Authentication and Authorization
Alex Gregory
alex at c2company.com
Wed Oct 1 00:49:00 CEST 2014
Thank you for the link. I have the OTP working on a test server now with proxying. The problem is the hosted OTP server does not supply any group or attribute information back yet like this Wikid server does. But I have two different user groups for two different networks (Corp and Dev users) that need to be differentiated.
In production have two virtual radius servers each doing an LDAP lookup into a different group. If a user tries to access the incorrect network they are denied because they are not in that group. Works great. If I alter the server to proxy the request with the LDAP module configured will it handle things properly?
Thanks,
Alex
On Sep 30, 2014, at 2:02 PM, Nick Owen <owen.nick at gmail.com> wrote:
> Yes, see this tutorial:
> https://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-openldap-and-freeradius.
> Note that you login with the username and OTP. No ldap password is
> needed.
>
> HTH,
>
> Nick
>
> On Tue, Sep 30, 2014 at 3:18 PM, Alex Gregory <alex at c2company.com> wrote:
>> Hello-
>>
>> If I have both LDAP and Proxy configured will FreeRadius use both? What I am looking for is the FreeRadius server authorize a user in LDAP and if that passes forward the user to the upstream OTP radius server (via proxy.conf) for authentication. I believe its doing this now with the LDAP module, just authenticating locally, rather than proxied.
>>
>> Is this possible?
>>
>> Thanks,
>>
>> Alex
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
> --
> --
> Nick Owen
> WiKID Systems, Inc.
> http://www.wikidsystems.com
> Commercial/Open Source Two-Factor Authentication
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list