2 servers - frontend + backend: auth + attributes
Alan DeKok
alan.dekok at inkbridge.io
Mon Sep 29 11:42:05 UTC 2025
On Sep 29, 2025, at 12:15 AM, Andrei Katsuk <steep8 at gmail.com> wrote:
> Let me explain the configuration.
> Old configuration : Cisco ISE with RADIUS server which returns to
> client Cisco-AVPair for authorization by domain login/password.
> What I want: Add FreeRADIUS server for mfa authentication.
> The first attempt:
> Add FreeRADIUS (3.0.27) as proxy (frontend) (which should provide mfa
> authentication)
How?
Details matter. It's difficult to answer a question which is basically "I want to do things". The more details you provide, the better the answer will be.
> to Cisco ISE (backend) which should still return
> Cisco-AVPair for authorization by domain login/password.
> Obstacles : It seems FreeRADIUS proxies request after authorization
> section and skips authentications section.
> So is it possible to implement such a configuration or should I think
> about a different approach ?
It's possible.
How? That depends on what you want to do.
If you go through the documentation, it documents everything you need to put together a solution.
Or, give a clear and complete description of the problem. What do mean by MFA? What comes in the packet? How does FreeRADIUS verify the MFA / password?
If you describe the problem in detail, it is possible to give a detailed solution. If the description is vague and incomplete, then any help will necessarily be vague and incomplete.
Alan DeKok.
More information about the Freeradius-Users
mailing list