Freeradius and smsotp

classic Classic list List threaded Threaded
5 messages Options
| Threaded
Open this post in threaded view
|

Freeradius and smsotp

Milovan Kotlica
Hi,

I have installed Freeradius 2.1.12 on Centos 6 and I use Thomas
Glanzmann SMSOTP. Now I want to migrate that on Centos 8. I installed
Freeradius 3.0.17 and same SMSOTP. When I login on vpn I first type
username/password and after that smsotp pin.
On new instalation I have issue with smsotp. My first login is OK and
smsotp module creates and send smsotp pin. But after I type smsotp pin
on vpn radius reject.

smsotpd.pl scripts return wornings:

Subroutine _call redefined at (eval 155) line 30.
Subroutine SendSMSExtService::want_som redefined at (eval 155) line 73.
Subroutine AUTOLOAD redefined at (eval 155) line 90.
Subroutine SendSMSExtService::SendSMSExt redefined at (eval 155) line 88.
Server session encountered read error 104: Connection reset by peer
Server session encountered read error 104: Connection reset by peer

p.s. In attach is last part of Freeradius debug.

Thanks


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius log.txt (31K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: Freeradius and smsotp

Alan DeKok-2
On Jul 27, 2020, at 2:48 AM, Milovan Kotlica <[hidden email]> wrote:
> I have installed Freeradius 2.1.12 on Centos 6 and I use Thomas Glanzmann SMSOTP. Now I want to migrate that on Centos 8. I installed Freeradius 3.0.17 and same SMSOTP. When I login on vpn I first type username/password and after that smsotp pin.
> On new instalation I have issue with smsotp. My first login is OK and smsotp module creates and send smsotp pin. But after I type smsotp pin on vpn radius reject.

  The debug log shows that the smsotp module asks the smsotpd daemon if the code is correct, and the daemon returns FAILED.  So you'll have to figure out why that happens.

  To be honest, not many people use that module.  In v3, I suspect you could drop the module entirely, and just use rlm_rest to do all of the REST calls.

> smsotpd.pl scripts return wornings:
>
> Subroutine _call redefined at (eval 155) line 30.
> Subroutine SendSMSExtService::want_som redefined at (eval 155) line 73.
> Subroutine AUTOLOAD redefined at (eval 155) line 90.
> Subroutine SendSMSExtService::SendSMSExt redefined at (eval 155) line 88.
> Server session encountered read error 104: Connection reset by peer
> Server session encountered read error 104: Connection reset by peer

  You've managed to corrupt the smsotpd.pl script.  Likely by putting two copies of it in the same file.

> p.s. In attach is last part of Freeradius debug.

  Is it really that difficult to read the documentation and follow instructions for posting the debug log?

http://wiki.freeradius.org/list-help

  People who read the documentation and follow instructions tend to find solutions.  People who ignore the documentation don't.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius and smsotp

Milovan Kotlica
Hi,

In attach is full debug.

I'm afraid that new radius smsotp module not working well with this smsotp.pl which created Thomas Glanzmann. I changed smsotp.pl script to log all steps but radius doesn't send verify to it, just quit.

Do you have any link how to use rlm_rest? My sms server is web service and I just need module to create otp pin, send otp to sms (web service) and validate pin.

This smsotp works great on Freeradius v2. Do you have experience with MultiOTL, Linotp and similar modules (I found them on internet). Also Freeradius has some otp module but I didn't found on internet how to use it.

Thanks

On 27/07/2020 14:13, Alan DeKok wrote:

> On Jul 27, 2020, at 2:48 AM, Milovan Kotlica <[hidden email]> wrote:
>> I have installed Freeradius 2.1.12 on Centos 6 and I use Thomas Glanzmann SMSOTP. Now I want to migrate that on Centos 8. I installed Freeradius 3.0.17 and same SMSOTP. When I login on vpn I first type username/password and after that smsotp pin.
>> On new instalation I have issue with smsotp. My first login is OK and smsotp module creates and send smsotp pin. But after I type smsotp pin on vpn radius reject.
>    The debug log shows that the smsotp module asks the smsotpd daemon if the code is correct, and the daemon returns FAILED.  So you'll have to figure out why that happens.
>
>    To be honest, not many people use that module.  In v3, I suspect you could drop the module entirely, and just use rlm_rest to do all of the REST calls.
>
>> smsotpd.pl scripts return wornings:
>>
>> Subroutine _call redefined at (eval 155) line 30.
>> Subroutine SendSMSExtService::want_som redefined at (eval 155) line 73.
>> Subroutine AUTOLOAD redefined at (eval 155) line 90.
>> Subroutine SendSMSExtService::SendSMSExt redefined at (eval 155) line 88.
>> Server session encountered read error 104: Connection reset by peer
>> Server session encountered read error 104: Connection reset by peer
>    You've managed to corrupt the smsotpd.pl script.  Likely by putting two copies of it in the same file.
>
>> p.s. In attach is last part of Freeradius debug.
>    Is it really that difficult to read the documentation and follow instructions for posting the debug log?
>
> http://wiki.freeradius.org/list-help
>
>    People who read the documentation and follow instructions tend to find solutions.  People who ignore the documentation don't.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius full debug (80K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: Freeradius and smsotp

