Hello Yew Fong, these are some very detailed, conceptual questions, which might be out of scope of the mailing list. see below... Am Dienstag, den 19.01.2021, 05:11 +0000 schrieb YewFong.Chua@fujitsu.com:
Hi Members of FreeRadius,
I would like to check whether, does FreeRadius has a proper guide or step for us to integrate FreeRadius with Google Authenticator?
Also, we have a few concern mentioned below and not sure whether FreeRadius is able to highlight our concern:
1) Can FreeRadius installed on the latest Ubuntu server 20.04?
Yes, via apt.
2) How can we integrate FreeRadius with Google Authenticator? Is there any guide or proper step we can follow?
In addition to the link Eero sent, you might want to take a look at our 2FA management solution privacyIDEA. https://privacyidea.org It comes with a FreeRADIUS plugin based on rlm_perl and allows for bigger approach and management.
3) Understand that CyberArk which is a Privileged Access Management solution can work with FreeRadius by configuring the Radius Configuration on CyberArk to talk to FreeRadius. May I know whether any additional configuration (Other than creating Radius Client on FreeRadius) that is required to be done on FreeRadius side in order for FreeRadius with Google Authenticator to works?
The important question is, if cyberark is reauthenticating the user during a session. If it sends a cached password after a certain amount of time, the user will be logged out, since the OTP is not valid anymore. Sounds strange - but there are in fact applications that do such stuff. Besides that, it should(TM) work.
4) Also, whether is there any proper step for the following tasks:
a. Patch for FreeRadius application.
b. Patch for Ubuntu server that is installed with FreeRadius
c. Step to harden the Ubuntu server
d. Assume that Google Authenticator can upgrade, just as it is and it will not affect the FreeRadius?
This depends on the way you want to go. You do not need to patch FreeRADIUS. In any way you only need to configure it. Hardening your Ubuntu should be topic somewhere else. Regards, Cornelius
Regards, Yew Fong
Off-in-Lieu Planning: Nil
Annual Leave Planning: 22nd, 28th & 29th Jan 2021 15th to 19th Feb 2021
National Reservist Leave Nil
Fujitsu Asia Pte Ltd Nexus @One-North 1 Fusionopolis Link, #04-01 Singapore 138542 DID: +65 6512 7525 Mobile: +65 9794 6548 E-mail: yewfong.chua@fujitsu.com<mailto:yewfong.chua@fujitsu.com> Web: http://sg.fujitsu.com<http://sg.fujitsu.com/>; | LinkedIn: www.linkedin.com/company/fujitsu-asia<http://www.linkedin.com/company/fujitsu-asia> ;
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Cornelius Kölbel cornelius.koelbel@netknights.it Tel:+49-561-9979-1540 NetKnights GmbH https://www.netknights.it Ludwig-Erhard-Str. 12, 34131 Kassel, Germany Tel:+49-561-3166797 Fax:+49-561-3166798 Amtsgericht Kassel HRB 16405 Geschäftsführer: Cornelius Kölbel