Hello Henk,
I've looked closely at your video and accomplishment with smsotp, congrats!
thank you. However the video shows something that is outdated. I now wrote a perl module for rlm_perl which does it much better without all the moving parts.
Did you also had a look at OATH TOTP instead of SMS authentication? This is a RFC (http://tools.ietf.org/html/rfc6238) as you may know. A user installs an app on their phone which implements this RFC (e.g. Google Authenticator) and it acts as a soft token.
I did and evaluated it together with RADIUS.
I've got this running with freeradius and the google authenticator PAM module. The downside of PAM is the lack of challenge-access and response support (AFAIK).
If you want a challenge response integration like the user first needs to authenticate with username and password and than gets a challenge and needs to answer with a response that is possible. You could also tweak it that you leave the first step out. Just have a look at the rlm_perl implementation in http://thomas.glanzmann.de/smsotpd.2012-08-16.tar.bz2
Do you know of anything that supports OATH and TOTP natively with freeradius and can be used with the access-challenge/response system (or am I wrong about PAM not supporting that feature)?
I think there was a module, but I don't recall, maybe ask the FreeRadius List, or grep in the modules directory. I take it on CC. Cheers, Thomas