On 9 Mar 2016, at 18:18, Andy P. <pmaspec@gmail.com> wrote:
2016-03-09 16:05 GMT+01:00 Alan DeKok <aland@deployingradius.com>:
On Mar 9, 2016, at 4:09 AM, Andy P. <pmaspec@gmail.com> wrote:
...
Is it simply a matter of the the Authorization/Authentication sections definition, or requires some development?
A better question is: why do you need this?
Multi-factor authentication. The passwords for the 2 (or more) authentications are different. Just like with the Duo authentication proxy, but not linked to their service for the secondary authentication.
The session-state list makes this much easier in v3.0.x. It handles creating a State attribute in the response, to tie together multiple rounds of authentication. You still need cooperation from the NAS though, to prompt the user multiple times when it receives an Access-Challenge. For EAP, multi-factor authentication is not possible, unless the two factors are presented in a single round e.g. otp + password. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2