free radius + google authenticator

yaya li yayali2003 at hotmail.com
Wed Apr 17 15:50:36 CEST 2019


thanks Martin.

________________________________
From: Freeradius-Users <freeradius-users-bounces+yayali2003=hotmail.com at lists.freeradius.org> on behalf of Martin Gignac <martin.gignac at gmail.com>
Sent: April 16, 2019 22:33
To: FreeRadius users mailing list
Subject: Re: free radius + google authenticator

>
> Hi Marthin, it stores in the user's home folder on radius server.


OK. You're doing it differently than I am. I thought perhaps you might be
storing the TOTP secret in Active Directory.

I have a setup where I store the TOTP secret as a string inside an unused
LDAP attribute on our IDM (Red Hat LDAP server) for each user. I built a
web page that authenticates each user with their LDAP credentials, and if
authenticated, then gives them the option of generating a new random TOTP
secret whose equivalent QR code is displayed on the webpage (so they can
provision Google Authenticator/Authy/FreeOTP on their phone) and which gets
stored inside that unused LDAP attribute. I also have a custom REST web app
that performs the authentication of the user with username and
password+TOTP via LDAP and is called via FreeRADIUS's rlm_rest.

Since you seem that have a much different setup from mine I don't think
what I'm doing would help you.

-Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list