freeradius proxying directions..

Alan DeKok aland at deployingradius.com
Mon Jan 7 14:38:09 CET 2019


On Jan 6, 2019, at 10:16 AM, Tom Mustaki <tom at mustaki.com> wrote:
> i am a noob in the freeradius business and really need some basic guidance.
> i was following an article:
> https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy
> 
> and it worked fine.

  That's good.

> now my goal is to support push notification on mobile devices.
> (the freeradius should proxy the request without waiting for OTP input from
> the authenticating user.)
> instead the freeradius should, after successful LDAP bind,  send username +
> p for password, to the OTP radius. that will trigger a push notification on
> the mobile device.
> 
> could anyone point me in the right direction on where and what to change?

  The server can't do proxying *and* local authentication at the same time.  But with a bit of minor configuration, it should work.

  The simple solution is to *not* set Auth-Type = LDAP.  You should be able to do something like:

authorize {
	...
	ldap.authenticate	# run LDAP bind
	if (ok) {
		update control {
			Proxy-To-Realm := "realm"
		}
	}
	...
}

  Alan DeKok.




More information about the Freeradius-Users mailing list