Hi all!
First I installed ocserv-server for cisco anyconnect/openconnect clients and configured it to authenticate with MS AD (login and normal password). It’s work.
Second I installed privacyidea with freeradius server on other VM for 2FA with TOPT, configured it using some manual from internet. It’s also work, but authentication occurs only with totp password, clients was never asked for AD password.
configuration file of freeradius /etc/freeradius/3.0/site-available/privacyidea:
server{
listen {
type = auth
ipaddr = *
port = 0
}
autorize {
perl-privacyidea
if (ok || updated) {
update control {
Auth-Type := Perl
}
}
}
authenticate {
Auth-Type Perl {
perl-privacyidea
}
}
}
Why the normal passw doesn’t appear in the request, only otp passw, and how to resolve this problem?