Freeradius and 2 Factor Authentication

Cornelius Kölbel cornelius.koelbel at
Thu Jun 2 22:33:00 CEST 2016

Am Donnerstag, den 02.06.2016, 15:58 -0400 schrieb Arran Cudbard-Bell:

> > We actually have a commercial OTP solution via SafeNet, but it's a bit long in the tooth and also only supports PAP.  However, I opened a ticket today and their newer versions actually support MSChapv2 so that might be the way to go if converting our token licenses isn't too ridiculous in cost.
> Anything that'll give you the plaintext password from the OTP server back will work with MSCHAPv2.

The OTP server could return the plain text OTP password. But this is
only the 2nd factor. It will not return the LDAP user password, which is
the 1st factor.

So in a setup were you have two steps of authentication, this will work.
But often the password and OTP are entered in conjunction. This will
Kind regards

> -Arran
> -
> List info/subscribe/unsubscribe? See

Cornelius Kölbel
cornelius.koelbel at
+49 151 2960 1417

NetKnights GmbH
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the Freeradius-Users mailing list