Stack Gives Back Safety in numbers: crowdsourcing data on nefarious IP addresses. Featured on Meta. New post summary designs on greatest hits now, everywhere else eventually.
Related 2. Hot Network Questions. Question feed. Stack Overflow works best with JavaScript enabled. Accept all cookies Customize settings. How to use Debian is described below, but the instructions should be adaptable with ease to Ubuntu and with not too much work for CentOS.
Pull requests are welcomed from those who worked out how to get this working on other OS's eg. Starting with a fresh empty Debian 'buster' It is strongly recommended at this point you create a backup of the original configuration:. After updating the following files as described below you may need to replace freeradius with raddb , you should restart FreeRADIUS sudo systemctl restart freeradius to apply the changes.
Replacing example. Once you have a working configuration then do explore customising it to fit your needs but if you break something this module will return invalid ie. After a restart, you should be able to do an authentication against the server using radtest :. If your authentication fails, then you may see some Reply-Message attributes from Azure if there is a problem with the account.
Whilst FreeRADIUS is in debugging mode, you can monitor the database replication by looking for this may be interleaved with other debug output so do use grep 'oauth2 worker' :.
I was not able to find a proper and simple script to implement this very useful OTP feature. I have the strong belief that OTP should be easy and free to implement , coupling with a FreeRadius , as security has become a major issue nowadays. Skip to content. Star 1. Branches Tags. Could not load branches. Could not load tags. Latest commit. Git stats 11 commits. Failed to load latest commit information. View code.
This script takes action during two steps of an AAA authentication: During authorization : it checks if the user exists in the database During authentication : it generates an OTP and checks if the one provided by the user matches the one generated The OTP is created using a secret that is already stored in a database. Security Concerns For security purposes, the secret is stored in the database using Rijndael cipher.
In the Authorize section make sure that you have 'files' uncommented. Then add a line containing 'perl' after it. Because the perl interpeter is loaded into memory including the script, it is very fast. You will not be waisting time, waiting for perl to start up and process the script like in case when you use Exec-Program-Wait with perl script. Install or recompile libperl with debugging symbols.
0コメント