Freeradius second auth factor

Alan DeKok aland at deployingradius.com
Fri Dec 20 14:39:31 CET 2019


On Dec 20, 2019, at 6:53 AM, Anton Kiryushkin <swood at fotofor.biz> wrote:
> 
> I want to configure the second authorisation factor with EAP-type, and md5
> hashed password saved in MySQL.
> I found several modules and services like MultiOTP and Smsotp, but I can't
> understand how to provide the SMS before the authorisation or how to ask
> FreeRadius to wait for the process sends SMS?

  You need to configure a module to send the SMS.  How that works depends on how the SMS is sent.  And only you know that.

> Could you please explain this to me?

  What kind of 2 factor auth do you want to do?

  To be honest, the only thing that's going to work is TTLS + PAP.  Since passwords are stored in MD5 format in the DB, nothing else will work.

  But... if this is for WiFi, users will be *very* unhappy if they have to enter a new OTP every time they switch access points.  That's just not going to work.

  Alan DeKok.




More information about the Freeradius-Users mailing list