Any One-Time password system.

Sergii Bieliaievskyi s.bieliaievskyi at sethq.com
Mon May 13 15:58:38 CEST 2013


Hello.

I am new here. And my first message concerns One-Time password
authentication. I have a problem with installing rlm_smsotp +
http://wiki.freeradius.org/modules/Rlm_smsotp. I am always getting an error
"/var/run/smsotp_socket No such file or directory". I am sure that
smsotp_socket exists and has appropiate permission (i even tryed to run
freeradius with root privileges). After some researches i conclude that the
problem is in rlm_smsotp module. I cann`t find any other couse of the
problem. Breaf information about my system and soft versions.
FreeBSD 9.1
FreeRADIUS 2.2.0

log============================================================
rad_recv: Access-Request packet from host 172.16.17.0 port 1645, id=79,
length=64
        Framed-Protocol = PPP
        User-Name = "test_user"
        User-Password = "test_pass"
        Service-Type = Framed-User
        NAS-IP-Address = 172.16.17.0
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: %{Packet-Src-IP-Address} -> 172.16.17.0
[auth_log]      expand:
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
-> /var/log/radacct/172.16.17.0/auth-detail-20130513
[auth_log]
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radacct/172.16.17.0/auth-detail-20130513
[auth_log]      expand: %t -> Mon May 13 16:51:36 2013
++[auth_log] returns ok
++[smsotp] returns ok
[suffix] No '@' in User-Name = "test_user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[sql]   expand: %{User-Name} -> test_user
[sql] sql_set_user escaped user --> 'test_user'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'test_user'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radreply
      WHERE username = 'test_user'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'test_user'           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, op
    FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
  FROM radgroupcheck           WHERE groupname = 'Everyone'           ORDER
BY id
[sql] User found in group Everyone
[sql]   expand: SELECT id, groupname, attribute,           value, op
    FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
  FROM radgroupreply           WHERE groupname = 'Everyone'           ORDER
BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_checkval: Could not find item named Calling-Station-Id in request
rlm_checkval: Could not find attribute named Calling-Station-Id in check
pairs
++[checkval] returns notfound
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = smsotp
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group smsotp {...}
[pap] login attempt with password "test_pass"
[pap] Using clear text password "test_pass"
[pap] User authenticated successfully
++[pap] returns ok
rlm_smsotp: smsotp_connect: connect(/var/run/smsotp_socket): No such file
or directory
++[smsotp] returns fail
Failed to authenticate the user.
Login incorrect: [test_user/test_pass] (from client DMcore port 0)
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test_user
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 79 to 172.16.17.0 port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 79 with timestamp +11
Ready to process requests.

Can anybody advise me simple way of implementation OTP with freeradius2 and
daloradius as a frontend? Or maybe there is a solution for rlm_smsotp/


Thank you.

-- 


------------------------------
PRIVILEGED AND CONFIDENTIAL COMMUNICATION
This e-mail transmission, and any documents, files or previous e-mail 
messages 
attached to it, may contain confidential information that is legally 
privileged.

If you are not the intended recipient or a person responsible for 
delivering it
to the intended recipient, you are hereby notified that any disclosure, 
copying,
distribution or use of any of the information contained in or attached to 
this
transmission is strictly prohibited.

If you have received this transmission in error, please: (1) immediately 
notify
me by reply e-mail, or by collect telephone call; and (2) destroy the 
original
transmission and its attachments without reading or saving in any manner.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130513/67367bde/attachment-0001.html>


More information about the Freeradius-Users mailing list