<div><span class="Apple-style-span" style="font-size: medium; "><div>Hi Cornelius and Tim, </div><div><br></div><div>First I want to apologize for my response pending, lot of things to do. Then thank you so much for your advices, but for now we think that the OTP system is not good for our implementation. </div><div><br></div><div>But with some research we made, we have an another question. </div><div>We want to enable on free radius the Access Request --> Access Challenge --> Access Request --> Access Accept / Reject, with CHAP, but we don't know how to do this, and if you can help us it would be great. </div><div><br></div><div>Because I read that usually with this kind of implementation the Access Challenge contain a "message" with which the client need to calculate the response. And for now that enough for us. </div><div><br></div><div>Thanks in advance, best regards</div><div>-- <br>Mercier Valentin</div></span></div><div><br></div>
<p style="color: #A0A0A8;">Le jeudi, 8 mars 2012 à 08:22, Cornelius Kölbel a écrit :</p>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span><div><div>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
Hello Mercier,<br>
<br>
the interesting part about your idea is, that the user sends the SMS
to authenticate, this avoids that you will have to pay for the SMS.<br>
Most solutions send the SMS with the OTP to the user, so that you -
the provider - will have to pay for the SMS sending.<br>
Nevertheless you might take a look at LinOTP, which does one time
password authentication and come with a freeradius module, so that
integration in your scenario could be rather simple. Also in this
case the RADIUS server does not know the users, but the auth request
(with user and OTP) is forwarded to the linotp daemon, which in turn
is able to verify the username and the provided OTP. The users can
be fetched from any flat file and/or LDAP and/or SQL database.<br>
Only drawback for your case is the thing with "who sends the sms". <br>
<br>
Kind regards<br>
Cornelius<br>
<br>
<br>
<br>
Am 07.03.2012 13:56, schrieb Mercier Valentin:
<blockquote type="cite"><div>
<div> Hi everyone, </div>
<div><br>
</div>
<div>I'm using Freeradius 2.1.12 on a server Debian. I have an
another server Debian with Coovachilli (captive portal) and an
Access Point based on Ruckus OS. </div>
<div>When my users connected on the AP, a web page is coming with
a formular to connect. Then the user enter is information
(username and password) and Coovachilli made the authentication
on the radius and this is working fine. </div>
<div><br>
</div>
<div>Now I want to make something different, when the user
connected on the AP, I want that he received a little formular,
then he need to enter a username (not know on the radius) and i
want the radius to create a One Time Password and send it to the
user (on an another webpage). And the user send this OTP via SMS
to a smsm gateway to finish the authentication, is that
possible, and if yes, could someone explain to me how I can make
it ?</div>
<div><br>
</div>
<div>For the gateway sms I am using SMSLib (java library) on the <b>same</b> server
as freeradius. </div>
<div><br>
</div>
<div>Best regards and sorry for my bad english (from
switzerland). <br>
-- <br>
Mercier Valentin<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre wrap="">-
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</div></blockquote><br>
</div><div>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></div></div></span>
</blockquote>
<div>
<br>
</div>