multiotp with freeradius 3.0.11 on CentOS 7 with Google Authenticator - can't authenticate remotely

Skrebetz, Pete Peter.Skrebetz at
Thu Oct 6 18:33:05 CEST 2016

I configured mutiotp with freeradius 3.0.11 on CentOS7 and am using Google Authenticator.   I can authenticate tokens locally on the server when I run multiotp from the command line, but when I try to authenticate remotely to the radius server, I run into the following from the radiusd -X log:

Failed parsing output from: /home/admin/multiotp/multiotp '%{User-Name}' '%{User-Password}' -request-nt-key -src=%{Packet-Src-IP-Address} -chap-challenge=%{CHAP-Challenge} -chap-password=%{CHAP-Password} -ms-chap-challenge=%{MS-CHAP-Challenge} -ms-chap-response=%{MS-CHAP-Response} -ms-chap2-response=%{MS-CHAP2-Response}: Expecting operator
Program returned code (2) and output 'Failed to execute "/home/admin/multiotp/multiotp": Permission denied'
(0)   [multiotp] = fail
(0)  } #  authorize = fail

Prior to this message in the log, the multiotp script properly read my username/password and ip-address.   The file permissions for multiotp are rwx for all users, and I opened up the directory path the same way.   The one thing I have issues with is the multiotp configuration documentation, which states to edit the policy.conf file.   Well, there is no policy.conf file, so not sure where to configure that section of the multiotp configuration instructions.   Any suggestions?


More information about the Freeradius-Users mailing list