Error 2FA - AD password and external OTP via RADIUS proxy

Клеусов Владимир Сергеевич Kleusov.Vladimir at wildberries.ru
Wed Mar 11 15:31:35 CET 2020


In freeradius logs, this is ldap: Bind credentials incorrect: Invalid credentials): [testuser/testpasswd2217287
First the request for a normal password and then the otp  2217287
What's wrong ?

11 марта 2020 г., в 15:28, L.P.H. van Belle via Freeradius-Users <freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>> написал(а):

F2A test, add it to your ssh login and enable it and test it.
Thats easy todo..

Just make sure you 2 ! Extra sessions logged in before you enable it.
If your on debian/ubuntu.
https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04

What is easy todo for a test.


Greetz,

Louis


-----Oorspronkelijk bericht-----
Van: Freeradius-Users
[mailto:freeradius-users-bounces+belle=bazuin.nl at lists.freerad
ius.org<http://ius.org/>] Namens ?????????????? ????????????????
?????????????????? via Freeradius-Users
Verzonden: woensdag 11 maart 2020 13:18
Aan: FreeRadius users mailing list
CC: ?????????????? ???????????????? ??????????????????
Onderwerp: Re: Error 2FA - AD password and external OTP via
RADIUS proxy

Thanks. Bug fixed. Can I configure radtest for a 2fa request
? Now, after radtest testuser testpasswd 10.42.2.36 1812 testing123
Received Access-Challenge Id 160 from 10.42.2.36:1812 to
0.0.0.0:0 length 56
State = 0x575a6b39676f34544332324f584d357a
Reply-Message = "Please enter OTP»
That is I don't understand if 2fa works or not

11 ?????????? 2020 ??., ?? 14:27, Alan DeKok
<aland at deployingradius.com<mailto:aland at deployingradius.com>> ??????????????(??):

On Mar 11, 2020, at 7:21 AM, ??????????????
???????????????? ?????????????????? via Freeradius-Users
<freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>> wrote:

I configure at
https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Pr
oxy But there was an error
/etc/freeradius/3.0/sites-enabled/proxy[2]: Invalid location
for 'if' Any ideas FreeRADIUS Version 3.0.1

Upgrade to 3.0.20.  It has many bugs fixed.

And no, you didn't follow that guide.  The guide is pretty
clear where the "if" statements go.  It gives you filenames.

The server configuration is well documented.  You can't
just add random things to random configuration files, and
expect that they do what you want.

Alan DeKok.



-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list