Am Donnerstag, den 02.06.2016, 15:58 -0400 schrieb Arran Cudbard-Bell:
We actually have a commercial OTP solution via SafeNet, but it's a bit long in the tooth and also only supports PAP. However, I opened a ticket today and their newer versions actually support MSChapv2 so that might be the way to go if converting our token licenses isn't too ridiculous in cost.
Anything that'll give you the plaintext password from the OTP server back will work with MSCHAPv2.
The OTP server could return the plain text OTP password. But this is only the 2nd factor. It will not return the LDAP user password, which is the 1st factor. So in a setup were you have two steps of authentication, this will work. But often the password and OTP are entered in conjunction. This will fail. Kind regards Cornelius
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Cornelius Kölbel cornelius.koelbel@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel