Hello Alan,
Which authentication method? This matters a lot.
I configured it to use MSCHAPv2 (but they also support PAP, CHAP and MSCHAPv1)
After authenticating to RADIUS, you may get another prompt if the RADIUS server responded with a supported Access Challenge. Full generic RADIUS challenge/response is not supported, but a limited access challenge for a string token code is supported.
What does that mean?
I have absolutly no clue, but I'm getting closer. I now managed to configure freeradius in order that I get the second prompt (see below).
- So now I want freeradius to send 'Access Challenge' and send a sms to the user (for that purpose I wrote a perl daemon which listens on a unix socket in order to talk to smsotp freeradius module)[1]. However nothing comes in.
What does that mean? "nothing comes in" ???
I meant that my perl deamon is never called by freeradius, but now I figured out to receive at least the first stage of the smsotp (I had to send out a greeting on the socket otherwise smsotpd radius plugin would wait for ever) configuration.
authenticate { mschap Auth-Type smsotp { mschap smsotp }
I really doubt that will work.
I modified it to look like that: authorize { mschap } authenticate { Auth-Type MS-CHAP { mschap smsotp } Auth-Type smsotp-reply { smsotp } } I now get the first prompt, followed by the second prompt which is asking for the pin received via sms. However when I type in a code, I don't see anything in freeradius or my smsotpd. Output of smsotpd now shows: (minisqueeze) [~/work/smsotpd] ./smsotpd.pl <generate otp for directory\Administrator> generate otp for directory\Administrator <quit> Received QUIT Which is the first stage of the challenge response. http://thomas.glanzmann.de/tmp/radius-x.txt http://thomas.glanzmann.de/tmp/smsotpd.pl http://thomas.glanzmann.de/tmp/radius.pcap I sniffed and I only see two packets (one Access Request and one Access Challenge). However when I type the sms passocde and press return, absolutly nothing happens (no packets are send over the network and I get a new prompt. Cheers, Thomas