The problem is that the user is stored in database as following: <username> <password> And the request comes with <username>:<otp> <password>. So I have to strip the username to verify against the database. I just need something to use eap mschapv2 with a stripped-username or a an external program like ntlm_auth without AD binding which could be executed in the eap module
Am 11.11.2018 um 16:16 schrieb Alan DeKok <aland@deployingradius.com>:
On Nov 10, 2018, at 3:28 PM, Markus Maurer <lists@v-net.tk> wrote:
Yes, but its not possible using pap in my case anyway..:/
Then you're pretty much stuck.
Cause linotp just verifys the otp over rlm_perl and it hasnt stored the password of the user in its database, so the second step is to verify only the user ft. password against the sql database.
Do you have any idea how to setup something like this?
The server already gets passwords from SQL and authenticates the user. This is in the default config, and fairly well documented. What, exactly, are you looking for?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html