I understand that PASSWORD change can be performed via MSCHAPv2.
I could explain to you, why MSCHAPv2 does not work with OTP.
But we would have to dive into your setup a bit deeper. And I am not
willing to invest my time here to explain to you your Many-Bucks-Juniper
setup. Go and ask your Juniper support!!!
!!!
!
!!!
After all - you payed for that!
Besides - I also stressed the problem with MSChapv2 and OTP a lot on
different channels. So google might be your friend here.Am Montag, den 22.08.2016, 03:17 -0700 schrieb jmdeking:
Hi again Cornerlius,
I noticed this feature got released in 2.14-1trusty.
I enabled it and applied it to the only realm i got.
I set a pincode for a ldap user and when looking at the token it
says, next_pin_change: 22/08/16 11:55.
But when i log in to my netscaler using freeradius i do not get
prompted by a radius message to change the pin.
How come.
On Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote:
Hi Johan,
have you tried entering "do_what_i_mean"? ;-)
...sorry - could not resist this...
Kind regards
Cornelius
Am Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking:
> Now when enabling pinhandling and setting the value to "send
pin" i
> get the error Item in ``from list'' not a string
>
> On Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:
> Sorry but its not clear how this works exactly when
reading
> the document.
>
>
> I apply'd the otp_pin_random option and assigned a
token to a
> user without setting a pin. But the user doesnt
receive a
> email or anything so not sure how to know what the
random code
> is.
>
>
> Gr.
> Johan
>
> On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote:
> The 2nd is already possible.
>
http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random
>
>
> Am Montag, den 20.06.2016, 01:07 -0700 schrieb
> jmdeking:
> > Thanks Cornleius,
> >
> >
> > Looks good. Just to clarify my use case is
the
> following:
> >
> >
> > An administrator assigns a challenge
response token
> (email or sms)
> > with a pincode. But this pincode should
not be known
> to the
> > administrator cause its personal so in my
view one
> of the following 2
> > things can be done about this.
> >
> >
> > 1. My users log in to their citrix desktop
using
> Citrix Netscaler with
> > Radius request to the privacyidea server.
The
> privacyidea server
> > detects the 'initial' pincode is used and
asks for a
> challenge
> > response to change the pin to its own
value.
> > 2. When an administrator assigns an token
he can
> leave the pin field
> > empty for the system to generate a random
pin that
> is being send
> > automatically using the chosen token
method. (email
> of SMS)
> >
> >
> > You think this is possible?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:
> > I added an issue
> >
>
https://github.com/privacyidea/privacyidea/issues/429
> >
> > Am Samstag, den 18.06.2016, 05:35
-0700
> schrieb jmdeking:
> > > Hi Cornelius,
> > >
> > >
> > > I want to suggest a feature
request, the
> software we use at
> > the moment
> > > (RSA) has the ability to assign
a token
> with an initial
> > pincode.
> > > After the user uses this pincode
for the
> first time to
> > > login/authenticatie to our
frontend he
> will be asked to
> > change this to
> > > his own value.
> > > This makes assigning tokens for
other
> people possible, can
> > you look
> > > into this?
> > >
> > >
> > > Thanks
> > > --
> > > Please read the blog post about
getting
> help
> > >
> https://www.privacyidea.org/getting-help/.
> > >
> > > For professional services and
consultancy
> regarding two
> > factor
> > > authentication please visit
> > >
>
https://netknights.it/en/leistungen/one-time-services/
> > >
> > > In an enterprise environment you
should
> get a SERVICE LEVEL
> > AGREEMENT
> > > which suites your needs for
SECURITY,
> AVAILABILITY and
> > LIABILITY:
> > >
> >
>
https://netknights.it/en/leistungen/service-level-agreements/
> > > ---
> > > You received this message
because you are
> subscribed to the
> > Google
> > > Groups "privacyidea" group.
> > > To unsubscribe from this group
and stop
> receiving emails
> > from it, send
> > > an email to
> privacyidea...@googlegroups.com.
> > > To post to this group, send
email to
> > priva...@googlegroups.com.
> > > Visit this group at
> >
>
https://groups.google.com/group/privacyidea.
> > > To view this discussion on the
web visit
> > >
> >
>
https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com.
> > > For more options, visit
> https://groups.google.com/d/optout.
> >
> > --
> > Cornelius Kölbel
> > corneliu...@netknights.it
> > +49 151 2960 1417
> >
> > NetKnights GmbH
> > http://www.netknights.it
> > Landgraf-Karl-Str. 19, 34131
Kassel,
> Germany
> > Tel: +49 561 3166797, Fax: +49 561
3166798
> >
> > Amtsgericht Kassel, HRB 16405
> > Geschäftsführer: Cornelius Kölbel
> >
> >
> > --
> > Please read the blog post about getting
help
> >
https://www.privacyidea.org/getting-help/.
> >
> > For professional services and consultancy
regarding
> two factor
> > authentication please visit
> >
>
https://netknights.it/en/leistungen/one-time-services/
> >
> > In an enterprise environment you should
get a
> SERVICE LEVEL AGREEMENT
> > which suites your needs for SECURITY,
AVAILABILITY
> and LIABILITY:
> >
>
https://netknights.it/en/leistungen/service-level-agreements/
> > ---
> > You received this message because you are
subscribed
> to the Google
> > Groups "privacyidea" group.
> > To unsubscribe from this group and stop
receiving
> emails from it, send
> > an email to
privacyidea...@googlegroups.com.
> > To post to this group, send email to
> priva...@googlegroups.com.
> > Visit this group at
>
https://groups.google.com/group/privacyidea.
> > To view this discussion on the web visit
> >
>
https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com.
> > For more options, visit
> https://groups.google.com/d/optout.
>
> --
> Cornelius Kölbel
> corneliu...@netknights.it
> +49 151 2960 1417
>
> NetKnights GmbH
> http://www.netknights.it
> Landgraf-Karl-Str. 19, 34131 Kassel,
Germany
> Tel: +49 561 3166797, Fax: +49 561 3166798
>
> Amtsgericht Kassel, HRB 16405
> Geschäftsführer: Cornelius Kölbel
>
>
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two
factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and
LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the
Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails
from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
Please read the blog post about getting help
Getting help – privacyID3A.
For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/aaae7048-73c6-4cde-9c7d-5d5db74af67c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)