On Tue, May 30, 2017 at 6:22 PM, Jarett DeAngelis <jarett at reticulum.us> wrote: > Hi everyone, > > So, I'm trying to figure out whether or not I can use ocserv with two-factor authentication (specifically, with Centrify) at work. In my lab environment I have it running successfully with the ocserv RADIUS client pointed at Windows 2012 R2's NPS doing authentication. I don't have (and can't get) Centrify running in the lab, which means I can't test 2FA in the lab with it. So I'm trying to figure out how to "fake" 2FA with NPS, so that I can see whether or not ocserv will pop the challenge for the second factor up in the AnyConnect GUI and pass the response back through. I can't find any information specific to this in the OpenConnect server documentation. Anyone have ideas? Hi the best resource are the recipes: http://www.infradead.org/ocserv/recipes.html What type of 2FA do you use? ocserv supports 2FA, with 2 different factors (e.g., a password and smart card, or a password and a kerberos ticket). If you have multiple passwords, the easiest way is through PAM. regards, Nikos
