Setup Freeradius for Challenge response authentication
Dear all, I am a new user of freeradius, currently using freeradius 1.1.0 on Redhat Linux. I wish to setup freeradius for a 2 factor authentication, such that: NAS issue an Access-Request to Radius server Radius server authenticate against LDAP once successful -- Radius server then issue an Access-Chanllenge to NAS (second factor, asking for an additional password/token) NAS reply with an Acces-Request Radius server then authenticate the second Access-request and reply to NAS. The above is roughly the authentication flow I wish to achieve. After reading the configuration setup instructions, I still have no clue where to start with the configuration, can some one please enlighten me? Is there a custom built radius module required?Thanks in advance for all the helpregardsKaden New Yahoo! Messenger with Voice. Call regular phones from your PC for low, low rates.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setup Freeradius for Challenge response authentication
Yizhi Lao [EMAIL PROTECTED] wrote: I am a new user of freeradius, currently using freeradius 1.1.0 on Redhat Linux. I wish to setup freeradius for a 2 factor authentication, such that: NAS issue an Access-Request to Radius server Radius server authenticate against LDAP once successful -- Radius server then issue an Access-Chanllenge to NAS (second factor, asking for an additional password/token) NAS reply with an Acces-Request Radius server then authenticate the second Access-request and reply to NAS. This is a very unusual request, since it isn't tied to an authentication method. You will have to write a module to do this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CallingStationId
Mordor Networks [EMAIL PROTECTED] wrote: I used to handle pppoe connections on freebsd, and when a connection is established, the field CallingStationId of the radacct table on mysql had the mac address of the calling user. rp-pppoe (or maybe linux pppd) seems not to do this by default and the field in question is left blank. Does anybody know a way to solve this? Update the PPP program to send the MAC address in the Calling-Station-Id attribute. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CallingStationId
Hello, I finally have a working rp-pppoe+pppd+linux+radius+mysql setup handling lots of connections :) I used to handle pppoe connections on freebsd, and when a connection is established, the field CallingStationId of the radacct table on mysql had the mac address of the calling user. rp-pppoe (or maybe linux pppd) seems not to do this by default and the field in question is left blank. Does anybody know a way to solve this? Thanks in advance.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CallingStationId
Dear Alan Thank you for your reply , i just don't know how to do it , if you please , can you give me some info or docs? regards On 4/2/06, Alan DeKok [EMAIL PROTECTED] wrote: Mordor Networks [EMAIL PROTECTED] wrote: I used to handle pppoe connections on freebsd, and when a connection is established, the field CallingStationId of the radacct table on mysql had the mac address of the calling user. rp-pppoe (or maybe linux pppd) seems not to do this by default and the field in question is left blank. Does anybody know a way to solve this? Update the PPP program to send the MAC address in the Calling-Station-Id attribute. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Network / Systems Administrator Mobile : 961-70-980578 Telephone : 961-147-83-90 Email : [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setup Freeradius for Challenge response authentication
Hi Alan, thank you for the response. What I am worried about is not the second authentication method, but to chain two authentication together. is there any convenient way to do it? Say: First access request, authenticated against LDAP, Radisu server reply with an Access challenge, NAS answers chanllenge, the answer is authenticated against LDAP again.Is it possible?Thanks and best regardsKaden Alan DeKok [EMAIL PROTECTED] wrote: Yizhi Lao <[EMAIL PROTECTED]> wrote:I am a new user of freeradius, currently using freeradius 1.1.0 on Redhat Linux. I wish to setup freeradius for a 2 factor authentication, such that:NAS issue an Access-Request to Radius server Radius server authenticate against LDAP once successful -- Radius server then issue an Access-Chanllenge to NAS (second factor, asking for an additional password/token) NAS reply with an Acces-Request Radius server then authenticate the second Access-request and reply to NAS. This is a very unusual request, since it isn't tied to anauthentication method. You will have to write a module to do this. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setup Freeradius for Challenge response authentication
Yizhi Lao [EMAIL PROTECTED] wrote: What I am worried about is not the second authentication method, but to chain two authentication together. is there any convenient way to do it? As I said, you have to write you own module to do this. The example module that is included with the server shows how to chain two authentications together. Take a look at it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CallingStationId
Wassim abbas [EMAIL PROTECTED] wrote: Thank you for your reply , i just don't know how to do it , if you please , can you give me some info or docs? Ask the people who wrote the PPP programs. I didn't write them, I don't use them, and I know nothing about them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html