Alan DeKok-2
On Jul 27, 2020, at 10:30 AM, Milovan Kotlica <[hidden email]> wrote:
>
> In attach is full debug.

  Thanks.

> I'm afraid that new radius smsotp module not working well with this smsotp.pl which created Thomas Glanzmann. I changed smsotp.pl script to log all steps but radius doesn't send verify to it, just quit.

  I'm not sure what that means.

> Do you have any link how to use rlm_rest? My sms server is web service and I just need module to create otp pin, send otp to sms (web service) and validate pin.

  The rlm_rest module comes with full documentation.

> This smsotp works great on Freeradius v2. Do you have experience with MultiOTL, Linotp and similar modules (I found them on internet). Also Freeradius has some otp module but I didn't found on internet how to use it.

  Maybe one of the other OTP modules works.  I haven't spent much time with them.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Fwd: Re: Freeradius and smsotp

Milovan Kotlica
In reply to this post by Milovan Kotlica
Hi,

Does anyone has experiense with Thomas Glanzmann smsotp on Freeradius
v3. Smsotp module creates and send smsotp pin. But after I type smsotp
pin on vpn radius reject.

Can you recommend me some smsotp solution for Freeradius v3?

Thanks

Milovan Kotlica
IT slu┼żba
RUKOVODILAC ODJELJENJA ZA IT INFRASTRUKTURU




-------- Forwarded Message --------
Subject: Re: Freeradius and smsotp
Date: Mon, 27 Jul 2020 16:30:35 +0200
From: Milovan Kotlica <[hidden email]>
To: [hidden email]



Hi,

In attach is full debug.

I'm afraid that new radius smsotp module not working well with this
smsotp.pl which created Thomas Glanzmann. I changed smsotp.pl script to
log all steps but radius doesn't send verify to it, just quit.

Do you have any link how to use rlm_rest? My sms server is web service
and I just need module to create otp pin, send otp to sms (web service)
and validate pin.

This smsotp works great on Freeradius v2. Do you have experience with
MultiOTL, Linotp and similar modules (I found them on internet). Also
Freeradius has some otp module but I didn't found on internet how to use it.

Thanks

On 27/07/2020 14:13, Alan DeKok wrote:

> On Jul 27, 2020, at 2:48 AM, Milovan Kotlica <[hidden email]> wrote:
>> I have installed Freeradius 2.1.12 on Centos 6 and I use Thomas Glanzmann SMSOTP. Now I want to migrate that on Centos 8. I installed Freeradius 3.0.17 and same SMSOTP. When I login on vpn I first type username/password and after that smsotp pin.
>> On new instalation I have issue with smsotp. My first login is OK and smsotp module creates and send smsotp pin. But after I type smsotp pin on vpn radius reject.
>     The debug log shows that the smsotp module asks the smsotpd daemon if the code is correct, and the daemon returns FAILED.  So you'll have to figure out why that happens.
>
>     To be honest, not many people use that module.  In v3, I suspect you could drop the module entirely, and just use rlm_rest to do all of the REST calls.
>
>> smsotpd.pl scripts return wornings:
>>
>> Subroutine _call redefined at (eval 155) line 30.
>> Subroutine SendSMSExtService::want_som redefined at (eval 155) line 73.
>> Subroutine AUTOLOAD redefined at (eval 155) line 90.
>> Subroutine SendSMSExtService::SendSMSExt redefined at (eval 155) line 88.
>> Server session encountered read error 104: Connection reset by peer
>> Server session encountered read error 104: Connection reset by peer
>     You've managed to corrupt the smsotpd.pl script.  Likely by putting two copies of it in the same file.
>
>> p.s. In attach is last part of Freeradius debug.
>     Is it really that difficult to read the documentation and follow instructions for posting the debug log?
>
> http://wiki.freeradius.org/list-help
>
>     People who read the documentation and follow instructions tend to find solutions.  People who ignore the documentation don't.
>
>     Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius full debug (80K) Download Attachment