Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

2-factor-authentication with freeradius

21 views
Skip to first unread message

Marius.Meisner

unread,
Jan 25, 2011, 5:44:11 AM1/25/11
to
Hi

I'm trying to develop a two-factor-authentication with freeradius (if
there isn't something compareable). For this I want to use first
pap-authentication from freeradius. After that I want radius to ask for
a second password and call a script which is sending a otp over an
sms-gateway to the users phone. You can imagine the second factor as
kind of mobile TAN. The sms-gateway works so far and isn't part of my
question. I've found nothing like this in any howto or tutorial so far,
instead of eap.

Any ideas how to get it to work?

Is the part the radius ask for second questions possible with a
request-challenge or is ist something completly different?

Where could I get further information about syntax used in users-file
and client.conf -file to include scripts?

Is the way over the files above a possible solution or should I use
pam-files?


Any ideas where to get more information?

any kind of hinds are welcome

MM

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alan DeKok

unread,
Jan 25, 2011, 5:54:08 AM1/25/11
to
Marius.Meisner wrote:
> I'm trying to develop a two-factor-authentication with freeradius (if
> there isn't something compareable).

src/modules/rlm_otp

> For this I want to use first
> pap-authentication from freeradius. After that I want radius to ask for
> a second password and call a script which is sending a otp over an
> sms-gateway to the users phone. You can imagine the second factor as
> kind of mobile TAN. The sms-gateway works so far and isn't part of my
> question. I've found nothing like this in any howto or tutorial so far,
> instead of eap.

src/modules/rlm_example. It does *exactly* this.

> Where could I get further information about syntax used in users-file
> and client.conf -file to include scripts?

The documentation?

> Is the way over the files above a possible solution or should I use
> pam-files?

No idea.

Alan DeKok.

mailtoaru...@gmail.com

unread,
Jul 22, 2015, 1:57:34 AM7/22/15
to
Hi Alan,

Can you please let me know How to configure freeRADIUS server so it replies with a CHAP "access-challenge" message on "access-request" from a client?

Best Regards,
Arnold
0 new messages