Hello Matthew, > Forget that - I've not had enough coffee yet today :) You need to > respond to the challenge, not send one yourself...
exactly, however the Authen::Radius perl module saved my day: #!/usr/bin/perl -w # Thomas Glanzmann 16:06 2012-05-21 # First Argument is username, second argument is password # Authen::Radius requires a legacy dictionary without advanced # keywords like encrypted or $INCLUDEs use strict; use warnings FATAL => 'all'; use Authen::Radius; my $r = new Authen::Radius(Host => '127.0.0.1', Secret => 'testing123'); Authen::Radius->load_dictionary('/home/sithglan/work/smsotpd/dictionary'); $r->add_attributes ( { Name => 'User-Name', Value => $ARGV[0] }, { Name => 'User-Password', Value => $ARGV[1] }, ); $r->send_packet(ACCESS_REQUEST) || die; my $type = $r->recv_packet(); print "server response type = $type\n"; my $state = undef; for $a ($r->get_attributes()) { if ($a->{Name} eq 'State') { $state = $a->{RawValue}; } } print "Enter otp: "; my $otp = <STDIN>; chomp($otp); $r->add_attributes ( { Name => 'User-Name', Value => $ARGV[0] }, { Name => 'User-Password', Value => $otp }, ); $r->send_packet(ACCESS_REQUEST) || die; $type = $r->recv_packet(); print "server response type = $type\n"; # Execution: (minisqueeze) [~/work/smsotpd] ./pap_challenge_request.pl 'administra...@directory.gmvl.de' 'password' server response type = 11 Enter otp: 82701 server response type = 2 # radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 49189, id=40, length=71 User-Name = "administra...@directory.gmvl.de" User-Password = "password" # Executing section authorize from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default +- entering group authorize {...} [preprocess] expand: %{User-Name} -> administra...@directory.gmvl.de [preprocess] expand: %{User-Name} -> administra...@directory.gmvl.de [preprocess] hints: Matched DEFAULT at 4 [preprocess] expand: %{1}@DIRECTORY.GMVL.DE -> administra...@directory.gmvl.de ++[preprocess] returns ok [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok ++[smsotp] returns ok Found Auth-Type = smsotp # Executing group from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default +- entering group smsotp {...} rlm_krb5: verify_krb_v5_tgt: host key not found : Configuration file does not specify default realm ++[krb5] returns ok rlm_smsotp: Generate OTP rlm_smsotp: Uniq id is 5500455282 rlm_smsotp: Sending Access-Challenge. ++[smsotp] returns handled Sending Access-Challenge of id 40 to 127.0.0.1 port 49189 Reply-Message = "Enter Mobile PIN:" State = 0x35353030343535323832 Finished request 18. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 49189, id=41, length=102 Reply-Message = "Enter Mobile PIN:" State = 0x35353030343535323832 User-Name = "administra...@directory.gmvl.de" User-Password = "82701" # Executing section authorize from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default +- entering group authorize {...} [preprocess] expand: %{User-Name} -> administra...@directory.gmvl.de [preprocess] expand: %{User-Name} -> administra...@directory.gmvl.de [preprocess] hints: Matched DEFAULT at 4 [preprocess] expand: %{1}@DIRECTORY.GMVL.DE -> administra...@directory.gmvl.de ++[preprocess] returns ok [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok rlm_smsotp: Found reply to access challenge (AUTZ), Adding Auth-Type 'smsotp-reply' ++[smsotp] returns ok Found Auth-Type = smsotp-reply # Executing group from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default +- entering group smsotp-reply {...} rlm_smsotp: Found reply to access challenge rlm_smsotp: SocketReply is OK ++[smsotp] returns ok # Executing section post-auth from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 41 to 127.0.0.1 port 49189 Finished request 19. Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html