Hello Dave,
you did right to check with the radclient tool.
The Reply-Message "Missing parameter" is directly from privacyIDEA.
It states, that it does not get the parameter pass.
So obviously the RADIUS protocol contains an empty password or no
password?!?
You can verify this e.g. with wireshark.
And I can not help you WHY the RADIUS client does not send the
User-Password parameter.
You might have configurd CHAP or MSCHAP!
You need to configure PAP.
Kind regards
Cornelius
Am Donnerstag, den 21.07.2016, 13:04 -0700 schrieb Dave Baddorf:
> Hello!
>
>
> I can't get the RADIUS authentication to FreePBX (with PrivacyIDEA
> backend to work). I have a TOTP token which authenticates using the
> following command: "echo "User-Name=user, User-Password=pin245734" |
> radclient -sx localhost auth testing123". Yet when my Cisco ASA
> attempts to authenticate this same user I get the following errors in
> the FreeRADIUS log (the full log is attached):
> * rlm_perl: privacyIDEA request failed: 400 BAD REQUEST
> * rlm_perl: Added pair Reply-Message = ERR905: Missing
> parameter: 'pass'
> I've also attached the PrivacyIDEA Debug file. Also a 2nd Debug file
> from the radclient test which is successful.
> As a newbie I'd certainly appreciate any help! I'm really impressed
> with what I've seen so far with PrivacyIDEA - now I just have to get
> it connected to my ASA [which I've connected to FreeRADIUS & Google
> Authenticator open-source in the past]...
> Thanks again!
> P.S. I
> followed
https://privacyidea.readthedocs.io/en/latest/installation/ubuntu.html for my setup.
>
>
> --
> Please read the blog post about getting help
>
https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
>
https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/a404c1d6-159e-40a5-bb6e-2254b5225c80%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel:
+49 561 3166797, Fax:
+49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel