On Jun 22, 2020, at 10:22 AM, Júlíus Þór Bess Ríkharðsson <[hidden email]> wrote:
> I'm wondering if I can authenticate users locally and then proxy the
> request. I'm hoping to authenticate the user on both servers, and if
> both can, then reply with Access-Accept.
The answer is "it depends".
For EAP? No. For PAP? Probably. MS-CHAP? Likely not.
> I've been searching around and It seems like it's only possible in
> version 4 because of the way versions up to 3 do proxying. Am I wrong?
It's certainly a lot easier in v4. i.e. pretty much trivial.
> I'm hoping that it's possible somehow using unlang in version 3.
> The reason for doing this is I want to continue authenticating users
> locally (AD as users db) and then proxy the request for MFA/2FA push
Is the server receiving User-Password attributes? If so, it should be relatively simple. Otherwise, it may be a lot more difficult.