I created a small perl extension for freeradius to do a 2 factor authentication with AD and google authenticator.
- Authenticate against Active Directory with the use of PAM.
- Authenticate with time based otp. The secret is stored per user in a mysql. Google Authenticator
Enrollment of OTP secret: 1. A small Self service portal that lets a user generate a secret. If the user tries to login to the selfservice portal when otp is set. otp is required to login.