On Wed, 2008-07-02 at 12:33 -0600, Greg Woods wrote: > On Wed, 2008-07-02 at 17:15 +0100, Ivan Kalik wrote: > > > How sure are you that your auth script works? > > I'm not using a script. Under 1.1.7 at least, when "otp" is invoked, it > communicates with otpd using a socket.
I've got more on this; I'm now wondering if I should file a bug report. First, otpauth always works, both before and after trying it with freeradius. So I really believe the problem is not with otpd. What happens when I run radtest is, the first time, it always produces an Access-Reject response, whether or not I provide the correct passcode. The second time I run radtest, it sends radiusd into an infinite loop. No debugging output is produced after the first authentication attempt, and that looks like this: rlm_otp: otp_pwe_present: password attributes 2, 2 ++[otp] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type otp auth: type "otp" +- entering group authenticate rlm_otp: otp_pwe_present: password attributes 2, 2 Note that it says that otp returned ok, but it still sends an Access-Reject response. I ran radiusd under 'strace', and it shows that it is going into an infinite loop trying to write to the otpd socket, and getting a "Broken pipe" error. It will continue to do this, racking up CPU time, until I kill it. Does anybody have OTP authentication working with freeradius 2.0.5? Could something in my configuration be causing this problem, or is it more likely a bug? --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html