Stefan Kuegler wrote: > I want to use MOTP for authentication. MOTP uses a shell-script > (/usr/local/bin/otpverify.sh) to verify the given password. The script > needs five arguments (User, One-Time-Password, Secret, PIN and Offset).
Where do those arguments come from? > My system is a fresh installation of freeradius on a Debian/Lenny system. > > I did the following changes on the following config-files: > > 1. A new dictionary-file (included in /etc/freeradius/dictionary): > /etc/freeradius/dictionary.motp > ------------------------------- > ATTRIBUTE Secret 960 string > ATTRIBUTE PIN 961 string > ATTRIBUTE Offset 962 string That defines the attributes. Now, where do the values get populated? > 2. A new module in > /etc/freeradius/radiusd.conf (modules-section): > ---------------------------- > [...] > exec motp { > wait = yes > program = "/usr/local/bin/otpverify.sh %{User-Name} > %{User-Password} %{Secret} %{PIN} %{Offset}" > input_pairs = request > output_pairs = config > } > [...] The %{...} syntax replaces the given string with the *value* of the named attributed. Where are you setting these values? > The main-problem is: freeradius didn't call the script with all the > needed arguments - so the authentication failes: > > [...] > expand: /usr/local/bin/otpverify.sh '%{User-Name}' > '%{User-Password}' '%{Secret}' '%{PIN}' '%{Offset}' -> > /usr/local/bin/otpverify.sh 'stefan' '123' '' '' '' Because you haven't define any values for those attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html