/etc/freeradius/3.0/sites-available/challenge is in freeradius-config 3.0.16+dfsg-1ubuntu3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 | #
# This file gives an example of using Challenge-Response
#
# In this example, the user logs in with a password, which has
# to be "hello". The server will send them a challenge
# consisting of a random number 0..9. The user has to respond
# with that number.
#
#
# $Id: 24c9b2546eb2a62fb60b31fa5add4537b6536a31 $
#
listen {
type = auth
ipaddr = *
port = 2000
virtual_server = challenge
}
server challenge {
authorize {
#
# If ther's no State attribute, then this is the request from
# the user.
#
if (!State) {
update control {
Auth-Type := Step1
Cleartext-Password := "hello"
}
}
else {
#
# Do authentication for step 2.
# Set the "known good" password to the number
# saved in the session-state list.
#
update control {
Auth-Type := Step2
Cleartext-Password := &session-state:Tmp-Integer-0
}
}
}
authenticate {
Auth-Type Step1 {
# If the password doesn't match, the user is rejected
# immediately.
pap
#
# Set the random number to save.
#
update session-state {
Tmp-Integer-0 := "%{randstr:n}"
}
update reply {
Reply-Message := &session-state:Tmp-Integer-0
}
#
# Send an Access-Challenge.
# See raddb/policy.d/control for the definition
# of "challenge"
#
challenge
}
Auth-Type Step2 {
#
# Do PAP authentication with the password.
#
pap
}
}
}
|