Test Client which supports PAP Access-Challenge

Thomas Glanzmann thomas at glanzmann.de
Mon May 21 16:12:18 CEST 2012 

Hello Matthew,

> Forget that - I've not had enough coffee yet today :) You need to
> respond to the challenge, not send one yourself...

exactly, however the Authen::Radius perl module saved my day:

#!/usr/bin/perl -w

# Thomas Glanzmann 16:06 2012-05-21
# First Argument is username, second argument is password
# Authen::Radius requires a legacy dictionary without advanced
# keywords like encrypted or $INCLUDEs

use strict;
use warnings FATAL => 'all';

use Authen::Radius;

my $r = new Authen::Radius(Host => '127.0.0.1', Secret => 'testing123');
Authen::Radius->load_dictionary('/home/sithglan/work/smsotpd/dictionary');

$r->add_attributes (
                { Name => 'User-Name', Value => $ARGV[0] },
                { Name => 'User-Password', Value => $ARGV[1] },
);

$r->send_packet(ACCESS_REQUEST)  || die;
my $type = $r->recv_packet();

print "server response type = $type\n";

my $state = undef;

for $a ($r->get_attributes()) {
        if ($a->{Name} eq 'State') {
                $state = $a->{RawValue};
        }
}

print "Enter otp: ";
my $otp = <STDIN>;
chomp($otp);

$r->add_attributes (
                { Name => 'User-Name', Value => $ARGV[0] },
                { Name => 'User-Password', Value => $otp },
);

$r->send_packet(ACCESS_REQUEST)  || die;
$type = $r->recv_packet();

print "server response type = $type\n";

# Execution:

(minisqueeze) [~/work/smsotpd] ./pap_challenge_request.pl 'administrator at directory.gmvl.de' 'password'
server response type = 11
Enter otp: 82701
server response type = 2

# radiusd -X

rad_recv: Access-Request packet from host 127.0.0.1 port 49189, id=40, length=71
        User-Name = "administrator at directory.gmvl.de"
        User-Password = "password"
# Executing section authorize from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess]    expand: %{User-Name} -> administrator at directory.gmvl.de
[preprocess]    expand: %{User-Name} -> administrator at directory.gmvl.de
[preprocess]   hints: Matched DEFAULT at 4
[preprocess]    expand: %{1}@DIRECTORY.GMVL.DE -> administrator at DIRECTORY.GMVL.DE
++[preprocess] returns ok
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[smsotp] returns ok
Found Auth-Type = smsotp
# Executing group from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group smsotp {...}
rlm_krb5: verify_krb_v5_tgt: host key not found : Configuration file does not specify default realm
++[krb5] returns ok
rlm_smsotp: Generate OTP
rlm_smsotp: Uniq id is 5500455282
rlm_smsotp: Sending Access-Challenge.
++[smsotp] returns handled
Sending Access-Challenge of id 40 to 127.0.0.1 port 49189
        Reply-Message = "Enter Mobile PIN:"
        State = 0x35353030343535323832
Finished request 18.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 49189, id=41, length=102
        Reply-Message = "Enter Mobile PIN:"
        State = 0x35353030343535323832
        User-Name = "administrator at directory.gmvl.de"
        User-Password = "82701"
# Executing section authorize from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess]    expand: %{User-Name} -> administrator at directory.gmvl.de
[preprocess]    expand: %{User-Name} -> administrator at directory.gmvl.de
[preprocess]   hints: Matched DEFAULT at 4
[preprocess]    expand: %{1}@DIRECTORY.GMVL.DE -> administrator at DIRECTORY.GMVL.DE
++[preprocess] returns ok
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
rlm_smsotp: Found reply to access challenge (AUTZ), Adding Auth-Type 'smsotp-reply'
++[smsotp] returns ok
Found Auth-Type = smsotp-reply
# Executing group from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group smsotp-reply {...}
rlm_smsotp: Found reply to access challenge
rlm_smsotp: SocketReply is OK
++[smsotp] returns ok
# Executing section post-auth from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 41 to 127.0.0.1 port 49189
Finished request 19.

Cheers,
        Thomas

More information about the Freeradius-Users mailing list