Other RADIUS configurations
In the example below we used an Active Directory domain environment.Client Type - Client validates username and password
if you set Clien Type to Client validates username and password when configuring a RADIUS client in ESAC EA Web Console, then the first factor (username and password) is validated by the other PAM module:
When configuring RADIUS in this manner, add the following line in /etc/pam.d/sshd (or the appropriate integration):
auth required /usr/lib/pam/pam_radius_auth.so force_prompt prompt=RADIUS
In this case a SSH login process would look like this:
•prompts that start with the string Password: are handled by other PAM modules. Prompts that begin with the string RADIUS: are handled by our PAM module. See the argument 'prompt=RADIUS' in the sample code above
•SMS - at the first prompt, a user must enter their AD password. At the second prompt, they must enter the text 'sms' (without apostrophes). At the third prompt, they must enter their AD password. At the fourth prompt, they must enter the received OTP
•Other type of OTP (OTP received via mobile application or a hard token) - enter the AD password at the first attempt. At the second attempt enter the OTP.