Free Radius + Google Authenticator + MS AD, authentication issue
Nathan Ward
lists+freeradius at daork.net
Fri Jan 11 06:51:20 CET 2019
Hi,
> On 11/01/2019, at 8:13 AM, yaya li <yayali2003 at hotmail.com> wrote:
>
> Hi there,
>
> I'm setting up Free Radius + Google Authenticator + MS AD for our VPN access, it's working with ad account password + token, but it also authenticates with token only. Did I miss any configuration or where should I look into. Below is our current radiusd file config. any comments are appreciated.
>
> # /etc/pam.d/radiusd - PAM configuration for FreeRADIUS
> #
>
> # We fall back to the system default in /etc/pam.d/common-*
> #
>
> #@include common-auth
> #@include common-account
> #@include common-password
> #@include common-session
> auth requisite /usr/local/lib/security/pam_google_authenticator.so forward_pass
This is PAM configuration. PAM is a seperate system. FreeRADIUS can use PAM to authenticate users, however, configuring PAM isn’t part of FreeRADIUS.
This PAM configuration is *only* checking the pam_google_authenticator module. It isn’t checking any other modules, such as AD.
Perhaps you have configured FreeRADIUS to check AD, and PAM, and accept either rather than requiring both?
How about you post your FreeRADIUS debug? Please see https://wiki.freeradius.org/guide/Users-Mailing-List <https://wiki.freeradius.org/guide/Users-Mailing-List>
--
Nathan Ward
More information about the Freeradius-Users
mailing list