I am using Duo Security 2-factor authentication. It works by using a
Radius proxy server to accept a username and password, compares the
username and password against an identity store (eDirectory), and then
send a confirmation via a smartphone app. I have the second factor
turned off while I am troubleshooting the proxy authentication.

The problem I am having is that the Radius class in NAM 4.0 SP1 appears
not to be using the password field for the password. The login page
prompts for a username, password, and token. If I enter only the
username and password, the LDAP trace reports a -669, and my best guess
is that it is not sending the password along with the username. If I
populate the LDAP password in the token field, it authenticates
successfully, but then I can't see a way to use the token in an identity
injection, which I need for single sign on. If I enter the password
into both the token and password fields, everything works. Obviously, I
would prefer not to have to enter the password into two fields every
time I authenticate.

I realize it goes against what Radius is designed for, but is there a
way I can use Radius, but only require a password, not a token?

oyarsa's Profile: https://forums.netiq.com/member.php?userid=193
View this thread: https://forums.netiq.com/showthread.php?t=51683