On 05/01/2017 10:57, Maciej Drobniuch wrote:
Maybe I'll paraphrase the question.
It would suffice if I could tell IPA to use pass+otp only instead of
both (Password+ pass+otp) for particular hosts.
So for example users from hosts X can login with OTP only.
Sorry, I don't understand that.
Hi Brian
Thank You for your answer.
It started working, not sure yet why it did not work. I need to do some
extensive testing.
So, I've actually followed the blogposts you've mentioned to setup
ipanthash + freeradius.
Maybe I'll paraphrase the question.
It would suffice if I could tell IPA to
On 03/01/2017 15:28, Maciej Drobniuch wrote:
We have a topo with 3x IPA servers + freeradius.
Freeradius is being used to do mschap with wifi APs. Freeradius
connects over ldap to IPA.
In order to do the challange-response thing, freeipa has AllowNTHash
enabled.
So I wanted to enable
Hi All,
We have a topo with 3x IPA servers + freeradius.
Freeradius is being used to do mschap with wifi APs. Freeradius connects
over ldap to IPA.
In order to do the challange-response thing, freeipa has AllowNTHash
enabled.
So I wanted to enable 2FA/OTP but leave the NTHash as is for wifi
