Freeradius second auth factor

Anton Kiryushkin swood at fotofor.biz
Fri Dec 20 18:55:02 CET 2019


пт, 20 дек. 2019 г. в 17:39, Alan DeKok <aland at deployingradius.com>:

> On Dec 20, 2019, at 12:23 PM, Anton Kiryushkin <swood at fotofor.biz> wrote:
> > Now I see the next message from ASA:
> >
> > Fri Dec 20 15:21:41 2019 : Debug: (2)   User-Name = "Jon_Snow"
> > Fri Dec 20 15:21:41 2019 : Debug: (2)   User-Password =
> > "xZ\202\002\280<\206у\n\323y\261\357\471%y"
>
>   The shared secret is wrong.  Reading the debug output will tell you that.
>
>
> >>  Usually, people use login name, and then take the 6 digit OTP, and add
> >> it to the password, e.g.
> >>
> >> User-Name = "bob"
> >> User-Password = "123456my_secret_password"
> >>
> >>
> > How to parse it in FreeRadius?
>
>   With a regular expression.
>
>         if (User-Password =~ /^(......)(.*)$/) {
>                 ... %{1} is OTP
>         .       ... %{2} is password
>         }
>
> > Yes, correctly, but FreeRadius can run some script to generate OTP and
> send
> > it. However, I can't understand how to do it before authorisation. Or
> wait
> > for this process during authorisation. Probably I am wrong.
>
>   You can run scripts via the 'exec' module.  see mods-available/exec
>
>
Yes, I can, but you didn't answer the question: does it possible to run
exec and use generated code during the authorisation?


>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Best regards,
Anton Kiryushkin


More information about the Freeradius-Users mailing list