Best/fastest method to query external radius OTP

Dominique Wille dominique.wille at
Thu Jun 18 10:35:00 CEST 2020

Hello dear users. Could you help ?
We have a freeradius 3.0.x configuration working
- Authorization with LDAP
- Authentication with LDAP, backup to files

Now trying to get validation from OTP provider

Needs to send a radius request with User-Name="myusername",
User-Password="push" (this one is always "push", not the original pwd). The
"push" words triggers a push notification on mobile that needs to be
answered, and then OTP provider radius answers with accept or reject.

I have tried radclient (working in console mode) with exec module, but
having some issues to move it to rlm_exec module (piping data I think).

So far reached

exec myotp {
        input_pairs = request
        wait = yes
        timeout = 30
        program = "/bin/echo \"User-Name=$USER_NAME,User-Password=push\" |
/bin/radclient -r 1 -t 20 xx.xx.xx.xx:1812 auth mysecret"
Of course still missing the testing of what the command returns.

But this does not work. Seems piping is not working and I can not push two
commands there.
An idea where is the issue ?

Is there a better or fastest way ?



More information about the Freeradius-Users mailing list