[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: [EXT] RE: Add client IP address to log messages
From:       Brian Julin <BJulin () clarku ! edu>
Date:       2021-11-23 17:01:43
Message-ID: BL0PR03MB398800EDA8FCC0D9DAE706F5B4609 () BL0PR03MB3988 ! namprd03 ! prod ! outlook ! com
[Download RAW message or body]


Drew Weaver <drew.weaver@thenap.com> wrote:
> Also it appears that our documentation was wrong anyway. We are using duo 2fa so I \
> believe duo is proxying radius requests and it must not be forwarding the \
> information to radiusd.

> Sorry for the noise/spam.

That would explain it.

Duo does have a nice REST API you can use for authentications instead of their crummy \
RADIUS relay, but it's a roll-your-own solution requiring a lot of coding/testing.

Also, if you aren't sure you are sticking with Duo, not a good idea since many of the \
other providers do not provide an easy REST API.

You could probably find some way to tie customized logging from duoauthproxy to the \
pap messages but yes, the way 2FA providers just casually injects unnecessary \
low-feature-set relays into AAA setups makes things hard.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]