Freeradius and 2 Factor Authentication

Aaron Smith Aaron.Smith at
Thu Jun 2 19:26:02 CEST 2016

SecureId is pretty expensive, and it looks like Yubikey is hardware only.  Our users prefer a software based token.  SMSOtp might work, but although MOST of our users prefer software tokens, we do have some that prefer the hardware KT type tokens.  I've been working on this for a while now, trying a ton of different freeradius permutations and have pretty much decided that it's impossible to use Freeradius with an opensource OTP solution like LinOTP or privacyIDEA unless you restrict your clients to either proprietary VPN protocols like SSTP or barely secure VPN protocols like PPTP as those are the only ones that will allow you to use Unencrypted Passwords. 
 If I'm wrong about that, I'd love to hear what kind of VPN clients/protocols are in use with Freeradius and LinOTP/privacyIDEA.

Aaron Smith
System Administrator  
Information Services 
Kalamazoo College
1200 Academy Street, Kalamazoo, MI 49006
(269) 337-7496
 Aaron.Smith at

-----Original Message-----
From: Freeradius-Users [ at] On Behalf Of Arran Cudbard-Bell
Sent: Wednesday, June 01, 2016 10:48 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius and 2 Factor Authentication

> A secondary question is that I imagine I can't be the first person to use Freeradius with 2 factor authentication.  I'd be curious to know how other folks have tackled this project and what products they used to accomplish it.

They do it with a non-EOLd version, which has a full REST client and integration with SMSOTP, SecureID, and Yubikey out of the box.


More information about the Freeradius-Users mailing list