Hello Joël, > jodan@otpradius:~/work/smsotpd$ ./pap_challenge_request.pl > Enter username: dsp1A00113 > Enter password: > server response type = Access-Challenge (11) > Enter otp: 89003 > server response type = Access-Accept (2)
> Yeah, it works !! The step 1 is achieved :o) that is good to hear. > One more question, have you setup several realms? It will be my case, > and if you have some clues it must be a quick win. Yes, it will work with multiple realms. There is not much that you need to other than you need to use HINTS or any other way of rewriting in the radius server to rewrite the username to username@REALM. The REALM has to be written UPPERCASE otherwise it will not work. Once you have that achieved it will works if the radius server is able to resolve the ticket granting server for the REALM using DNS. You can use the following command to double check: apt-get install dnsutils dig _kerberos._udp.ww004.siemens.net srv # Exchange ww004.siemens.net with your REALM. In the DNS query the realm # can be lowercase because DNS is case insensitive. > So the test environnemnt is functional, and i will test it against > view 5.1 before the end of the week if my other tasks lets me quiet > ;o) Let me know. VMware View 5.1 has a bug in there you need to configure it with this option uncheck: Enforce 2-factor and Windows username matching. Otherwise if your username contains a backslash as in domain\username the View Client will not send the acces challenge reply. I opened a bugreport with VMware, they have accepted it but decided not to fix it. If you need help with VMware View let me know. Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html