On Mon, 15 Jun 2009, Stefan Kuegler wrote:
> exec motp { > wait = yes > program = "/usr/local/bin/otpverify.sh %{User-Name} > %{User-Password} %{reply:Secret} %{reply:PIN} %{reply:Offset}" > input_pairs = request > output_pairs = config > }
Silly thought: The exec is named 'mopt' with an 'm'. But your script is 'optverify' with no 'm'. Just want to be sure that's not a silly typo.... :)
It seems, that freeradius never uses the "MOTP"-Auth-type: auth: type "PAP" +- entering group PAP
Not an expert on motp. But should it be mistaken for 'PAP'? Perhaps you need to put your check for 'motp' in the auth section *before* PAP? Or remove the reference to PAP altogether if you never use it....?
Do I need to configure something in the authorize-section or somewhere else ??
A line with the single word 'motp', probably just above the 'pap' line, if tht is causing trouble.... - Charles - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
