Possible to have 2 authentications in sequence?
Andy P.
pmaspec at gmail.com
Thu Mar 10 09:07:11 CET 2016
2016-03-09 22:08 GMT+01:00 Alan DeKok <aland at deployingradius.com>:
> On Mar 9, 2016, at 1:18 PM, Andy P. <pmaspec at gmail.com> wrote:
> > Multi-factor authentication. The passwords for the 2 (or more)
> > authentications are different. Just like with the Duo authentication
> proxy,
> > but not linked to their service for the secondary authentication.
>
> Except that RADIUS packets don't have two passwords.
>
>
Right, and I'm not going to use the challenge-response. The following is
planned: submit an auth. request containing the userid and the password
which is the concatenation of the AD password and of the OTP (with a
separator character in-between); then FreeRADIUS would split the request
and authenticate the (userid, AD password) against the AD (via ntlm or
LDAP) and the (userid, OTP) against that other RADIUS server.
> So... again, what *exactly* do you want to do?
>
> I already gave a suggestion about using ntlm_auth. Did you try it?
>
No, I don't have the entire environment available yet. At this time I'm
looking to validate -on paper - the feasibility.
Thank you!
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list