пт, 20 дек. 2019 г. в 17:39, Alan DeKok <aland@deployingradius.com>:
On Dec 20, 2019, at 12:23 PM, Anton Kiryushkin <swood@fotofor.biz> wrote:
Now I see the next message from ASA:
Fri Dec 20 15:21:41 2019 : Debug: (2) User-Name = "Jon_Snow" Fri Dec 20 15:21:41 2019 : Debug: (2) User-Password = "xZ\202\002\280<\206у\n\323y\261\357\471%y"
The shared secret is wrong. Reading the debug output will tell you that.
Usually, people use login name, and then take the 6 digit OTP, and add it to the password, e.g.
User-Name = "bob" User-Password = "123456my_secret_password"
How to parse it in FreeRadius?
With a regular expression.
if (User-Password =~ /^(......)(.*)$/) { ... %{1} is OTP . ... %{2} is password }
Yes, correctly, but FreeRadius can run some script to generate OTP and send it. However, I can't understand how to do it before authorisation. Or wait for this process during authorisation. Probably I am wrong.
You can run scripts via the 'exec' module. see mods-available/exec
Yes, I can, but you didn't answer the question: does it possible to run exec and use generated code during the authorisation?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Best regards, Anton Kiryushkin