On 16 Apr 2019, at 15:07, Martin Gignac <martin.gignac@gmail.com> wrote:
I configured to use FreeRadius + MS Active Directory + Google Authenticator to authenticate the VPN users. My question is, is there a good way to let user to generate the QR code themselves? or admin had manually to generate the QR codes and code links, so they can be sent to users. Any suggestions?
Where do you store the TOTP secret? Somewhere in an AD attribute?
Also depends what you're using this to protect. If it's logins to CLI interfaces and the client allows text to be displayed to the user, there are a few libraries that'll generate QR codes using ascii characters. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2