I have setup PrivacyIDEA to authenticate users on Windows native L2TP VPN Client, using OTP (TOTP) and their Active Directory credentials (adusername / adpassword1234).
This works fine.
However, once authenticated, users cannot access resources that involve Kerberos (e.g : GPO mounted drives). They are prompted to provide a password to access the resource.
My guess is this is because real AD password and provided OTP password differ.
I have tried to setup a Windows NPS Server that forwards authentification request to privacyIDEA, following the concept described here : https://staging.netknights.it/en/nps-2012-for-two-factor-authentication-with-privacyidea
…Authentication still succed, but still no luck with Kerberos…
Any idea to have Kerberos working over an L2TP VPN using PrivacyIDEA OTP ?