Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius + LDAP + mOTP

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 404 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfDriver
      last edited by

      Hello,
      I have configured FreeRadius to work with Active Directory with group membership validation.
      Here are my configuration settings:
      1_FreeRadius_NAS-Clients
      2_FreeRadius_Interfaces
      3_FreeRadius_Settings
      4_FreeRadius_EAP
      5_FreeRadius_LDAP

      Also I need to change users file as this is the only way for group membership validation to work:

      /usr/local/etc/raddb/mods-config/files/authorize

      DEFAULT LDAP-Group == "VPN Users", Auth-Type := LDAP, Reply-Message := "OK, %{User-Name} is a member of the VPN Users group."
DEFAULT Auth-Type := Reject, Reply-Message := "%{User-Name} is not a member of the required group."

      This file is often overwritten, so I have to set it up again and again.

      But my question is whether it is possible to set up two factor authentication in my case (AD password+token)?

      I read that mOTP will probably not work with EAP, CHAP, MSCHAP, but maybe there is a workaround for this.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.