Best/fastest method to query external radius OTP
Dominique Wille
dominique.wille at plantformance.com
Thu Jun 18 10:35:00 CEST 2020
Hello dear users. Could you help ?
We have a freeradius 3.0.x configuration working
- Authorization with LDAP
- Authentication with LDAP, backup to files
Now trying to get validation from OTP provider
Needs to send a radius request with User-Name="myusername",
User-Password="push" (this one is always "push", not the original pwd). The
"push" words triggers a push notification on mobile that needs to be
answered, and then OTP provider radius answers with accept or reject.
I have tried radclient (working in console mode) with exec module, but
having some issues to move it to rlm_exec module (piping data I think).
So far reached
exec myotp {
input_pairs = request
wait = yes
timeout = 30
program = "/bin/echo \"User-Name=$USER_NAME,User-Password=push\" |
/bin/radclient -r 1 -t 20 xx.xx.xx.xx:1812 auth mysecret"
}
Of course still missing the testing of what the command returns.
But this does not work. Seems piping is not working and I can not push two
commands there.
An idea where is the issue ?
Is there a better or fastest way ?
thanks
nash35
More information about the Freeradius-Users
mailing list