IŽam trying to create a php OTP script with challenge reponse.

 

echo "Reply-Message += \"Enter SMS\",\n";

echo "State += \"$random\",\n";

echo "Response-Packet-Type = \"Access-Challenge\",\n";

exit(4);

 

Reply and State gets sent to the client. But I canŽt seem to get challenge response to work.

 

Has anyone done this time off stuff before and is it even possible?

 

Found Auth-Type = otp

# Executing group from file /etc/raddb/sites-enabled/default

+- entering group otp {...}

[OTP]   expand: %{User-Name} -> test2

[OTP]   expand: %{User-Password} -> test2

[OTP]   expand: %{reply:Secret} -> 891a79d80c9f1cd2

[OTP]   expand: %{reply:Pin} -> 0201

[OTP]   expand: %{reply:Offset} -> 1

Exec-Program output: Reply-Message += "Enter SMS", State += "21427", Response-Packet-Type = "Access-Challenge",

Exec-Program-Wait: value-pairs: Reply-Message += "Enter SMS", State += "21427", Response-Packet-Type = "Access-Challenge",

Exec-Program: returned: 4

++[OTP] returns handled

There was no response configured: rejecting request 15

Using Post-Auth-Type Reject

# Executing group from file /etc/raddb/sites-enabled/default

+- entering group REJECT {...}

[attr_filter.access_reject]     expand: %{User-Name} -> test2

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 15 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 15

Sending Access-Reject of id 66 to 172.31.2.20 port 42617

        Reply-Message += "Enter SMS"

        State += 0x3231343237

 

My sites-enabled

 

authorize {

        preprocess

        chap

        mschap

        suffix

        eap {

                ok = return

        }

        unix

        files

        sql

        expiration

        logintime

        pap

 

        update control {

                        Auth-Type := otp

                }

 

}

 

authenticate {

        Auth-Type PAP {

                pap

        }

 

        Auth-Type CHAP {

                chap

        }

 

        Auth-Type MS-CHAP {

                mschap

        }

 

        Auth-Type otp {

                OTP

                pap

        }

        unix

        eap

}

 

My exec module

 

        exec OTP {

        wait = yes

        program = "/etc/raddb/otp.php %{User-Name} %{User-Password} %{reply:Secret} %{reply:Pin} %{reply:Offset}""

        input_pairs = request

        output_pairs = reply

        }

 

 

Med venlig hilsen | Best regards

Thomas Raabo

Senior Network Engineer CCIE #33466

 

 

Beskrivelse: Beskrivelse: cid:image001.jpg@01CB9163.2FCD3AC0

_____________________________________________

tr@zitcom.dk | Direkte: +45 69 10 60 18 | Tlf.: +45 70 23 55 66