Thomas Glanzmann wrote: > I have a propiertary radius client which I want to authenticate against > freeradius the following way: > > - User types is username: directory\Administrator password:secret > - Freeradius authenticates against active directory.
Which authentication method? This matters a lot. > This already works > > - From the documentation of the propiertary radius client: > > After authenticating to RADIUS, you may get another prompt if > the RADIUS server responded with a supported Access Challenge. > Full generic RADIUS challenge/response is not supported, but a > limited access challenge for a string token code is supported. What does that mean? > - So now I want freeradius to send 'Access Challenge' and send a > sms to the user (for that purpose I wrote a perl daemon which > listens on a unix socket in order to talk to smsotp freeradius > module)[1]. However nothing comes in. What does that mean? "nothing comes in" ??? > authenticate { > mschap > Auth-Type smsotp { > mschap > smsotp > } I really doubt that will work. > - Is it possible to do a mschapv2 authentication followed by > Access challenge in order to send out a sms with a one time > password by configuring freeradius or do I need to code? No. It's impossible. MS-CHAP is an authentication method with pre-defined meaning, user interaction, and data flow. Adding something to it is impossible. > Where > do I find pointers? I read the source code of the smsotp and > the rlm_example module, I get the basic idea that first the > otp is generated and than it is checked, however I don't get > how to configure freeradius to choose the codepath. I also > don't get if it is possible to stack authentication methods in > freeradius. Sometimes, yes. It depends on the authentication method. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html