Hot!Radius authentication using remote challenge

Author
robinct
Bronze Member
  • Total Posts : 26
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/24 23:57:54
  • Status: offline
2020/03/26 08:26:25 (permalink) 6.0
0

Radius authentication using remote challenge

I'm working on RADIUS authentication together with MS NPS and Azure MFA.
So far, it works great when using "app notification". As in, a simple confirmation button in the app.
 
What I'm trying to achieve right now is to use the verification code from the app instead.
 
When I use "diagnose test authserver radius <server> pap user password, I receive a prompt "Enter Your Microsoft verification code", where I enter the code and I'm successfully authenticated.
 
However, when I try to use the same user logging into the firewall itself, it fails.
 
Via ssh, I get a question, "Remote Token" and after inputting a correct code, the connection is closed.
Via web, I get a second token input in the login form, input a correct code, and after a short while, I get authentication failed.
#1

4 Replies Related Threads

    robinct
    Bronze Member
    • Total Posts : 26
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/24 23:57:54
    • Status: offline
    Re: Radius authentication using remote challenge 2020/03/27 05:42:07 (permalink)
    0
    Never mind this. This was our internal NPS extension behaving differently when the authorization request came from a challenge request instead of the regular accept request.
    #2
    gabobastidas
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/05 09:15:52
    • Status: offline
    Re: Radius authentication using remote challenge 2020/09/14 09:46:28 (permalink)
    0

    Hi, I'm experiencing the same issue when to use the verification code by Forticlient VPN.
     
    I receive a prompt "Enter Your Microsoft verification code" but the authentication fails.
     
     
    Could you share the change you made in the NPS extension?
    #3
    robinct
    Bronze Member
    • Total Posts : 26
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/24 23:57:54
    • Status: offline
    Re: Radius authentication using remote challenge 2020/09/15 00:24:46 (permalink)
    0
    Hi,
     
    The error came from an internal NPS extension. I didn't experience any problems using only the bundled extensions, so can't really say what the issue is.
     
    The NPS server should give some hints via the Event log though.
    #4
    emnoc
    Expert Member
    • Total Posts : 5769
    • Scores: 375
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Radius authentication using remote challenge 2020/09/15 06:01:34 (permalink)
    0
    And add grab a packet capture . You can see the request access-rejected|accept|challenge request in the dump. It can go a long way with analyzing the issue.
     
    Ken Felix
     

    PCNSE 
    NSE 
    StrongSwan  
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5