Norbert Wegener wrote:
Alan DeKok wrote:Norbert Wegener wrote:It should be simple to generate a one time password, throw it into a database,send it via sms and make it available for the next time, the user requests access. The problem here seems to be, that after a first successfull authentication another one with only a new password but the already entered username has to be done. Can this be realised with an actual freeradius? If so: Where can I find documentation about it?You first need to define what you mean by "successful authentication". Is it sending an Access-Accept? Or receiving an Accounting start for that user?
The box I am talking about is a Juniper vpn gateway. There they have Custom Radius Authentication Rules and in the configuration menu there is: If received packet Type :Access Challenge Take action: Show Next Token pageNow it seems to me, that after providing the correct login/(static) password combination, not an Access-Accept must be sent, but instead an Access-Challenge. Maybe, this can be done using the otpd, but up to now I am searching on how to realise this.
Anyone any idea? Norbert Wegener