FW: FreeRadius - Integrate FreeRadius with Google Authenticator

Cornelius Kölbel cornelius.koelbel at netknights.it
Tue Jan 19 18:09:30 CET 2021

Hello Yew Fong,

these are some very detailed, conceptual questions, which might be out
of scope of the mailing list.

see below...

Am Dienstag, den 19.01.2021, 05:11 +0000 schrieb
YewFong.Chua at fujitsu.com:
> Hi Members of FreeRadius,
> I would like to check whether, does FreeRadius has a proper guide or
> step for us to integrate FreeRadius with Google Authenticator?
> Also, we have a few concern mentioned below and not sure whether
> FreeRadius is able to highlight our concern:
> 1)      Can FreeRadius installed on the latest Ubuntu server 20.04?

Yes, via apt.

> 2)      How can we integrate FreeRadius with Google Authenticator? Is
> there any guide or proper step we can follow?

In addition to the link Eero sent, you might want to take a look at our
2FA management solution privacyIDEA. https://privacyidea.org
It comes with a FreeRADIUS plugin based on rlm_perl and allows for
bigger approach and management.

> 3)      Understand that CyberArk which is a Privileged Access
> Management solution can work with FreeRadius by configuring the
> Radius Configuration on CyberArk to talk to FreeRadius. May I know
> whether any additional configuration (Other than creating Radius
> Client on FreeRadius) that is required to be done on FreeRadius side
> in order for FreeRadius with Google Authenticator to works?

The important question is, if cyberark is reauthenticating the user
during a session. If it sends a cached password after a certain amount
of time, the user will be logged out, since the OTP is not valid
Sounds strange - but there are in fact applications that do such stuff.

Besides that, it should(TM) work.

> 4)      Also, whether is there any proper step for the following
> tasks:
> a.       Patch for FreeRadius application.
> b.       Patch for Ubuntu server that is installed with FreeRadius
> c.       Step to harden the Ubuntu server
> d.       Assume that Google Authenticator can upgrade, just as it is
> and it will not affect the FreeRadius?

This depends on the way you want to go.
You do not need to patch FreeRADIUS.
In any way you only need to configure it.
Hardening your Ubuntu should be topic somewhere else.


> Regards,
> Yew Fong
> Off-in-Lieu
> Planning: Nil
> Annual Leave
> Planning: 22nd, 28th & 29th Jan 2021
>                   15th to 19th Feb 2021
> National Reservist Leave
> Nil
> Fujitsu Asia Pte Ltd
> Nexus @One-North
> 1 Fusionopolis Link, #04-01
> Singapore 138542
> DID: +65 6512 7525
> Mobile: +65 9794 6548
> E-mail: yewfong.chua at fujitsu.com<mailto:yewfong.chua at fujitsu.com>
> Web: http://sg.fujitsu.com<http://sg.fujitsu.com/>; | LinkedIn: 
> www.linkedin.com/company/fujitsu-asia<http://www.linkedin.com/company/fujitsu-asia>
> ;
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
Cornelius Kölbel 
cornelius.koelbel at netknights.it
NetKnights GmbH    https://www.netknights.it
Ludwig-Erhard-Str. 12, 34131 Kassel, Germany
Tel:+49-561-3166797      Fax:+49-561-3166798
Amtsgericht Kassel      HRB 16405
Geschäftsführer: Cornelius Kölbel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20210119/d6c1120c/attachment.sig>

More information about the Freeradius-Users mailing list