Hello, > can you not configure RADIUS server to do PAP + Challenge so that it > asks for username/password followed by one or more Access-Challenge? > If yes, how would you configure freeradius server to throw > Access-Challenge to radius client?
yes, you can. The easiest way is to grab: http://thomas.glanzmann.de/smsotpd.2012-08-16.tar.bz2 and follow the README in rlm_perl. Please also note that the test client that comes with radius does not support access challenges, maybe I'll write a patch for it but not right now. That is why I wrote my own test client in perl which is also included. Tell me if you need help, maybe I'll update the video on my website to include the rlm_perl implementation which is my favourite because it doesn't require a seperate daemon and works with most distros out of the box. Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html