[rad] Re: Problem with external authentication script

Charles Gregory cgregory at hwcn.org
Mon Jun 15 21:48:28 CEST 2009

On Mon, 15 Jun 2009, Stefan Kuegler wrote:
>> >  exec motp {
>> >        wait = yes
>> >        program = "/usr/local/bin/otpverify.sh %{User-Name}
>> >  %{User-Password} %{reply:Secret} %{reply:PIN} %{reply:Offset}"
>> >        input_pairs = request
>> >        output_pairs = config
>> >  }

Silly thought:
The exec is named 'mopt' with an 'm'.
But your script is 'optverify' with no 'm'.
Just want to be sure that's not a silly typo.... :)

> It seems, that freeradius never uses the "MOTP"-Auth-type:
> auth: type "PAP"
> +- entering group PAP

Not an expert on motp. But should it be mistaken for 'PAP'? Perhaps
you need to put your check for 'motp' in the auth section *before* PAP?
Or remove the reference to PAP altogether if you never use it....?

> Do I need to configure something in the authorize-section or somewhere 
> else ??

A line with the single word 'motp', probably just above the 'pap' line,
if tht is causing trouble....

- Charles

More information about the Freeradius-Users mailing list