On 10/11/2012 09:23 AM, Thomas Raabo - Zitcom A/S wrote:
I´am trying to create a php OTP script with challenge reponse.
echo "Reply-Message += \"Enter SMS\",\n";
echo "State += \"$random\",\n";
echo "Response-Packet-Type = \"Access-Challenge\",\n";
I think that needs to be a control item, not a reply item, and you can't set reply & control items from an "exec" script at the same time. Therefore, I'm not sure you can do that with an exec script alone. See: http://lists.freeradius.org/pipermail/freeradius-users/2012-September/062606... (ignore the non-technical bits, the poster was being... combative) ...and maybe: http://lists.freeradius.org/pipermail/freeradius-users/2012-July/061953.html I think something like the following might be what you need: authorize { ... myexec if (updated) { update control { Response-Packet-Type := Access-Challenge } handled } ... } ...and make your "exec" script return "updated" (9) The server isn't really rigged for scripts/unlang sending Access-Challenge, so this is not a well-explored area. If someone who is using this could write a wiki article detailing the considerations, that would be great. It seems to be a common requirement. I'm guessing the Google "2-step" auth and imitators have rekindled interest in OTP?