Radius proxy request to other radius for OTP auth

Alan DeKok aland at deployingradius.com
Fri Oct 27 18:10:28 CEST 2017

> On Oct 27, 2017, at 12:05 PM, Satish Patel <satish.txt at gmail.com> wrote:
> In short this is what i am planning to do with FreeRadius instead of
> IAS windows http://www.dasblinkenlichten.com/using-radius-attributes-during-webvpn-logon/

  You just configure FreeRADIUS to send the Class attribute back.  That should be simple.

> We have Multi Factor authentication (password+OTP) for VPN login, and
> MFA (multi factor auth) provided by onelogin company, in my Cisco ASA
> i tell my RADIUS server is onlogin in cloud and my asa authenticate
> users from there, but that company doesn't support Attribute Class 25
> which i posted in link,

  Then you can't do it.

> so i was thinking to build Freeradius in-house
> and do whatever i want there for grouping and then proxy request to
> onlogin for OTP stuff.  In short my local radius will act like Proxy
> and forward request to onelogin in cloud for OTP.

  That still isn't clear.  If the VPN doesn't support Class, then adding FreeRADIUS won't help.

 Alan DeKok.

More information about the Freeradius-Users mailing list