free radius + google authenticator
martin.gignac at gmail.com
Wed Apr 17 04:33:56 CEST 2019
> Hi Marthin, it stores in the user's home folder on radius server.
OK. You're doing it differently than I am. I thought perhaps you might be
storing the TOTP secret in Active Directory.
I have a setup where I store the TOTP secret as a string inside an unused
LDAP attribute on our IDM (Red Hat LDAP server) for each user. I built a
web page that authenticates each user with their LDAP credentials, and if
authenticated, then gives them the option of generating a new random TOTP
secret whose equivalent QR code is displayed on the webpage (so they can
provision Google Authenticator/Authy/FreeOTP on their phone) and which gets
stored inside that unused LDAP attribute. I also have a custom REST web app
that performs the authentication of the user with username and
password+TOTP via LDAP and is called via FreeRADIUS's rlm_rest.
Since you seem that have a much different setup from mine I don't think
what I'm doing would help you.
More information about the Freeradius-Users