You might find authentication indicators [1][2] useful in the use case you
are describing.
[1]:
On Fri, Jul 3, 2020 at 10:04 PM Max Muller via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Thanks for reply.
I carefully read the documentation and realized that this function is for
other tasks.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
And now I have another problem. I have L2TP/IPSec server on my Mikrotik
router. I want use LDAP credentials (login + pass from FreeIPA) + FreeIPA
OTP to authenticate on my L2TP/IPSec server (on Mikrotik router). I deploy
FreeRADIUS and it connect to LDAP (FreeIPA), find user+pass and permit
login in VPN.
But Mikrotik's radius client use only MS-CHAPv2 and I must add NT Hash for
each LDAP-user. And with NT hash I can not use FreeIPA OTP (NT hash static
generated from password only).
Is there way to use FreeIPA LDAP with OTP + FreeRADIUS for authenticate on
VPN server witch use MS-CHAPv2?
So I want use LDAP credentials for local login to system and LDAP
credentials + FreeIPA OTP for login to VPN.
I really want use FreeIPA OTP, because FreeIPA provides a personal area
for each user. User can change own pass, add OTP by himself, etc.
I hope that I can be understood. :-)
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...