freeradius proxying directions..
Alan DeKok
aland at deployingradius.com
Mon Jan 7 14:38:09 CET 2019
On Jan 6, 2019, at 10:16 AM, Tom Mustaki <tom at mustaki.com> wrote:
> i am a noob in the freeradius business and really need some basic guidance.
> i was following an article:
> https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy
>
> and it worked fine.
That's good.
> now my goal is to support push notification on mobile devices.
> (the freeradius should proxy the request without waiting for OTP input from
> the authenticating user.)
> instead the freeradius should, after successful LDAP bind, send username +
> p for password, to the OTP radius. that will trigger a push notification on
> the mobile device.
>
> could anyone point me in the right direction on where and what to change?
The server can't do proxying *and* local authentication at the same time. But with a bit of minor configuration, it should work.
The simple solution is to *not* set Auth-Type = LDAP. You should be able to do something like:
authorize {
...
ldap.authenticate # run LDAP bind
if (ok) {
update control {
Proxy-To-Realm := "realm"
}
}
...
}
Alan DeKok.
More information about the Freeradius-Users
mailing list