Hi Mercier
What it sounds like you are trying to do, needs more than just the
radius server to do it. One of the features I'm writing for the Grase
Hotspot (which uses Coova Chilli and Freeradius), is the ability for the
user to create an account based on their mobile number.
It goes a bit like this.
User is presented with a form that allows them to enter a "username"
which has to be their mobile number.
The form is submitted to a php script, which then creates a user in the
radius tables (SQL) with the username as their mobile number, and
generates them a random password. The same php script then sends that
random password via a sms gateway to the users mobile phone (confirming
that the number is correct and the user has possession of it).
The user is then presented with a normal login form, which they can use
the mobile number, and the password they received as a sms, to login
which is handled via normal Coova Chilli and Radius.
What you could do, is again, using a php script, generate the OTP and
create the user in a special temporary table with the OTP and a password
(maybe the user sets the password as well). Then, the user sends the OTP
to the special number, and waits. When the SMS arrives at the special
number, it would need to trigger a script somehow (not sure how you
receive your SMS as all the gateways I use are for sending only), which
would then confirm the OTP from the temporary table, if it is valid then
we create the user with the password specified in the table, and then
the user can login.
I'm assuming though, what you want to do, sounds like 2 different
things. Firstly you want the Radius server to create a user when there
is no user known. For this, you are going to need a script that does it.
I prefer an external script, but you could use rlm_perl or similar to do it.
The seconds half of what you are doing, sounds like using OTP's for the
user. There are a few ways to do this, but normally the user ether has
an application (i.e. smartphone, or security token dongle thing) that is
pre-authorised with codes to assist with generating the time based
OTP's. Or, a list of use once passwords that the server also has, to be
used in order. Or, as most banks around here do, sending a sms to the
authorised phone number of the user, so the user uses that instead of
their normal password.
I hope that is clear. You probably need to do 2 different things to get
the solution you want.
Tim
On 07/03/12 22:56, Mercier Valentin wrote:
Hi everyone,
I'm using Freeradius 2.1.12 on a server Debian. I have an another
server Debian with Coovachilli (captive portal) and an Access Point
based on Ruckus OS.
When my users connected on the AP, a web page is coming with a
formular to connect. Then the user enter is information (username and
password) and Coovachilli made the authentication on the radius and
this is working fine.
Now I want to make something different, when the user connected on the
AP, I want that he received a little formular, then he need to enter a
username (not know on the radius) and i want the radius to create a
One Time Password and send it to the user (on an another webpage). And
the user send this OTP via SMS to a smsm gateway to finish the
authentication, is that possible, and if yes, could someone explain to
me how I can make it ?
For the gateway sms I am using SMSLib (java library) on the
*same* server as freeradius.
Best regards and sorry for my bad english (from switzerland).
--
Mercier Valentin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
