multiotp with strongswan has no (ms)-chap-challenge
Alan DeKok
aland at deployingradius.com
Fri Mar 16 10:28:59 CET 2018
On Mar 16, 2018, at 5:10 AM, karthik kumar <kumarkarthikn at gmail.com> wrote:
> I am setting up 2factor auth and we use Strongswan as our VPN server. I
> use FreeRADIUS as backend of Strongwan.
>
> This is the setup
> mac osx (ikev2 with eap-mschapv2) ---> Strongswan ---> FreeRADIUS -->
> multiotp
>
> First I tried with clear text password in /etc/raddb/users and it is
> successful. For 2factor I need to pair it with multiOTP. I followed the doc
> https://wiki.freeradius.org/guide/multiOTP-HOWTO
> ...
> But when I use Strongswan, there is no MS-CHAP-Challenge (i tried with
> %{mschap:Challenge})
Then fix Strongswan so that it sends the MS-CHAP-Challenge.
No amount of poking FreeRADIUS will magically create that attribute. Only Strongswan can do that.
Alan DeKok.
More information about the Freeradius-Users
mailing list