Azure MFA for NPS
(2019-05-28)
The Global parameter tells the firewall how long to wait on authentication services before giving up on the attempt; the server-specific setting tells the firewall how long to wait on that particular authentication service before repeating the request. If the radius request is repeated, the user could get bombarded with app requests for authentication; so we have made the server timeout match the global timeout.
Azure Multifactor Authentication for Network Policy Server
Notes:- I had problems with NPS more than anything. For some reason I got two of them into a state where they wouldn't stop, they'd just say "Stopping..." in the Services window and never come back from that. Finally a competent Windows admin stepped in and got it working again.
- We had to enroll one user in the Azure AD service to install the extension.
- On our Fortigate, I had to change the timeouts so that users would have time to press the application to grant permission to themselves.
config sys global set remoteauthtimeout 30 end conf user radius edit "MyRadiusServer" set timeout 30 next end
no comments |
post comment
Virtual Dave Megaplex:
Home Page- This wiki's start page
- Send Feedback To Dave
Logged in Users: (0)
Recently Changed
Check Internet Service Database Match- Device-Local Certificate Expired
- CLI Policy Lookup
- DH Selection For IPsec VPNs
- Scan For Newly Added Disk
- nmap
- Seconds Since Epoch to Local Time
- Link Monitor
- DH group to OAKLEY_GROUP table
- Fire Eater
- start
- FortiClient Error Codes
- dhparams Generation
- SSL Certificate Bundles
- ufw
- Grow A LVM Partition
- Creating Users
- whoami
- list databases
- 2023
- 2022
- 2019
- 2018
- 2017
- 2011
- 2010
- 2008
- 2001
- 2000
- 1999
Editing: snipsnap-help, Image Macro(Et auditum est, et idcirco ego nunc simulare)
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.