Hi!

I have a little specific problem.
We use Mikrotik routers by many of our companies with Microsoft NPS as RADIUS server.
But with the new User Manager (v7) we want to use the OTP function for MFA authentication in VPN.
That works also fine, but one company has to many users (~200) to configure all devices in 1 day.
So we want to use the two RADIUS servers simultaneously, for the time of reconfigure the clients.
I made a test environment and in Microsoft NPS server added the Mikrotik as Remote RADIUS server (RADIUS-proxy).
It redirects the requests to User Manager and the User Manager answers but the Microsoft NPS server says timeout.
I figured out, that if the RADIUS server receives the authentication request through a RADUS-proxy, the RADIUS-proxy sends a Proxy-State attribute (standard, type ID 33) to the server.
That must send back the RADIUS server to the RADIUS-proxy unmodified. It is described in RFC2865 page 53. https://www.rfc-editor.org/rfc/rfc2865.html#page-53
I ran Wireshark and saw that the RADIUS-proxy sends this attribute, but the User Manager sends it not back.
If i add the attribute, to the User Manger and user it sends the required attribute, but the value changes dynamically, so this is not functioning.
Can i add dynamic value to the RADIUS attribute based on incoming request, or can Mikrotik implement this in User Manager?

Thank you for you help!

hello, have you been able to configure Microsoft nps and user manager for two-step authorization?