gcsdroo Posted June 21, 2019 Share Posted June 21, 2019 The current implementation of RADIUS only allows the use of tokens/passwords that do not require a challenge/response. Currently, if a RADIUS Challenge message is sent to the portal, a Password Incorrect message is instead shown. Example Scenario [RADIUS server setup to use SMS tokencodes]: User enters their PIN and clicks Next PIN is sent to RADIUS server RADIUS server responds with Access-Challenge message Password portal prompts user for next token code (or whatever message is sent back with the Access-Challenge) User enters tokencode they received and clicks Next RADIUS server respondss with Access-Granted and authentication succeed This is also useful in scenarios when using hardware/software tokens via RADIUS and a PIN rotation is enabled. The portal would need to be able chain Access-Challenge responses as there may be more than one. Link to comment Share on other sites More sharing options...
Ulf Posted August 29, 2019 Share Posted August 29, 2019 +1 Link to comment Share on other sites More sharing options...
Steveh Posted November 22, 2019 Share Posted November 22, 2019 This would be helpful for us as well. Link to comment Share on other sites More sharing options...
John Horton Posted February 16, 2020 Share Posted February 16, 2020 I think we're after something similar, our RADIUS server is configured to send the user a PIN via SMS. We pointed Passwordstate to our RADIUS server and I received the PIN code on my phone, but Passwordstate didn't challenge me to enter the code to gain access. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now