7

Test Client which supports PAP Access-Challenge

 4 years ago
source link: http://lists.freeradius.org/pipermail/freeradius-users/2012-May/060929.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
Test Client which supports PAP Access-Challenge

Test Client which supports PAP Access-Challenge

Thomas Glanzmann thomas at glanzmann.de
Mon May 21 16:12:18 CEST 2012 

Hello Matthew,

> Forget that - I've not had enough coffee yet today :) You need to
> respond to the challenge, not send one yourself...

exactly, however the Authen::Radius perl module saved my day:

#!/usr/bin/perl -w

# Thomas Glanzmann 16:06 2012-05-21
# First Argument is username, second argument is password
# Authen::Radius requires a legacy dictionary without advanced
# keywords like encrypted or $INCLUDEs

use strict;
use warnings FATAL => 'all';

use Authen::Radius;

my $r = new Authen::Radius(Host => '127.0.0.1', Secret => 'testing123');
Authen::Radius->load_dictionary('/home/sithglan/work/smsotpd/dictionary');

$r->add_attributes (
                { Name => 'User-Name', Value => $ARGV[0] },
                { Name => 'User-Password', Value => $ARGV[1] },
);

$r->send_packet(ACCESS_REQUEST)  || die;
my $type = $r->recv_packet();

print "server response type = $type\n";

my $state = undef;

for $a ($r->get_attributes()) {
        if ($a->{Name} eq 'State') {
                $state = $a->{RawValue};
        }
}

print "Enter otp: ";
my $otp = <STDIN>;
chomp($otp);

$r->add_attributes (
                { Name => 'User-Name', Value => $ARGV[0] },
                { Name => 'User-Password', Value => $otp },
);

$r->send_packet(ACCESS_REQUEST)  || die;
$type = $r->recv_packet();

print "server response type = $type\n";

# Execution:

(minisqueeze) [~/work/smsotpd] ./pap_challenge_request.pl 'administrator at directory.gmvl.de' 'password'
server response type = 11
Enter otp: 82701
server response type = 2

# radiusd -X

rad_recv: Access-Request packet from host 127.0.0.1 port 49189, id=40, length=71
        User-Name = "administrator at directory.gmvl.de"
        User-Password = "password"
# Executing section authorize from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess]    expand: %{User-Name} -> administrator at directory.gmvl.de
[preprocess]    expand: %{User-Name} -> administrator at directory.gmvl.de
[preprocess]   hints: Matched DEFAULT at 4
[preprocess]    expand: %{1}@DIRECTORY.GMVL.DE -> administrator at DIRECTORY.GMVL.DE
++[preprocess] returns ok
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[smsotp] returns ok
Found Auth-Type = smsotp
# Executing group from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group smsotp {...}
rlm_krb5: verify_krb_v5_tgt: host key not found : Configuration file does not specify default realm
++[krb5] returns ok
rlm_smsotp: Generate OTP
rlm_smsotp: Uniq id is 5500455282
rlm_smsotp: Sending Access-Challenge.
++[smsotp] returns handled
Sending Access-Challenge of id 40 to 127.0.0.1 port 49189
        Reply-Message = "Enter Mobile PIN:"
        State = 0x35353030343535323832
Finished request 18.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 49189, id=41, length=102
        Reply-Message = "Enter Mobile PIN:"
        State = 0x35353030343535323832
        User-Name = "administrator at directory.gmvl.de"
        User-Password = "82701"
# Executing section authorize from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess]    expand: %{User-Name} -> administrator at directory.gmvl.de
[preprocess]    expand: %{User-Name} -> administrator at directory.gmvl.de
[preprocess]   hints: Matched DEFAULT at 4
[preprocess]    expand: %{1}@DIRECTORY.GMVL.DE -> administrator at DIRECTORY.GMVL.DE
++[preprocess] returns ok
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
rlm_smsotp: Found reply to access challenge (AUTZ), Adding Auth-Type 'smsotp-reply'
++[smsotp] returns ok
Found Auth-Type = smsotp-reply
# Executing group from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group smsotp-reply {...}
rlm_smsotp: Found reply to access challenge
rlm_smsotp: SocketReply is OK
++[smsotp] returns ok
# Executing section post-auth from file /local/freeradius-server-2.1.9/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 41 to 127.0.0.1 port 49189
Finished request 19.

Cheers,
        Thomas


More information about the Freeradius-Users mailing list

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK