Hello,
I have a question regarding AD.py post-auth script + RADIUS and Google Authenticator.
I have already tested the post-auth AD.py script + RADIUS functionality and it works perfectly - AD user added to specific group configured on NPS gets assigned to the specific group on the access server side.
I wanted to add additional authentication factor using Google Authenticator.
My question is - is it possible for AD.py + RADIUS and google authenticator to cooperate?
After enabling Google Authenticator mapping AD group to OVPN group stopped working. When configured with qr code, user accounts are appearing in the section User Management > User Permissions) and server does not read the group membership from AD, thus the group membership needs to be set up manually using the web-ui.
Thank you in advance for answer and have a nice day
Regards
post-auth script AD.py + RADIUS + Google Authenticator
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jul 17, 2017 11:42 am
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: post-auth script AD.py + RADIUS + Google Authenticator
Yes it should be possible for this to work together. You should run tests with authcli to see what user properties are reported back and you should look into running tests by altering code in your post_auth script and contacting the support ticket system and sending over your post auth script to see if there's a flaw in there.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.