Re: RADIUS Module Issue

[Nick Couchman <vn...@apache.org>]

>
> In the JDBC -> RADIUS case where it's not working as expected, what
> exceptions are thrown during the authentication process? It might help
> to step through the auth process with a debugger to see what throws
> what and when.
>
>
I've pasted the contents of the log file from the authentication failure,
in DEBUG mode:

https://pastebin.com/KjrVKh4U

The interesting line is:

18:21:18.272 [http-nio-8080-exec-22] WARN
 o.a.g.r.auth.AuthenticationService - Authentication attempt from
[172.25.240.41, 0:0:0:0:0:0:0:1] for user "andy.taylor@mayberry.gov" failed.

Doing some more digging, it's something about the challenge/response that
is failing, here.  I'm using LinOTP with RADIUS to do 2FA for this testing,
and, when you use that, you have two options for how to authenticate with
the PIN + OTP:
1) Enter PIN and submit, get prompted for OTP
2) Enter PIN and OTP at the same time, and both factors will be checked
concurrently.

If I do option 2, it works correctly - passes through JDBC and on to
RADIUS, and authentication succeeds.  If I do option 1, where I'm supposed
to be prompted by Guacamole for the second factor, this seems to be where
it fails.

So, my guess at this point is it has something to do with the logic in the
RADIUS module that handles the checks between initial authentication and
the challenge/response, and that one of those steps isn't working correctly
when another module precedes it.

-Nick