File: raspberry/how-to-build-a-raspberry-strong-authentication-server.txt

Recommend this page to a friend!

raspberry/how-to-build-a-raspberry-strong-authentication-server.txt

File:	`raspberry/how-to-build-a-raspberry-strong-authentication-server.txt`
Role:	Documentation
Content type:	`text/plain`
Description:	Documentation
Class:	multiOTP PHP class Authenticate and manage OTP strong user tokens
Author:	By Andr� Liechti
Last change:	Release 5.10.0.2 - Fixed docker issue Release 5.10.0.1 New release 5.9.9.1 FIX: Windows backup temp folder is now the default system temp folder FIX: Adding -sync-delete-retention-days parameter doesn't return missing parameters error FIX: Case sensitive issue has been fixed with MSCHAPv2 authentication (thanks Alexey) FIX: Case sensitive issue has been fixed during FastCreateUser process FIX: {MultiotpUserDisplayName} tag usage in templates (was not replaced in the QRcode) ENH: Created users are trimmed to avoid bad space prefix/suffix during copy/paste ENH: multiOTP Credential Provider enhanced support ENH: New default-2fa-digits command line option to set the default amount of OTP digits ENH: PHP 8.4.x deprecated code cleaned (xml_set_object removed) ENH: New Message-Authenticator requirement support for FortiGate v7.2.10+, v7.4.5+ and v7.6.1+ ENH: New SetCurrentUserSid function for new Credential Provider -usersid option ENH: Embedded Windows PHP edition updated to version 8.3.15 ENH: Embedded Windows nginx edition updated to version 1.27.3 New release 5.9.8.0 FIX: Database backend setup and initialization was not working well with some PHP version ENH: New option to force writing logs only in file (even if the backend is a database) ENH: Spryng SMS provider support ENH: PHP 8.2.x deprecated code cleaned (null for string parameters) FIX: without2fa token can be now correctly converted to TOTP with default 30 seconds time interval FIX: Without2fa tokens with prefix pin where not working with CHAP/MSCHAP/MSCHAPv2 FIX: Windows: radiusd.conf and clients.conf files removed from the distribution (they are created automatically when installing the services using radius_install.cmd) ENH: Windows: -debug option removed from the radius module launcher ENH: By design, Credential Provider check request don't wait any prefix. This behavior can now be overwrited.
Date:	1 month ago
Size:	`3,527 bytes`

Download

How to build a Raspberry Pi RADIUS strong two factors authentication server in some easy steps ?
================================================================================================

(c) 2010-2025 SysCo systemes de communication sa
https://www.multiotp.net/

Current build: 5.10.0.2 (2025-10-31)

Supported Raspberry Pi hardware: 1B/1B+/2B/3B/3B+/4B

0) If you want to download a multiOTP Raspberry Pi image ready to use, follow this URL:
   https://download.multiotp.net/raspberry/
   
   Nano-computer name: multiotp
   IP address: 192.168.1.44 (netmask: 255.255.255.0, default gateway: 192.168.1.1)
   Username: pi
   Password: raspberry
   
   You can now flash the SD Card (check point 3) and 4) if needed), put the SD Card
   into the Raspberry Pi and boot it. You can go directly to point 15)
   
1) If you want to use a battery backed up Real Time Clock, install it now in your
   Raspberry Pi, the drivers for these models are included in the package:
     https://afterthoughtsoftware.com/products/rasclock
     http://www.cjemicros.co.uk/micros/products/rpirtc.shtml
     https://www.robotshop.com/ca/en/elecrow-ds3231-high-precision-rtc-clock-module-raspberry-pi-b.html
     https://learningdevelopments.co.nz/products/rtc-clock-module-for-raspberry-pi
   
2) Download the last image of Raspbian Lite to be flashed
   https://downloads.raspberrypi.org/raspios_lite_armhf_latest (currently 2021-03-04-raspios-buster-armhf-lite.zip)

3) Format your SD Card using the SD Card Association�s formatting tool
   https://www.sdcard.org/downloads/formatter/

4) Flash the raw image using the universal Windows/macOS/Linux Etcher from Balena: https://www.balena.io/etcher/
   or Win32DiskImager for Windows: https://sourceforge.net/projects/win32diskimager/files/latest/download
   or the dd UNIX tool
   This should take about 10 minutes.

5) Copy all files from multiotp/raspberry/boot-part to the root of the SD Card
   (it could overwrite some files like config.txt, were we have already enabled the I2C)

6) When copy is done, eject the SD Card

7) Connect the Raspberry Pi to the local network

8) Put the SD card into the Raspberry Pi and boot it

9) Login directly on your Raspberry Pi, or using SSH, with the default username "pi" and the password "raspberry"

10) Launch the initial configuration by typing sudo raspi-config

11) Choose the following options
    1) Change User Password
    2) Network options
       N1) N1 Hostname (change the hostname to your favorite name, for example "multiotp")
    4) Localization Options (if needed)
    7) Advanced Options
       A1) Expand Filesystem

12) Select Finish and answer "<Yes>" to reboot, or type "sudo reboot"

13) Login again directly (after about 30 seconds) on your Raspberry Pi, or using SSH, with the default username "pi" and your new password

14) Type "sudo /boot/install.sh"
    Everything is done automatically (it will take about 35 minutes) and the Raspberry Pi will reboot automatically at the end

15) The fixed IP address is set to 192.168.1.44, with a default gateway at 192.168.1.1
    To adapt the network configuration, edit the file /etc/network/interfaces

16) Congratulations! You have now an open source and fully OATH compliant
    strong two factors authentication server!
    Surf on http(s)://192.168.1.44 to use the basic interface (admin / 1234)

17) The default radius secret is set to myfirstpass for the subnet 192.168.0.0/16.
    To adapt the freeradius configuration, edit the file /etc/freeradius/clients.conf.

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.

File: raspberry/how-to-build-a-raspberry-strong-authentication-server.txt

Contents