Login with username+password AND otp

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Login with username+password AND otp

Leslie
Forgive my ignorance, perhaps I am asking for something that Wikid can't do.

I'd like my AD users to login using their AD username+password and if that is successful, then Wikid would ask for the OTP

Is that possible?

Server 2008 + NPS (Radius)
Reply | Threaded
Open this post in threaded view
|

Re: Login with username+password AND otp

Nick Owen
Administrator
Leslie:

(responding here for the historical record.)

That's really up to the end point that handles the login process.  If
your VPN can do it and send the creds to AD and then to WiKID, great.
Some can and some cannot.

NPS does the authorization using the username. There's no need for the
AD password.   I would argue that it's best to not use your AD
password outside of the LAN.

WiKID, unlike say Google Authenticator, is two-factor. You need
knowledge of the PIN and the private key to get the OTP.   There is
often a lot of confusion about this.  Authenticator is one-factor,
possession of the phone and that's why it is "Two-step authentication"
instead of "Two-factor authentication"
https://www.wikidsystems.com/learn-more/authentication-problems/two-factor-authentication-vs-two-step-authentication/.

HTH,

Nick

On Wed, Jul 20, 2016 at 3:03 PM, Leslie [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Forgive my ignorance, perhaps I am asking for something that Wikid can't do.
>
> I'd like my AD users to login using their AD username+password and if that
> is successful, then Wikid would ask for the OTP
>
> Is that possible?
>
> Server 2008 + NPS (Radius)
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Login-with-username-password-AND-otp-tp7575239.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication.
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Login with username+password AND otp

usman
In reply to this post by Leslie
I have 4 server VPN>NPS>WIKID>AD

Now the issue is when I bypass the WIKID server. user was able to login with AD user via NPS server, but when I add WIKID in between NPS & AD, user authentication failed by OTP. I found some error logs but unable to resolve this issue

isServerInBlockMode() failed: FATAL: terminating connection due to administrator command


<3> Access-Request(1) LEN=164 192.168.9.57:57213 Access-Request by vpntest2 Failed: AccessRejectException: Access Denied


Please help??