Tag Archives: freeradius

Freeradius: add motp authentication

aptitude install ksh gcc libpam0g-dev -y
wget http://motp.sourceforge.net/pam_mobile_otp-0.6.2.tgz
tar -zxf pam_mobile_otp-0.6.2.tgz
cd pam_mobile_otp-0.6.2
make && make install
wget http://downloads.sourceforge.net/project/pam-script/pam-script-1.1.5.tar.gz
cd pam-script
./configure && make && make install
wget http://motp.sourceforge.net/otpverify.sh
chmod +x otpverify.sh
wget http://motp.sourceforge.net/dictionary.motp
include this file to /etc/freeradius/dictionary
mkdir -p /var/motp/{cache,users}
chown -R freerad.freerad /var/motp
create file /etc/freeradius/modules/MOTP
wait = yes
program = «/path/to/otpverify.sh %{User-Name} %{User-Password} %{reply:Secret} %{reply:Pin} %{reply:Offset}»
input_pairs = request
output_pairs = reply

add to file /etc/freeradius/sited-enabled/default (or which do you use)
Auth-Type External {

edit /etc/freeradius/users
DEFAULT Auth-Type := External
  Fall-Through = Yes
 Secret = e37629f6d057dcc5,
 PIN = 1234,
 Offset = 0

/etc/init.d/freeradius restart

FreeRadius + pam + sshd

For example we will authorized on with pam on ssh from radius server on
For different nix system installation of freeradius and pam_radius_auth.so is not so difficult.
for ubuntu
sudo apt-get install freeradius
fo gentoo
emerge freeradius
For the next you will download «PAM Authentication and Accounting module» from:

Or (in ubuntu):

apt-get install libpam-radius-auth

To install it doing
1. make
2. Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so
Next we will tune settings of freeradius:
All of files are store in /etc/raddb in gentoo or /etc/freeradius in ubuntu.

vim clients.conf
client {
secret = passwordko
Hear we will allow to auth on radius with pass passwordko.
vim /etc/pam_radius_auth.conf and /etc/radiusclient/servers    passwordko 1

vim /etc/pam.d/sshd ( comment all lines like auth )

auth       required     pam_radius_auth.so debug

Thats all. Now you can login with passes like on machine by ssh on

Note that logins will be equal on and If you have no login on like equal login on — you cant login.

Anybody know how?? Please tell me on g.link0ln@gmail.com. (languages: Russian/Einglish)