Ocserv 2FA Duo

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Thu Sep 8 23:12:07 PDT 2016


On Thu, Sep 8, 2016 at 7:46 PM, Nux! <nux at li.nux.ro> wrote:
> Hi,
>
> I am trying to enable 2FA using a local Radius server and a Duo-enabled[1] Radius server, but alas it seems I cannot mix same kind of authentication types.
> "radius[config=/etc/radcli/radiusclient.conf,groupconfig=false]: You cannot mix multiple authentication methods of this type"

Unfortunately that's a limitation, which looked reasonable initially,
but now it looks like it should be reconsidered/lifted.

> In fact I get the "cannot mix" error even if I mix auth of plain with radius or pam.
> Any pointers as to what needs to be done to get this working?

You can work-around it by setting up all your password auth methods
over pam. That is, use radius over PAM, in addition to your primary
auth password.

regards,
Nikos



More information about the openconnect-devel mailing list