) Successful OTP request Anyone able to suggest how I go about getting a valid State value from the OTP radius during the first Access-Request so that the first Access-Challenge response contains this valid State value? Thanks, Bill