Additional to the provided NetKnights NPS integration guide, you have to change one setting in the freeradius configuration.
First check your plugin version (File privacyidea_radius.pm)
We need the version with the ADD_EMTPY_PASS variable available. (added 2020-03-21)
If that is available - change the rlm_perl.ini file and add
ADD_EMPTY_PASS = true
to the default section.
After that you have to change your Push Authentication Policy with “otppin:none” - which is absolut ok because NPS will handle the credential validation.
And if not already done - you need to increase the Timeout values, else you will only have about 3 seconds to send and confirm the push notification.
- NPS - Remote Radius Group / FreeRadius Server - Edit / Load Balancing - Increase to 30 or more seconds
- change Timeout in rlm_perl.ini to (UpperValue-1) seconds
- Change Authentication Push Policy - push_wait to (UpperValue-1) seconds
Now RDP Push Auth should work as excpected.
Btw in case you use this with a lot of users you will need to adapt the webserver config because each waiting radius request will represent a open http connection.