Freeradius second auth factor
Anton Kiryushkin
swood at fotofor.biz
Fri Dec 20 18:55:02 CET 2019
пт, 20 дек. 2019 г. в 17:39, Alan DeKok <aland at deployingradius.com>:
> On Dec 20, 2019, at 12:23 PM, Anton Kiryushkin <swood at fotofor.biz> wrote:
> > Now I see the next message from ASA:
> >
> > Fri Dec 20 15:21:41 2019 : Debug: (2) User-Name = "Jon_Snow"
> > Fri Dec 20 15:21:41 2019 : Debug: (2) User-Password =
> > "xZ\202\002\280<\206у\n\323y\261\357\471%y"
>
> The shared secret is wrong. Reading the debug output will tell you that.
>
>
> >> Usually, people use login name, and then take the 6 digit OTP, and add
> >> it to the password, e.g.
> >>
> >> User-Name = "bob"
> >> User-Password = "123456my_secret_password"
> >>
> >>
> > How to parse it in FreeRadius?
>
> With a regular expression.
>
> if (User-Password =~ /^(......)(.*)$/) {
> ... %{1} is OTP
> . ... %{2} is password
> }
>
> > Yes, correctly, but FreeRadius can run some script to generate OTP and
> send
> > it. However, I can't understand how to do it before authorisation. Or
> wait
> > for this process during authorisation. Probably I am wrong.
>
> You can run scripts via the 'exec' module. see mods-available/exec
>
>
Yes, I can, but you didn't answer the question: does it possible to run
exec and use generated code during the authorisation?
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Best regards,
Anton Kiryushkin
More information about the Freeradius-Users
mailing list