Cisco Anyconnect 2FA
Stefan Schlesinger
sts at ono.at
Tue Jan 10 22:25:22 CET 2017
> On 10 Jan 2017, at 16:17, Alan DeKok <aland at deployingradius.com> wrote:
> In v3.0.12, cache the password in session-state.
Is there a specific reason to use 3.0.12? The lastest available pre-build
package I found is 3.0.11-1labs-1~jessie.
> if (!&session-state:User-Password) {
> update session-state {
> User-Password := &request:User-Password
> }
> }
> else {
> # it's the second time around...
> }
This doesn’t work for me at the moment. Do I need to enable any other modules for
session storage?
How does Freeradius match the two requests in a single session. Does this work?
This is the initial request:
(0) Received Access-Request Id 170 from 10.30.9.1:8272 to 10.30.9.11:1812 length 611
...
(0) if (!&session-state:User-Password) -> TRUE
(0) if (!&session-state:User-Password) {
(0) update session-state {
(0) User-Password := request:User-Password -> ’xxxxx'
(0) } # update session-state = noop
...
(0) session-state: Saving cached attributes
(0) User-Password = "asdf123"
(0) Sent Access-Challenge Id 170 from 10.30.9.11:1812 to 10.30.9.1:8272 length 0
(0) Reply-Message = "Please enter the verification code from Google Authenticator."
(0) State = 0x6368616c6c656e6765
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 170 with timestamp +11
Ready to process requests
Now the TOTP Token gets entered and I receive the reply:
(1) Received Access-Request Id 171 from 10.30.9.1:8272 to 10.30.9.11:1812 length 622
...
(1) session-state: No cached attributes
….
(1) if (!&session-state:User-Password) -> TRUE
(1) if (!&session-state:User-Password) {
(1) update session-state {
(1) User-Password := request:User-Password -> ‘11111111'
(1) } # update session-state = noop
...
(1) Sent Access-Challenge Id 171 from 10.30.9.11:1812 to 10.30.9.1:8272 length 0
(1) Reply-Message = "Please enter the verification code from Google Authenticator."
(1) State = 0x6368616c6c656e6765
More information about the Freeradius-Users
mailing list