thanks Martin. ________________________________ From: Freeradius-Users <freeradius-users-bounces+yayali2003=hotmail.com@lists.freeradius.org> on behalf of Martin Gignac <martin.gignac@gmail.com> Sent: April 16, 2019 22:33 To: FreeRadius users mailing list Subject: Re: free radius + google authenticator
Hi Marthin, it stores in the user's home folder on radius server.
OK. You're doing it differently than I am. I thought perhaps you might be storing the TOTP secret in Active Directory. I have a setup where I store the TOTP secret as a string inside an unused LDAP attribute on our IDM (Red Hat LDAP server) for each user. I built a web page that authenticates each user with their LDAP credentials, and if authenticated, then gives them the option of generating a new random TOTP secret whose equivalent QR code is displayed on the webpage (so they can provision Google Authenticator/Authy/FreeOTP on their phone) and which gets stored inside that unused LDAP attribute. I also have a custom REST web app that performs the authentication of the user with username and password+TOTP via LDAP and is called via FreeRADIUS's rlm_rest. Since you seem that have a much different setup from mine I don't think what I'm doing would help you. -Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html