Hello All,
I've been trying to get this seemingly simple implementation working for the
past week to no avail. I've been scouring the search in an attempt to find
someone with the exact same problem, yet haven't found anyone. Hopefully
someone here can help.
Here is my attempted implementation:
I'm trying to implement a sort of MobileOTP solution for testing using
EAP-PEAP-GTC. A user has a time synchronized MobileOTP soft token (on their
mobile phone) which they will use to generate a One Time Password. The user
can then log onto a wireless networking using their given username and OTP.
To make matters simpler, I thought I'd just use the users file to store the
users username, seed Secret, PIN, and time offset. When a user tries to
login using GTC, the PEAP tunnel will be created and then the users username
will be checked against the users file in order to populate their data
(Secret, PIN, Offset). Then the username, OTP, Secret, PIN, and Offset will
be sent as arguments to an external script called otpverify.sh that will
verify that the OTP entered for that user is correct. If it is it returns
ACCEPT, otherwise FAIL.
So far the PEAP tunnel is created without a problem, but when it enters the
EAP/gtc phase 2 it seems to only populate the User-Name attribute. The
User-Password, Secret, PIN, and Offset values all expand as empty. As a
result, phase 2 GTC authentication fails because the gtc module says it
needs a Cleartext-Password. I feel as though I need to populate those
attributes somewhere, but I have no idea where... or how exactly to do it.
I'm a little new to FreeRADIUS and this is the first time I've tried working
with GTC and external scripts, so absolutely any help/direction/suggestions
are greatly appreciated. I've tried a bunch of different things but I'm
pretty stuck, my configuration is probably screwed up to the max so if you'd
like me to start from a more default configuration I'd be happy to do that.
Thank you in advance.
Here is the radiusd debug output:
FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu, built on Oct 19
2010 at 19:44:32
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/inner-eap.rpmsave
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/ntlm_auth.rpmsave
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/mschap.rpmsave
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/mac2vlan
including configuration file
