2 servers - frontend + backend: auth + attributes
Andrei Katsuk
steep8 at gmail.com
Mon Sep 29 04:15:17 UTC 2025
> Why? If the front end authenticates the user, the back end can just assume that the user has been authenticated. It doesn't need to re-authenticate the user.
>
> Alan DeKok.
>
Let me explain the configuration.
Old configuration : Cisco ISE with RADIUS server which returns to
client Cisco-AVPair for authorization by domain login/password.
What I want: Add FreeRADIUS server for mfa authentication.
The first attempt:
Add FreeRADIUS (3.0.27) as proxy (frontend) (which should provide mfa
authentication) to Cisco ISE (backend) which should still return
Cisco-AVPair for authorization by domain login/password.
Obstacles : It seems FreeRADIUS proxies request after authorization
section and skips authentications section.
So is it possible to implement such a configuration or should I think
about a different approach ?
Regards,
Andrei
More information about the Freeradius-Users
mailing list