Thank you! Winradius.eu made the Windows binaries - also their build bundled to the Multiotp Windows installation howto. This is why I tried to play with windows. As I said, our main radius server is 3.0.13 already where all works as expected. The main goal, that instead of Samba/Krb5/Ntlm authentication - I just have an Idea to "Proxy-to-realm" to an NPS server the authentication request. In case of Accept, the NPS sends back the necessary info (Filter-Id) which was calculated by the Samba/KRB5/Ntlm. This simplifies the whole Radius server installation as it is not necessary to join to a domain (KRB init), Samba/Ntlm usage not needed - a simple radius authentication can do all we need. And after the radius auth, the Multiotp can handle the OTP code with a Challenge-Response which is supported by the VPN we use. Do yuo think there is a better way than Proxy-to-realm the auth request and then run the challenge-response before the OTP auth? (We use VPN where the auth type either Pap or MsChapV2) Peter Dudas On 7 May 2017 at 00:53, Alan DeKok <aland@deployingradius.com> wrote:
On May 6, 2017, at 3:27 PM, Dudás Péter <peter.pdudas@gmail.com> wrote:=
It is a way too complicated for the first sight.
It shouldn't be too complicated.
It is Windows based FreeRadius (2.2.10).
Which isn't supported. To be honest, if you got a Windows binary from somewhere, they're likely violating our license.
And user names has a space between the First and Last Name, so needed to be double quoted otherwise it is handled as 2 parameters. (according to my knowledge it is not possible to insert a double quote between the \" \" sequence which is not deleted by the command interpreter).
It is, you just have to be careful about it.
And probably upgrade to v3, which has many other things fixed.
And, don't have User-Names with spaces in them. It's almost always a bad idea.
exec multiotp { wait = yes input_pairs = request output_pairs = reply program = "../../multiotp.exe -base-dir=C:/mutiotp/ -keep-local -log -debug \"%{Tmp-String-0}\" \"%{User-Password}\"" shell_escape = yes }
That should work. If it doesn't, upgrade to v3.
Even if I change the User name to a Tmp_String-0 like this the output is always the user name without the double quotes: update request { Tmp-String-0 := "%{User-Name}" }
That won't help. You're just copying the name, not adding quotes.
This is just an experiment - not so important. The main auth server is 3.0.13 - where there is no problem calling the multiotp with user names containing space. I presume the 4.0 cannot be compiled on windows.
We've never supported Windows.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html