wifi 802.11 to pap and perl handoff

Alan DeKok aland at deployingradius.com
Fri Aug 23 15:47:31 CEST 2019

On Aug 23, 2019, at 9:37 AM, Linux Threads <linuxthreads at gmail.com> wrote:
> please can you guide me how to handoff my wifi auth username and password
> to FR outer-el via PAP and then pass the username and password to linotp
> perl script via the inner-tunnel

  Follow my guide to get 802.1X / EAP working:


  Then, use "radclient" to test PAP passwords with the "inner-tunnel" virtual server.  See the comments at the top of the "inner-tunnel" virtual server for more information.

  Do NOT try to test OTP + WiFi together.  Make sure that WiFi works.  Then independently, make sure that OTP works.  Only when both work independently should you try WiFi + OTP.

  And be aware that WiFi is likely to not work well with OTP.  WiFi clients want to cache the passwords for days.  This is because the systems can connect and disconnect multiple times in an hour.

  Entering an OTP code *every time* you connect to Wifi is difficult and annoying.

> tried to follow this
> http://lists.freeradius.org/pipermail/freeradius-users/2016-November/085830.html
> however
> not getting it to work
> Fri Aug 23 12:28:17 2019 : Debug: (3)   Auth-Type Perl {
> Fri Aug 23 12:28:17 2019 : Debug: (3)     modsingle[authenticate]: calling
> perl (rlm_perl)

  Follow the documentation for what to post to the list.  This isn't difficult.  And what you posted isn't what we need to see.
> Fri Aug 23 12:28:17 2019 : Debug: (3) perl: &reply:Reply-Message =
> $RAD_REPLY{'Reply-Message'} -> 'LinOTP server denied access!'

  That's pretty clear.

  Alan DeKok.

More information about the Freeradius-Users mailing list