post-auth script AD.py + RADIUS + Google Authenticator

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
mako
OpenVpn Newbie
Posts: 1
Joined: Mon Jul 17, 2017 11:42 am

post-auth script AD.py + RADIUS + Google Authenticator

Post by mako » Fri Oct 06, 2017 3:33 pm

Hello,
I have a question regarding AD.py post-auth script + RADIUS and Google Authenticator.
I have already tested the post-auth AD.py script + RADIUS functionality and it works perfectly - AD user added to specific group configured on NPS gets assigned to the specific group on the access server side.
I wanted to add additional authentication factor using Google Authenticator.

My question is - is it possible for AD.py + RADIUS and google authenticator to cooperate?

After enabling Google Authenticator mapping AD group to OVPN group stopped working. When configured with qr code, user accounts are appearing in the section User Management > User Permissions) and server does not read the group membership from AD, thus the group membership needs to be set up manually using the web-ui.

Thank you in advance for answer and have a nice day :)
Regards
Top
User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: post-auth script AD.py + RADIUS + Google Authenticator

Post by novaflash » Fri Oct 06, 2017 6:58 pm

Yes it should be possible for this to work together. You should run tests with authcli to see what user properties are reported back and you should look into running tests by altering code in your post_auth script and contacting the support ticket system and sending over your post auth script to see if there's a flaw in there.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
Top
Post Reply

Return to “The OpenVPN Access Server”