Using freeRadius with OTP and gateway

Mercier Valentin mercierv at gmail.com
Wed Mar 14 09:25:04 CET 2012


Hi Cornelius and Tim,  

First I want to apologize for my response pending, lot of things to do. Then thank you so much for your advices, but for now we think that the OTP system is not good for our implementation.  

But with some research we made, we have an another question.  
We want to enable on free radius the Access Request --> Access Challenge --> Access Request --> Access Accept / Reject, with CHAP, but we don't know how to do this, and if you can help us it would be great.  

Because I read that usually with this kind of implementation the Access Challenge contain a "message" with which the client need to calculate the response. And for now that enough for us.  

Thanks in advance, best regards
--  
Mercier Valentin


Le jeudi, 8 mars 2012 à 08:22, Cornelius Kölbel a écrit :

>  Hello Mercier,
>  
>  the interesting part about your idea is, that the user sends the SMS to authenticate, this avoids that you will have to pay for the SMS.
>  Most solutions send the SMS with the OTP to the user, so that you - the provider - will have to pay for the SMS sending.
>  Nevertheless you might take a look at LinOTP, which does one time password authentication and come with a freeradius module, so that integration in your scenario could be rather simple. Also in this case the RADIUS server does not know the users, but the auth request (with user and OTP) is forwarded to the linotp daemon, which in turn is able to verify the username and the provided OTP. The users can be fetched from any flat file and/or LDAP and/or SQL database.
>  Only drawback for your case is the thing with "who sends the sms".  
>  
>  Kind regards
>  Cornelius
>  
>  
>  
>  Am 07.03.2012 13:56, schrieb Mercier Valentin:  
> >  Hi everyone,  
> >  
> > I'm using Freeradius 2.1.12 on a server Debian. I have an another server Debian with Coovachilli (captive portal) and an Access Point based on Ruckus OS.  
> > When my users connected on the AP, a web page is coming with a formular to connect. Then the user enter is information (username and password) and Coovachilli made the authentication on the radius and this is working fine.  
> >  
> > Now I want to make something different, when the user connected on the AP, I want that he received a little formular, then he need to enter a username (not know on the radius) and i want the radius to create a One Time Password and send it to the user (on an another webpage). And the user send this OTP via SMS to a smsm gateway to finish the authentication, is that possible, and if yes, could someone explain to me how I can make it ?  
> >  
> > For the gateway sms I am using SMSLib (java library) on the same server as freeradius.  
> >  
> > Best regards and sorry for my bad english (from switzerland).  
> >  --  
> >  Mercier Valentin
> >  
> >  
> > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html  
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120314/79ea8b79/attachment.html>


More information about the Freeradius-Users mailing list