Hello, We would like to use freeradius with a 'home made' challenge response authentication scheme (we will build our own module) using mod_auth_radius. Ultimately we would like to prompt the user (after successfull authentication) with a challenge that he would have to enter in a securID like device and enter his response in the mod_auth_radius prompt. I've been toying with freeradius and mod_auth_radius for a few days now, and I still haven't succeeded in prompting the user with a challenge from the RADIUS server. Could anyone point me in the right direction ? Is it possible ? We're using mod_auth_radius as a basic client, but we could use any type of NAS. Best regards, Arnaud
What we want to do is EAP-CTG, I'll investigate further in that direction. Please just let me know if for some reason freeradius doesn't support that. Regards Arnaud Dostes <arnaud.dostes@unicible.ch> Envoyé par : freeradius-users-bounces+arnaud.dostes=unicible.ch@lists.freeradius.org 05.12.2006 12:17 Veuillez répondre à FreeRadius users mailing list <freeradius-users@lists.freeradius.org> A freeradius-users@lists.freeradius.org cc Objet Challenge-response with mod_auth_radius Hello, We would like to use freeradius with a 'home made' challenge response authentication scheme (we will build our own module) using mod_auth_radius. Ultimately we would like to prompt the user (after successfull authentication) with a challenge that he would have to enter in a securID like device and enter his response in the mod_auth_radius prompt. I've been toying with freeradius and mod_auth_radius for a few days now, and I still haven't succeeded in prompting the user with a challenge from the RADIUS server. Could anyone point me in the right direction ? Is it possible ? We're using mod_auth_radius as a basic client, but we could use any type of NAS. Best regards, Arnaud - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arnaud Dostes wrote:
What we want to do is EAP-CTG, I'll investigate further in that direction.
It's EAP-GTC, and no, you probably don't want that. See rlm_example for a sample challenge-response implementation in the server. See rlm_otp for a *working* implementation that integrates with some X9.9 token cards. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Arnaud Dostes