2 servers - frontend + backend: auth + attributes
Andrei Katsuk
steep8 at gmail.com
Tue Sep 30 05:09:39 UTC 2025
>
> How? That depends on what you want to do.
>
> If you go through the documentation, it documents everything you need to put together a solution.
>
> Or, give a clear and complete description of the problem. What do mean by MFA? What comes in the packet? How does FreeRADIUS verify the MFA / password?
>
> If you describe the problem in detail, it is possible to give a detailed solution. If the description is vague and incomplete, then any help will necessarily be vague and incomplete.
>
These are good questions,
What comes in the packet?
It is PAP protocol - so Access-Request contains User-Name / User-Password
> What do mean by MFA?
It is under another investigation. For now it is password + otp . It
may be one string password&otp or separate 2FA : password/otp
>How does FreeRADIUS verify the MFA / password?
I expect that rlm_rest module with backend server will check otp or
even password + otp
> If you go through the documentation, it documents everything you need to put together a solution.
For now I'm stuck a bit with Proxy, which activates in the authorize
section and skips authenticate section.
It seems that verifying password&otp in other sections (except the
authenticate section) does not allow us to follow the FreeRADIUS
design flow.
More information about the Freeradius-Users
mailing list