free radius + google authenticator

yaya li yayali2003 at hotmail.com
Tue Apr 16 22:22:09 CEST 2019


thanks Arran.

currently, I have to switch to each user on radius server, type googleauthenticator to generate the QR code for them and send them the screen shot. Ideally, I would like to send them a link and have the users to generate the code themselves or the worst case I have to generate them manually but at least I have a finished QR code link to send to the users. I'm fairly new to this area so any advice would be really appreciated.

Yayali

________________________________
From: Freeradius-Users <freeradius-users-bounces+yayali2003=hotmail.com at lists.freeradius.org> on behalf of Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Sent: April 16, 2019 15:53
To: FreeRadius users mailing list
Subject: Re: free radius + google authenticator



> On 16 Apr 2019, at 15:07, Martin Gignac <martin.gignac at gmail.com> wrote:
>
>>
>> I configured to use FreeRadius + MS Active Directory + Google
>> Authenticator to authenticate the VPN users. My question is, is there a
>> good way to let user to generate the QR code themselves? or admin had
>> manually to generate the QR codes and code links, so they can be sent to
>> users. Any suggestions?
>>
>
> Where do you store the TOTP secret? Somewhere in an AD attribute?

Also depends what you're using this to protect.

If it's logins to CLI interfaces and the client allows text to be displayed to the user, there are a few libraries that'll generate QR codes using ascii characters.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list