alternating authentication LDAP/mini Token

Jochen Schäfer jo_sch at
Wed Feb 28 14:57:51 CET 2007

Hi List,

I want to accomplish following task with freeradius:
Users have two possibilities to authenticate
1. Authentication via username ldap password
2. Authentication via username mini Token

What would be a possible solution?
Do the normal authentication with username and password against ldap.
If it succeeds everythink is fine. This was a ldap auth.
If not there has to be a second check
via an external script (e.g. perl Net::Simple::RADIUS) which hands over
the User-Name, User-Password to the Token Server to check if the
possible token is valid.

If both attempts fail either the ldap username/password pair or the
username/token pair were wrong.

I'm wondering which could be the right way to call the script when the
first auth failed.
I'm looking for a way of reauthentication. Is this possible at all.
Can I call the external script somehow in the REJECT sub-section to
recall the authentication process?

Is there another or a recommended solution to accomplish the above task?


More information about the Freeradius-Users mailing list