Using OTP authentication with Freeradius 2
Greg Woods
woods at ucar.edu
Wed Jul 2 16:40:41 CEST 2008
On Wed, 2008-07-02 at 09:23 +0100, Ivan Kalik wrote:
> Try adding it to inner-tunnel as well (you won't be using it there, but
> it won't hurt). It looks like inner-tunnel is loaded before default in
> your configuration (my 2.0.5 loads default first).
Thank you! That was it! First major hurdle overcome. Now I have to
figure out why it doesn't authenticate. "otpauth" does work, so I know
otpd is doing the right thing, but when I run "radtest", I see a bunch
of Access-Request packets sent and no response. The debug output looks
like:
rad_recv: Access-Request packet from host 128.117.64.240 port 33485,
id=190, len
gth=57
User-Name = "woods"
User-Password = "##########"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "woods", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
users: Matched entry DEFAULT at line 4
++[files] returns ok
rlm_otp: otp_pwe_present: password attributes 2, 2
++[otp] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type otp
auth: type "otp"
+- entering group authenticate
rlm_otp: otp_pwe_present: password attributes 2, 2
I cannot see from there why the server is not responding. I thought
maybe it was a firewall issue, so I made sure to try again after turning
off iptables, but the result is the same.
--Greg
More information about the Freeradius-Users
mailing list