Radius authentication using remote challenge

Forum|Forum|6 years ago
March 26, 2020
1 reply
6076 views

I'm working on RADIUS authentication together with MS NPS and Azure MFA.

So far, it works great when using "app notification". As in, a simple confirmation button in the app.

What I'm trying to achieve right now is to use the verification code from the app instead.

When I use "diagnose test authserver radius <server> pap user password, I receive a prompt "Enter Your Microsoft verification code", where I enter the code and I'm successfully authenticated.

However, when I try to use the same user logging into the firewall itself, it fails.

Via ssh, I get a question, "Remote Token" and after inputting a correct code, the connection is closed.

Via web, I get a second token input in the login form, input a correct code, and after a short while, I get authentication failed.

6.0

robinctAuthor

New Member

Never mind this. This was our internal NPS extension behaving differently when the authorization request came from a challenge request instead of the regular accept request.

gabobastidas

New Member

Hi, I'm experiencing the same issue when to use the verification code by Forticlient VPN.

I receive a prompt "Enter Your Microsoft verification code" but the authentication fails.

Could you share the change you made in the NPS extension?

robinctAuthor

New Member

Hi,

The error came from an internal NPS extension. I didn't experience any problems using only the bundled extensions, so can't really say what the issue is.

The NPS server should give some hints via the Event log though.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded