Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius 2.X & OTP Authentication

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      R0M4iN74
      last edited by

      Hi,

      I try on a sandbox to play with the OTP password. I chose to start with pfSense 2 (2.1.4-RELEASE (amd64)) and FreeRadius package (2.1.12_1/2.2.4 pkg v1.6.7_3).

      I create a new server with few seetings and the OTP configured like that:

      I configure a client to match my pfsense directly and add a radius server in the UserManager of pfsense. At the end, I create a user in freeRadius. Everything works fine if I play with the classic couple username and password but when I activate the OTP settings for my user (I add a init secret key & a pin code) and I try to authenticate myself with my OTP password (given by the DroidOTP Android App), it does not work. I entered the same init secret key in the Android App and type the same pin code.

      I can see that the current date on the radius server and on my phone is exactly the same.

      I don't know what  I'm doing wrong but if someone can give me some tips and help me to sort if out, I will be very grateful.

      Thanks !
      Rom1

      1 Reply Last reply Reply Quote 0
      • R
        R0M4iN74
        last edited by

        Hi,

        I kept searching yesterday and I think I maybe find out what's the trouble (but I don't know how to resolve it).

        I try to make the otpverify.sh works but I found that the md5 calculated for the right EPOCHTIME is not the same as the one given by the Android Application DroidOTP.

        I also had to comment the line : #EPOCHTIME=chop $EPOCHTIME because I saw that optverify take only the first 9th digits from the current date where the DroidOTP based it calculation with the 10 digits.

        Right now, I clearly don't know what is wrong with the code or my settings.

        1 Reply Last reply Reply Quote 0
        • michaeleinoM
          michaeleino
          last edited by

          I have the same issue… Don't think there is a miss configuration!
          But i didn't set a password for the user as discribed in docs... :(
          How could you resolve it !??

          1 Reply Last reply Reply Quote 0
          • R
            R0M4iN74
            last edited by

            Sorry I can't remind what I've done to make it works. It was a misconfiguration very stupid…  Can you show me your configuration I will tell what's different with mine.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.