not logged in | [Login]
Always use radiusd -X
when debugging!
This document describes how to set up FreeRADIUS server in order to facilitate 2FA where the initial request is authenticated against Active Directory and then proxied to an external RADIUS server for the second step.
authorize {
if (!State) {
update control {
Ldap-UserDN := "%{User-Name}@mydomain.com"
Auth-Type := LDAP
}
}
else {
update control {
Proxy-To-Realm := "test"
}
}
}
authenticate {
Auth-Type LDAP {
ldap-test
if (ok) {
update session-state {
State := "%{randstr:aaaaaaaaaaaaaaaa}"
}
update reply {
Reply-Message := "Please enter OTP"
}
challenge
}
}
}
Last edited by Mathias Sundman (msundman78), 2018-01-03 06:45:38
Sponsored by Network RADIUS