FreeRadius + LDAP + mOTP
-
Hello,
I have configured FreeRadius to work with Active Directory with group membership validation.
Here are my configuration settings:
1_FreeRadius_NAS-Clients
2_FreeRadius_Interfaces
3_FreeRadius_Settings
4_FreeRadius_EAP
5_FreeRadius_LDAPAlso I need to change users file as this is the only way for group membership validation to work:
/usr/local/etc/raddb/mods-config/files/authorize
DEFAULT LDAP-Group == "VPN Users", Auth-Type := LDAP, Reply-Message := "OK, %{User-Name} is a member of the VPN Users group." DEFAULT Auth-Type := Reject, Reply-Message := "%{User-Name} is not a member of the required group."
This file is often overwritten, so I have to set it up again and again.
But my question is whether it is possible to set up two factor authentication in my case (AD password+token)?
I read that mOTP will probably not work with EAP, CHAP, MSCHAP, but maybe there is a workaround for this.