Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Freeradius 2.x and 3.x OTP - User Time Offset and OTP Lifetime have no impact

    pfSense Packages
    1
    1
    69
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      med last edited by

      Hi,

      Hardware: Alix
      PFsense: 2.4.4-p3
      Freeradius: 2.x and 3 - 0.15.7_10

      What i want
      I use the freeradius with google OTP for OVPN auth. It works like a charm. The problem is, some users need a hardware token generator because of lack of a cellphone. These things will never have the time 100% in sync, so i need the offset to correct that. But it feels like it is not working at all.

      Problem
      It feels like the offset is not working at all.
      The OTP code is only valid within the first 15 sec. But it is a SHA1 with 30 sec. timespawn.

      I tried
      First i tried to use the "Time Offset" value under the right user. The GUI told me i cant use a value that would match the 30 sec. offset. My otp card is excactly one otp code behind my cellphone. I change the value manually with the "edit file" tool. It changed nothing on the behavor. The otp worked in the exact same time frame as before. Then i set the offset to 3600. My expectation was, that the otp code would not valid anymore. But it was accepted like before within the first 15 sec.
      Second aproach was to change the general accept timeframe for all OTP codes. I changed that value from 2 (means 20 sec.) to the maximum 12 (2 min.). I would have expected that i now would be able to use the otp code even after it is new created 2 times. But it changed nothing. Reboots after any change didnt help.

      I stumbled over this thread -> https://forum.netgate.com/topic/39727/new-package-freeradius-2-x/552 but it seems like all the changes have been adapted to the release version.

      Can anyone help?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy