Freeradius and 2 Factor Authentication

Arran Cudbard-Bell a.cudbardb at
Thu Jun 2 20:09:46 CEST 2016

> On Jun 2, 2016, at 1:26 PM, Aaron Smith <Aaron.Smith at> wrote:
> SecureId is pretty expensive, and it looks like Yubikey is hardware only.

But awesome.

>  Our users prefer a software based token.

Meh.  Honestly, with NFC/USB, using a hardware token is simpler, press the button and it all just works.

> SMSOtp might work, but although MOST of our users prefer software tokens, we do have some that prefer the hardware KT type tokens.

You shouldn't have any issues getting it working with Google authenticator.  The only time you have difficulty is when there needs to be more of a conversation.

>  I've been working on this for a while now, trying a ton of different freeradius permutations and have pretty much decided that it's impossible to use Freeradius

Sounds like a protocol limitation to me.  So more accurately it's not possible to use RADIUS or EAP authentication with the OTP solutions you're trying because they're fundamentally incompatible?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list