Freeradius second auth factor

Alan DeKok aland at
Fri Dec 20 17:12:59 CET 2019

On Dec 20, 2019, at 8:48 AM, Anton Kiryushkin <swood at> wrote:
> Nice to get an answer from you.
> The First factor is password stored in DB.
> Second is SMS.
> No, it is not for wifi; it is for VPN.

  OK,  that's good.

> As far as I understand, Cisco ASA
> sends the request to the radius with the final data: login, password,
> OTP-code.

  How?  That matters.

  Usually, people use login name, and then take the 6 digit OTP, and add it to the password, e.g.

User-Name = "bob"
User-Password = "123456my_secret_password"

> The only possible way to auth with the OTP is to generate it via
> phone application like Google Authenticator.
> My question is, does it possible to send an SMS instead of using the
> application.

  FreeRADIUS doesn't send SMSs directly.  It has to use a third-party application to send SMSs.

  Alan DeKok.

More information about the Freeradius-Users mailing list