hi, We want to use privacyIDEA to apply two authentication with our VPN service. Our VPN service is built with openconnect, and behind the openconnect we use Ldap. Between the openconnect and ldap, we use Freeradius to connect openconnect with ldap.
It looks like this: openconnect <–> Freeradius <–> ldap.
My version of privacyIDEA is privacyIDEA 3.0.2, and I get it from https://pypi.org/project/privacyIDEA/. And my Linux distribution and version is Red Hat 4.8.5-36 and Linux version 3.10.0-957.21.3.el7.x86_64. I have created a realm with ldap resolver. And the ldap resolver has passed the test. And I have created the
authentication Policy with { “otppin”: “userstore” }, and also created the user policy { “enrollTOTP”: true, “totp_timestep”: “30”, “delete”: true }. And the test user has enrolled the totp token.
And I have changed the ldap server address and port in radius configuration to privacy-ldap-proxy address and port. The privacy-ldap-proxy’s config.ini file looks like
[privacyidea]
instance = http://127.0.0.1:5000
[ldap-backend]
endpoint = tcp:host=ourldapServerAddress:port=ourldapPort
test-connection = true
[service-account]
dn = “cn=xxxx,ou=staff,dc=privacyidea,dc=com”
password = passwords
[ldap-proxy]
endpoint = tcp:port=1389
passthrough-binds = “cn=xxxx,ou=staff,dc=privacyidea,dc=com”
bind-service-account = true
allow-search = true
allow-connection-reuse = false
forward-anonymous-binds = false
[user-mapping]
strategy = lookup
attribute = uid
[realm-mapping]
strategy = static
realm = our default realm
[bind-cache]
enabled = false
timeout = 3
[app-cache]
enabled = false
But until now, I can pass the user and passwors, but when I used the username and password+otpcode, it failed to pass.
Best wishes