Problem with external authentication script

Stefan Kuegler freeradius at kuegler.org
Mon Jun 8 21:18:16 CEST 2009 

Hi Alan.
>> I want to use MOTP for authentication. MOTP uses a shell-script
>> (/usr/local/bin/otpverify.sh) to verify the given password. The script
>> needs five arguments (User, One-Time-Password, Secret, PIN and Offset).
> 
>   Where do those arguments come from?
OK - that's what I forgot to say. The first two arguments (user and 
password) come directly from the user. The next three arguments (secret, 
pin and offset) are per-user-values. So I wanted to configure these 
values in the 'users'-file (/etc/freeradius/users)

For example:
[...]
   user1
      Secret = 143a5c6fa125ac1f,
      PIN = 1234,
      Offset = 0

> 
>> My system is a fresh installation of freeradius on a Debian/Lenny system.
>>
>> I did the following changes on the following config-files:
>>
>> 1. A new dictionary-file (included in /etc/freeradius/dictionary):
>>    /etc/freeradius/dictionary.motp
>>    -------------------------------
>>    ATTRIBUTE       Secret                  960     string
>>    ATTRIBUTE       PIN                     961     string
>>    ATTRIBUTE       Offset                  962     string
> 
>   That defines the attributes.  Now, where do the values get populated?
In the users file (see above).

> 
>> 2. A new module in
>>    /etc/freeradius/radiusd.conf (modules-section):
>>    ----------------------------
>>    [...]
>>    exec motp {
>>         wait = yes
>>         program = "/usr/local/bin/otpverify.sh %{User-Name}
>> %{User-Password} %{Secret} %{PIN} %{Offset}"
>>         input_pairs = request
>>         output_pairs = config
>>    }
>>    [...]
> 
>   The %{...} syntax replaces the given string with the *value* of the
> named attributed.  Where are you setting these values?
Also in the users file.

> 
>> The main-problem is: freeradius didn't call the script with all the
>> needed arguments - so the authentication failes:
>>
>> [...]
>>         expand: /usr/local/bin/otpverify.sh '%{User-Name}'
>> '%{User-Password}' '%{Secret}' '%{PIN}' '%{Offset}' ->
>> /usr/local/bin/otpverify.sh 'stefan' '123' '' '' ''
> 
>   Because you haven't define any values for those attributes.

Can you tell me, where I have to define them ??

Thank you very much,

Stefan

More information about the Freeradius-Users mailing list