free radius + google authenticator

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Apr 16 21:53:06 CEST 2019



> On 16 Apr 2019, at 15:07, Martin Gignac <martin.gignac at gmail.com> wrote:
> 
>> 
>> I configured to use FreeRadius + MS Active Directory + Google
>> Authenticator to authenticate the VPN users. My question is, is there a
>> good way to let user to generate the QR code themselves? or admin had
>> manually to generate the QR codes and code links, so they can be sent to
>> users. Any suggestions?
>> 
> 
> Where do you store the TOTP secret? Somewhere in an AD attribute?

Also depends what you're using this to protect.

If it's logins to CLI interfaces and the client allows text to be displayed to the user, there are a few libraries that'll generate QR codes using ascii characters.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2




More information about the Freeradius-Users mailing list