free radius + google authenticator

yaya li yayali2003 at
Tue Apr 16 22:22:09 CEST 2019

thanks Arran.

currently, I have to switch to each user on radius server, type googleauthenticator to generate the QR code for them and send them the screen shot. Ideally, I would like to send them a link and have the users to generate the code themselves or the worst case I have to generate them manually but at least I have a finished QR code link to send to the users. I'm fairly new to this area so any advice would be really appreciated.


From: Freeradius-Users < at> on behalf of Arran Cudbard-Bell <a.cudbardb at>
Sent: April 16, 2019 15:53
To: FreeRadius users mailing list
Subject: Re: free radius + google authenticator

> On 16 Apr 2019, at 15:07, Martin Gignac <martin.gignac at> wrote:
>> I configured to use FreeRadius + MS Active Directory + Google
>> Authenticator to authenticate the VPN users. My question is, is there a
>> good way to let user to generate the QR code themselves? or admin had
>> manually to generate the QR codes and code links, so they can be sent to
>> users. Any suggestions?
> Where do you store the TOTP secret? Somewhere in an AD attribute?

Also depends what you're using this to protect.

If it's logins to CLI interfaces and the client allows text to be displayed to the user, there are a few libraries that'll generate QR codes using ascii characters.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list