[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: [EXT] RE: Add client IP address to log messages
From: Brian Julin <BJulin () clarku ! edu>
Date: 2021-11-23 17:01:43
Message-ID: BL0PR03MB398800EDA8FCC0D9DAE706F5B4609 () BL0PR03MB3988 ! namprd03 ! prod ! outlook ! com
[Download RAW message or body]
Drew Weaver <drew.weaver@thenap.com> wrote:
> Also it appears that our documentation was wrong anyway. We are using duo 2fa so I \
> believe duo is proxying radius requests and it must not be forwarding the \
> information to radiusd.
> Sorry for the noise/spam.
That would explain it.
Duo does have a nice REST API you can use for authentications instead of their crummy \
RADIUS relay, but it's a roll-your-own solution requiring a lot of coding/testing.
Also, if you aren't sure you are sticking with Duo, not a good idea since many of the \
other providers do not provide an easy REST API.
You could probably find some way to tie customized logging from duoauthproxy to the \
pap messages but yes, the way 2FA providers just casually injects unnecessary \
low-feature-set relays into AAA setups makes things hard.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic