EXEC Access-challenge

Thomas Raabo - Zitcom A/S tr at zitcom.dk
Thu Oct 11 10:23:52 CEST 2012 

I´am trying to create a php OTP script with challenge reponse.

echo "Reply-Message += \"Enter SMS\",\n";
echo "State += \"$random\",\n";
echo "Response-Packet-Type = \"Access-Challenge\",\n";
exit(4);

Reply and State gets sent to the client. But I can´t seem to get challenge response to work.

Has anyone done this time off stuff before and is it even possible?

Found Auth-Type = otp
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group otp {...}
[OTP]   expand: %{User-Name} -> test2
[OTP]   expand: %{User-Password} -> test2
[OTP]   expand: %{reply:Secret} -> 891a79d80c9f1cd2
[OTP]   expand: %{reply:Pin} -> 0201
[OTP]   expand: %{reply:Offset} -> 1
Exec-Program output: Reply-Message += "Enter SMS", State += "21427", Response-Packet-Type = "Access-Challenge",
Exec-Program-Wait: value-pairs: Reply-Message += "Enter SMS", State += "21427", Response-Packet-Type = "Access-Challenge",
Exec-Program: returned: 4
++[OTP] returns handled
There was no response configured: rejecting request 15
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test2
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 15 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 15
Sending Access-Reject of id 66 to 172.31.2.20 port 42617
        Reply-Message += "Enter SMS"
        State += 0x3231343237

My sites-enabled

authorize {
        preprocess
        chap
        mschap
        suffix
        eap {
                ok = return
        }
        unix
        files
        sql
        expiration
        logintime
        pap

        update control {
                        Auth-Type := otp
                }

}

authenticate {
        Auth-Type PAP {
                pap
        }

        Auth-Type CHAP {
                chap
        }

        Auth-Type MS-CHAP {
                mschap
        }

        Auth-Type otp {
                OTP
                pap
        }
        unix
        eap
}

My exec module

        exec OTP {
        wait = yes
        program = "/etc/raddb/otp.php %{User-Name} %{User-Password} %{reply:Secret} %{reply:Pin} %{reply:Offset}""
        input_pairs = request
        output_pairs = reply
        }


Med venlig hilsen | Best regards
Thomas Raabo
Senior Network Engineer CCIE #33466


[Beskrivelse: Beskrivelse: cid:image001.jpg at 01CB9163.2FCD3AC0]
_____________________________________________
tr at zitcom.dk<mailto:tr at zitcom.dk> | Direkte: +45 69 10 60 18 | Tlf.: +45 70 23 55 66

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121011/991bf969/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3214 bytes
Desc: image001.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121011/991bf969/attachment.jpg>

More information about the Freeradius-Users mailing list