On 10 Jan 2017, at 16:17, Alan DeKok <aland@deployingradius.com> wrote: In v3.0.12, cache the password in session-state.
Is there a specific reason to use 3.0.12? The lastest available pre-build package I found is 3.0.11-1labs-1~jessie.
if (!&session-state:User-Password) { update session-state { User-Password := &request:User-Password } } else { # it's the second time around... }
This doesn’t work for me at the moment. Do I need to enable any other modules for session storage? How does Freeradius match the two requests in a single session. Does this work? This is the initial request: (0) Received Access-Request Id 170 from 10.30.9.1:8272 to 10.30.9.11:1812 length 611 ... (0) if (!&session-state:User-Password) -> TRUE (0) if (!&session-state:User-Password) { (0) update session-state { (0) User-Password := request:User-Password -> ’xxxxx' (0) } # update session-state = noop ... (0) session-state: Saving cached attributes (0) User-Password = "asdf123" (0) Sent Access-Challenge Id 170 from 10.30.9.11:1812 to 10.30.9.1:8272 length 0 (0) Reply-Message = "Please enter the verification code from Google Authenticator." (0) State = 0x6368616c6c656e6765 (0) Finished request Waking up in 4.9 seconds. (0) Cleaning up request packet ID 170 with timestamp +11 Ready to process requests Now the TOTP Token gets entered and I receive the reply: (1) Received Access-Request Id 171 from 10.30.9.1:8272 to 10.30.9.11:1812 length 622 ... (1) session-state: No cached attributes …. (1) if (!&session-state:User-Password) -> TRUE (1) if (!&session-state:User-Password) { (1) update session-state { (1) User-Password := request:User-Password -> ‘11111111' (1) } # update session-state = noop ... (1) Sent Access-Challenge Id 171 from 10.30.9.11:1812 to 10.30.9.1:8272 length 0 (1) Reply-Message = "Please enter the verification code from Google Authenticator." (1) State = 0x6368616c6c656e6765