free radius + google authenticator

yaya li yayali2003 at
Wed Apr 17 15:50:36 CEST 2019

thanks Martin.

From: Freeradius-Users < at> on behalf of Martin Gignac <martin.gignac at>
Sent: April 16, 2019 22:33
To: FreeRadius users mailing list
Subject: Re: free radius + google authenticator

> Hi Marthin, it stores in the user's home folder on radius server.

OK. You're doing it differently than I am. I thought perhaps you might be
storing the TOTP secret in Active Directory.

I have a setup where I store the TOTP secret as a string inside an unused
LDAP attribute on our IDM (Red Hat LDAP server) for each user. I built a
web page that authenticates each user with their LDAP credentials, and if
authenticated, then gives them the option of generating a new random TOTP
secret whose equivalent QR code is displayed on the webpage (so they can
provision Google Authenticator/Authy/FreeOTP on their phone) and which gets
stored inside that unused LDAP attribute. I also have a custom REST web app
that performs the authentication of the user with username and
password+TOTP via LDAP and is called via FreeRADIUS's rlm_rest.

Since you seem that have a much different setup from mine I don't think
what I'm doing would help you.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list