Radius proxy request to other radius for OTP auth
aland at deployingradius.com
Fri Oct 27 18:10:28 CEST 2017
> On Oct 27, 2017, at 12:05 PM, Satish Patel <satish.txt at gmail.com> wrote:
> In short this is what i am planning to do with FreeRadius instead of
> IAS windows http://www.dasblinkenlichten.com/using-radius-attributes-during-webvpn-logon/
You just configure FreeRADIUS to send the Class attribute back. That should be simple.
> We have Multi Factor authentication (password+OTP) for VPN login, and
> MFA (multi factor auth) provided by onelogin company, in my Cisco ASA
> i tell my RADIUS server is onlogin in cloud and my asa authenticate
> users from there, but that company doesn't support Attribute Class 25
> which i posted in link,
Then you can't do it.
> so i was thinking to build Freeradius in-house
> and do whatever i want there for grouping and then proxy request to
> onlogin for OTP stuff. In short my local radius will act like Proxy
> and forward request to onelogin in cloud for OTP.
That still isn't clear. If the VPN doesn't support Class, then adding FreeRADIUS won't help.
More information about the Freeradius-Users