add quote to User-Name

Dudás Péter peter.pdudas at gmail.com
Sun May 7 08:06:11 CEST 2017


Thank you!

Winradius.eu made the Windows binaries - also their build bundled to the
Multiotp Windows installation howto.
This is why I tried to play with windows. As I said, our main radius server
is 3.0.13 already where all works as expected.

The main goal, that instead of Samba/Krb5/Ntlm authentication - I just have
an Idea to "Proxy-to-realm" to an NPS server the authentication request.
In case of Accept, the NPS sends back the necessary info (Filter-Id) which
was calculated by the Samba/KRB5/Ntlm.
This simplifies the whole Radius server installation as it is not necessary
to join to a domain (KRB init), Samba/Ntlm usage not needed - a simple
radius authentication can do all we need.
And after the radius auth, the Multiotp can handle the OTP code with a
Challenge-Response which is supported by the VPN we use.

Do yuo think there is a better way than Proxy-to-realm the auth request and
then run the challenge-response before the OTP auth?
(We use VPN where the auth type either Pap or MsChapV2)

Peter Dudas

On 7 May 2017 at 00:53, Alan DeKok <aland at deployingradius.com> wrote:

> On May 6, 2017, at 3:27 PM, Dudás Péter <peter.pdudas at gmail.com> wrote:=
> >
> > It is a way too complicated for the first sight.
>
>  It shouldn't be too complicated.
>
> > It is Windows based FreeRadius (2.2.10).
>
>   Which isn't supported.  To be honest, if you got a Windows binary from
> somewhere, they're likely violating our license.
>
> > And user names has a space between
> > the First and Last Name, so needed to be double quoted otherwise it is
> > handled as 2 parameters.
> > (according to my knowledge it is not possible to insert a double quote
> > between the \" \" sequence which is not deleted by the command
> interpreter).
>
>   It is, you just have to be careful about it.
>
>   And probably upgrade to v3, which has many other things fixed.
>
>   And, don't have User-Names with spaces in them.  It's almost always a
> bad idea.
>
> > exec multiotp {
> >        wait = yes
> >        input_pairs = request
> >        output_pairs = reply
> >        program = "../../multiotp.exe -base-dir=C:/mutiotp/ -keep-local
> > -log -debug \"%{Tmp-String-0}\" \"%{User-Password}\""
> >        shell_escape = yes
> > }
>
>   That should work.  If it doesn't, upgrade to v3.
>
> > Even if I change the User name to a Tmp_String-0 like this the output is
> > always the user name without the double quotes:
> > update request {
> > Tmp-String-0 := "%{User-Name}"
> >        }
>
>   That won't help.  You're just copying the name, not adding quotes.
>
> > This is just an experiment - not so important. The main auth server is
> > 3.0.13 - where there is no problem calling the multiotp with user names
> > containing space.
> > I presume the 4.0 cannot be compiled on windows.
>
>   We've never supported Windows.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>


More information about the Freeradius-Users mailing list