<div dir="ltr">Hello Heikki, <div><br></div><div>Thanks for the help. I worked as expected after doing corrections. I would like to have EAP support as well. Can you help me with enabling that ? </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 7, 2022 at 5:52 PM Heikki Vatiainen <<a href="mailto:hvn@open.com.au">hvn@open.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 6.1.2022 14.31, Sagar Malam wrote:<br>
<br>
> Thanks for the help. I tried the approach with authby OTP that you <br>
> suggested but once Authby LDAP2 is processed , Authby OTP is not getting <br>
> executed instead Access-Accept is sent to client.<br>
<br>
Thanks for the log and config. It seems I made a typo in my previous reply:<br>
<br>
> Config File :<br>
> <br>
> <AuthBy OTP><br>
> Identifer otp-authby<br>
<br>
This should be 'Identifier'. One 'i' is missing. When this happens there <br>
are error and warning level log messages because of this and missing <br>
reference from <Handler>. Remember to check the startup log messages too <br>
when troubleshooting.<br>
<br>
> EAPType One-Time-Password,Generic-Token<br>
<br>
I'd also remove EAPType parameters for now. If you need to support EAP, <br>
then it should be tested separately to see that the processing works <br>
with EAP and see what updates might be needed.<br>
<br>
Note that there's also EAPType in AuthBy LDAP2 clause below.<br>
<br>
> <Handler><br>
> AuthByPolicy ContinueWhileAccept<br>
> <AuthBy LDAP2><br>
> Host 192.168.0.45<br>
> EAPType One-Time-Password,Generic-Token<br>
> AuthDN CN=XXXXXX ,OU=ServiceAccounts,DC=XXXXX,DC=XXXXX,DC=com<br>
> AuthPassword XXXXX<br>
> BaseDN DC=XXXXXX,DC=XXXXX,DC=com<br>
> ServerChecksPassword<br>
> UsernameAttr sAMAccountName<br>
> AuthAttrDef logonHours,MS-Login-Hours,check<br>
> ConsumePassword ,<br>
<br>
Change this to 'ConsumePassword'. That is, let it empty the password <br>
completely. In some cases both static and one-time password are sent <br>
together and need to split, but not this time.<br>
<br>
<a href="https://files.radiatorsoftware.com/radiator/ref/ConsumePassword.html" rel="noreferrer" target="_blank">https://files.radiatorsoftware.com/radiator/ref/ConsumePassword.html</a><br>
<br>
<br>
> </AuthBy><br>
> AuthBy otp-authby<br>
> </Handler><br>
> <br>
> Error Log : <a href="https://paste-bin.xyz/30722" rel="noreferrer" target="_blank">https://paste-bin.xyz/30722</a> <<a href="https://paste-bin.xyz/30722" rel="noreferrer" target="_blank">https://paste-bin.xyz/30722</a>><br>
> <br>
> [root@radiator goodies]# /opt/radiator/radiator/radpwtst -noacct <br>
> -password '' -user XXXXX -password XXXX<br>
> sending Access-Request<br>
> OK<br>
<br>
Use '-trace 4' with rdpwtst to see in detail what it sends and receives. <br>
With multi-round authentication, also add '-interactive' flag to tell <br>
radpwtst that more than a single request is needed.<br>
<br>
Thanks,<br>
Heikki<br>
<br>
-- <br>
Heikki Vatiainen<br>
OSC, makers of Radiator<br>
Visit <a href="http://radiatorsoftware.com" rel="noreferrer" target="_blank">radiatorsoftware.com</a> for Radiator AAA server software<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span style="font-size:12.8px"><br></span></div><div dir="ltr"><span style="font-size:12.8px">Thanks & Regards,</span><br></div></div><div dir="ltr"><span style="font-size:12.8px">Sagar Malam</span><br style="color:rgb(38,50,56);font-size:13px;line-height:16px"><span style="color:rgb(38,50,56);font-size:13px;line-height:16px">Project Leader | Ecosmob Technologies Pvt. Ltd.</span><br style="color:rgb(38,50,56);font-size:13px;line-height:16px"><span style="color:rgb(38,50,56);font-size:13px;line-height:16px">(+91)9601533171 | </span><a rel="nofollow noreferrer" href="http://www.google.com/url?q=http%3A%2F%2Fwww.hodusoft.com&sa=D&sntz=1&usg=AFQjCNHXhIaelhkmhqcPU8D1lt3QoYpm2w" dir="ltr" style="color:rgb(38,50,56);font-size:13px;line-height:16px" target="_blank">www.ecosmob.com</a><br style="color:rgb(38,50,56);font-size:13px;line-height:16px"><span style="color:rgb(38,50,56);font-size:13px;line-height:16px">Skype: sagar.ecosmob</span><br></div></div></div></div></div></div></div>
<br>
<div><font face="Arial" size="2" style="background-color:white" color="#808080"><b>Disclaimer</b></font></div><div><div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small">In addition to generic Disclaimer which you have agreed on our website, any views or opinions presented in this email are solely those of the originator and do not necessarily represent those of the Company or its sister concerns. Any liability (in negligence, contract or otherwise) arising from any third party taking any action, or refraining from taking any action on the basis of any of the information contained in this email is hereby excluded.</span></div></div><div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small"><br></span></div><div><font face="Arial" size="2" style="background-color:white" color="#808080"><b>Confidentiality</b></font></div><div><font face="Arial" size="2" style="background-color:white" color="#808080">This communication (including any attachment/s) is intended only for the use of the addressee(s) and contains information that is PRIVILEGED AND CONFIDENTIAL. Unauthorized reading, dissemination, distribution, or copying of this communication is prohibited. Please inform originator if you have received it in error.</font></div><div><font face="Arial" size="2" style="background-color:white" color="#808080"><br></font></div><div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small"><b>Caution for viruses, malware etc.</b></span></div><div><font face="Arial" size="2" style="background-color:white" color="#808080">This communication, including any attachments, may not be free of viruses, trojans, similar or new contaminants/malware, interceptions or interference, and may not be compatible with your systems. You shall carry out virus/malware scanning on your own before opening any attachment to this e-mail. The sender of this e-mail and Company including its sister concerns shall not be liable for any damage that may incur to you as a result of viruses, incompleteness of this message, a delay in receipt of this message or any other computer problems. </font></div>