Hi all I am using 3.7 version, is it possible to setup passthru for a specific user to authenticate them via LDAP password instead of OTP token? I am using RADIUS plugin to authenticate users via PrivacyIDEA.
If it is only one or two users, you can issue them a SPASS token with the policy otppin=userstore.
This will have the effect, that this user can authenticate with his Windows Passwort (which is “userstore”) and does not need to provide a 2nd factor (which is “Simple PASS”).
1 Like
So, should I create a new realm with authentication policy {otppin=userstore} ? And then how to authenticate via radius with both new created and old realms?
I have made via unlang by name, by adding Realm to request, seems working well:
#Perl auth
Auth-Type Perl {
if ("%{User-Name}" == "USERNAME1") {
update request {
Realm := 'newrealm'
}
}
perl
}
I do not know…
…how your policies look like.
If you do not want the user to set a password within privacyIDEA but use the AD password, then you need to have a policy for this user, somehow.
What pin policy do the other users have? aka what is your default pin policy?
I would not set a new realm. I would simply create a destinct policy for this very user (in the same realm)