On Wed, 2008-07-02 at 09:23 +0100, Ivan Kalik wrote: > Try adding it to inner-tunnel as well (you won't be using it there, but > it won't hurt). It looks like inner-tunnel is loaded before default in > your configuration (my 2.0.5 loads default first).
Thank you! That was it! First major hurdle overcome. Now I have to figure out why it doesn't authenticate. "otpauth" does work, so I know otpd is doing the right thing, but when I run "radtest", I see a bunch of Access-Request packets sent and no response. The debug output looks like: rad_recv: Access-Request packet from host 128.117.64.240 port 33485, id=190, len gth=57 User-Name = "woods" User-Password = "##########" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "woods", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated users: Matched entry DEFAULT at line 4 ++[files] returns ok rlm_otp: otp_pwe_present: password attributes 2, 2 ++[otp] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type otp auth: type "otp" +- entering group authenticate rlm_otp: otp_pwe_present: password attributes 2, 2 I cannot see from there why the server is not responding. I thought maybe it was a firewall issue, so I made sure to try again after turning off iptables, but the result is the same. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html