Hi all,

Firstly, this relates to a question asked for our project by Amy Hawke:
http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-January/msg00617.html

Since the above conversation, I've had an email discussion with Alan DeKok and clarified a few things - it seems that what we want to do is achievable with FreeRADIUS so I'd like to ask the list.

Situation:
We have an existing LDAP directory which holds username and password information. We purchased RSA's SecurID with the intention of implementing a second factor of authentication to be used in conjunction with our existing username and password. At the time, it was not realised that the intention of SecurID is to replace your existing source of authentication information - which will not be doing!

Scenario:
To pilot the SecurID product, we selected VPN access to a part of our network, protected by a Cisco ASA5500 series device. We are in the process of moving away from the MS IAS RADIUS solution to FreeRADIUS. We know that MS IAS cannot do what we want to do.

What we want to do:
When a user attempts to access the VPN, have them provide their username/password as well as (their same) username and tokencode from their SecurID fob. It is OK if they provide the password and tokencode separately or together. (I spoke to the folks at Radiator, and they have a programming ability in their RADIUS server to chop up the password field before it's authenticated, i.e. have the tokencode and password provided in the same field at the client, then take the first eight characters of the 'password' field, send that string plus the username to SecurID via RADIUS, and the rest of the characters from the 'password' field and the username to our LDAP directory.) Ideally we would prompt them for username, password and tokencode at the same time.

Can FreeRADIUS do this (it seems that Access-Challenge is exactly what we want: http://en.wikipedia.org/wiki/RADIUS#AAA) or a similar thing to solve our requirement?

Thanks,
--
Greg Vickers
Phone: +61 7 3138 6902
IT Security Engineer & Project Manager
Queensland University of Technology, CRICOS No. 00213J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to