I believe this is a simple question and something that is probably easy to solve, but I have spent already several days with making PrivacyIdea work and I don’t want to give it much more time as I’m testing different solutions to implement this. So - the scenario:
- Users are loaded in PrivacyIdea database with e-mail field (already done).
- Request for authentication comes from FreeRadius (done)
- PrivacyIdea checks the password, if correct, sends e-mail OTP and returns challenge-response request to FreeRadius. (not working)
- User fills in the OTP, sends to Radius -> PrivacyIdea checks the OTP and if OK, it sends Accept.
The best hint I found was in this GitHub issue:
However when I set “passthru”: “userstore” in authetication policy, the user just gets authenticated and no OTP or e-mail is generated although there is a “validate_check” event with action: enroll. If I don’t set the passthru, PrivacyIdea expects OTP and not password so the authentication fails. If I don’t have a token enrolled, authentication fails with “The user has no tokens assigned”.
Could someone please just paste a working configuration for e-mail/SMS authentication with challenge-response? I’m becoming desperate.
PrivacyIdea version: 2.19.1