Hi Alan.
Stefan Kuegler wrote:
OK - that's what I forgot to say. The first two arguments (user and
password) come directly from the user. The next three arguments (secret,
pin and offset) are per-user-values. So I wanted to configure these
values in the 'users'-file (/etc/freeradius/users)
For example:
[...]
user1
Secret = 143a5c6fa125ac1f,
PIN = 1234,
Offset = 0
So... they are REPLY attributes. See "man unlang" for how to refer to
attributes in the reply list. %{Secret} isn't it.
OK. I think, I have to use the word "reply" to use these attributes. I
changed my config-files accordingly.
/etc/freeradius/radiusd.conf (modules-section):
exec motp {
wait = yes
program = "/usr/local/bin/otpverify.sh %{User-Name}
%{User-Password} %{reply:Secret} %{reply:PIN} %{reply:Offset}"
input_pairs = request
output_pairs = config
}
/etc/freeradius/users:
DEFAULT Auth-Type = Accept
Exec-Program-Wait = "/usr/local/bin/otpverify.sh '%{User-Name}'
'%{User-Password}' '%{reply:Secret}' '%{reply:PIN}' '%{reply:Offset}'",
Fall-Through = Yes
user1 Secret:=143a5c6fa125ac1f, PIN:=1234, Offset:=0
I hope that these changes are correct ??
But this is the part of the debug-log after a new test. When the script
has been called by freeradius, you can see, that the needed arguments
Secret, PIN, Offset) are still missing.
[...]
expand: /usr/local/bin/otpverify.sh '%{User-Name}' '%{User-Password}'
'%{reply:Secret}' '%{reply:PIN}' '%{reply:Offset}' ->
/usr/local/bin/otpverify.sh 'user1' 'secret' '' '' ''
[...]
Any ideas ??
Best regards,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
