Configuring FreeRadius with LDAP and Google MFA

Alan DeKok aland at
Thu Oct 7 15:35:49 CEST 2021

On Oct 7, 2021, at 8:42 AM, Quentin Rapin <quentinrapin at> wrote:
> Great, I checked it out, the example is clear. As said in the
> documentation, the module takes no configuration items. Does that mean
> that it is only compatible with google authenticator and knows where
> to find the file ? I mean it's even not required to indicate the path
> to the .google_authenticator file.

  As the module documentation makes clear, it expects the TOTP secret to be placed in the TOTP-Secret attribute.

  This means that you can place the secret in a file, or database, or anything else.  It's up to you.  That's the power of FreeRADIUS.

> Just did that, it works well. I can retrieve the information. What's
> strange is that ldap authentication worked before I added the TOTP
> config.

  Then something changed.

  Put all of the configuration into revision control.  Commit after every change, with a comment of what works, and what doesn't work.

  You could spend days trying to figure out "it used to work, and now it doesn't why?"

  Or, you could just revert to a "known working" configuration, and start over.  That's generally much, much, faster.

  Alan DeKok.

More information about the Freeradius-Users mailing list