0

I would like to set up two-factor authentication for my Wireless users.

I have an Windows NPS server that is currently authenticating my wireless users and I want to add certificates or any other second factor for authentication.

Microsoft NPS supports certificates, but I don't see the way to force users to authenticate using username/password AND certificate.

It can only be either or. I.e. I can configure the server to use certificate OR username/password authentication.

Is there any way to force 2 methods?

Or may be there is some other free/cheap way to configure 2FA for wireless users. I believe it's possible to use freeradius with Google authentication, but where will users enter OTP in this situation?

Thanks, Roman

Roman_T
  • 113
  • 2

1 Answers1

0

Roman,

The problem is that Google authenticator is only one factor. You would need to change the login process for your access point to handle two steps and that's usually quite hard. You can use a system like RSA that pin-appends and then strips it out or like ours that requires the pin before you get the OTP.

Note that NPS does not use the AD password for authorization. So using a pin as the what you know is all you need.

See this doc for a working example: https://www.wikidsystems.com/support/how-to/how-to-configure-nps-2012-for-two-factor-authentication/.

Hth,

Nick

nowen
  • 767
  • 3
  • 8