I would like to set up two-factor authentication for my Wireless users.
I have an Windows NPS server that is currently authenticating my wireless users and I want to add certificates or any other second factor for authentication.
Microsoft NPS supports certificates, but I don't see the way to force users to authenticate using username/password AND certificate.
It can only be either or. I.e. I can configure the server to use certificate OR username/password authentication.
Is there any way to force 2 methods?
Or may be there is some other free/cheap way to configure 2FA for wireless users. I believe it's possible to use freeradius with Google authentication, but where will users enter OTP in this situation?
Thanks,
Roman
Best Answer
You may use privacyIDEA in conjunction with NPS. Note: You need privacyIDEA and a FreeRADIUS server. The NPS will forward the request to FreeRADIUS.
privacyIDEA can manage the knowledge factor and the possession factor. The 2nd factor can be any kind of OTP token like Smartphone App (Google Authenticator or FreeOTP, Hardware Token, Yubikey...)
Here is an integration guide to configure NPS with FreeRADIUS and privacyIDEA.
The OTP is entered in conjunction with the password (not necessarily windows password - can be):