Freeradius second auth factor
Alan DeKok
aland at deployingradius.com
Fri Dec 20 18:38:45 CET 2019
On Dec 20, 2019, at 12:23 PM, Anton Kiryushkin <swood at fotofor.biz> wrote:
> Now I see the next message from ASA:
>
> Fri Dec 20 15:21:41 2019 : Debug: (2) User-Name = "Jon_Snow"
> Fri Dec 20 15:21:41 2019 : Debug: (2) User-Password =
> "xZ\202\002\280<\206у\n\323y\261\357\471%y"
The shared secret is wrong. Reading the debug output will tell you that.
>> Usually, people use login name, and then take the 6 digit OTP, and add
>> it to the password, e.g.
>>
>> User-Name = "bob"
>> User-Password = "123456my_secret_password"
>>
>>
> How to parse it in FreeRadius?
With a regular expression.
if (User-Password =~ /^(......)(.*)$/) {
... %{1} is OTP
. ... %{2} is password
}
> Yes, correctly, but FreeRadius can run some script to generate OTP and send
> it. However, I can't understand how to do it before authorisation. Or wait
> for this process during authorisation. Probably I am wrong.
You can run scripts via the 'exec' module. see mods-available/exec
Alan DeKok.
More information about the Freeradius-Users
mailing list