Some proprietary, OTP-based second factor implementations expose a Radius server that allow an authenticating application (such as LemonLDAP::NG) to verify the validity of an OTP using the standard Radius protocol.
Tip
This page is about using Radius to connect to an external 2FA system for the second factor only. If your 2FA system works by concatenating the user’s password and their OTP (LinOTP), you should probably be using regular Radius authentication instead
After choosing the Radius second factor type, the user is prompted with a code that will be checked against the Radius server.
This feature uses Authen::Radius
. Before enable it, on Debian you
must install it :
For CentOS/RHEL:
yum install perl-Authen-Radius
In Debian/Ubuntu, install the library through apt-get command
apt-get install libauthen-radius-perl
All parameters are configured in “General Parameters » Second factors » Mail second factor”.
On
to activate this module, or use a
specific rule to select which users may use this type of second
factorwhatToTrace
is used.