PHP Classes

File: raspberry/how-to-build-a-raspberry-strong-authentication-server.txt

Recommend this page to a friend!
  Classes of André Liechti   multiOTP PHP class   raspberry/how-to-build-a-raspberry-strong-authentication-server.txt   Download  
File: raspberry/how-to-build-a-raspberry-strong-authentication-server.txt
Role: Documentation
Content type: text/plain
Description: Documentation
Class: multiOTP PHP class
Authenticate and manage OTP strong user tokens
Author: By
Last change: New release 5.9.5.5
ENH: LDAP filter can be customized using SetLdapFilter() method ({cn_identifier}, {username}, and {groups_filtering} placeholders are supported)
ENH: Full PHP 8.x support (tested with 8.2.1 and 8.1.14), with backward compatibility support (7.x, >=5.4.x)
ENH: Enhanced AD/LDAP paging support
ENH: Embedded Windows nginx edition updated to version 1.22.1
ENH: Embedded Windows PHP edition updated to version 8.2.0
ENH: PHP 8.2.x deprecated code cleaned (nullable trim, dynamic properties, PostgreSQL command without connection argument)
ENH: Enhanced sms library (MultiotpSms), new eCall API implementation, new ASPSMS API implementation
ENH: Better MySQL error handling
ENH: Better PostgreSQL error handling
New release 5.9.5.1
New release 5.9.5.0
ENH: It's now possible to define a special AD/LDAP group to attribute "Without2FA" token to specific users
ENH: Default username and password are not displayed anymore if default password has been changed
Enhanced multiOTP Credential Provider support
New release 5.9.3.1
FIX: Better special characters support in username and password
ENH: The locked accounts list now also list the temporary delayed accounts
ENH: Accounts with Without2FA tokens can now also be stored in cache
New release 5.9.2.1
ENH: Command -iswithout2fa added as a CLI option (to check if a token is needed)
ENH: Enhanced multiOTP Credential Provider
ENH: Additional CLI option -nt-key-only added
New release 5.9.0.3
FIX: Issue with /run/php when a Docker container is restarted
FIX: {MultiOtpVersion} is now correctly replaced in scratchtemplate.html
ENH: {MultiOtpDisplayName} tag (AD/LDAP DisplayName) can be used in templates
FIX: User account containing octal encoded ISO characters are now also converted to UTF
New release 5.9.0.1
FIX: Set specific flags to run Perl scripts from FreeRADIUS
FIX: User account containing special ISO characters are now also converted to UTF
ENH: New Hyper-V and OVA appliances available (version 011, based on Debian 11)
ENH: Scratchlist can be generated from the Web GUI
Date: 6 months ago
Size: 3,526 bytes
 

Contents

Class file image Download 
How to build a Raspberry Pi RADIUS strong two factors authentication server in some easy steps ?
================================================================================================

(c) 2010-2023 SysCo systemes de communication sa
https://www.multiotp.net/

Current build: 5.9.5.5 (2023-01-19)

Supported Raspberry Pi hardware: 1B/1B+/2B/3B/3B+/4B

0) If you want to download a multiOTP Raspberry Pi image ready to use, follow this URL:
   https://download.multiotp.net/raspberry/
   
   Nano-computer name: multiotp
   IP address: 192.168.1.44 (netmask: 255.255.255.0, default gateway: 192.168.1.1)
   Username: pi
   Password: raspberry
   
   You can now flash the SD Card (check point 3) and 4) if needed), put the SD Card
   into the Raspberry Pi and boot it. You can go directly to point 15)
   
1) If you want to use a battery backed up Real Time Clock, install it now in your
   Raspberry Pi, the drivers for these models are included in the package:
     https://afterthoughtsoftware.com/products/rasclock
     http://www.cjemicros.co.uk/micros/products/rpirtc.shtml
     https://www.robotshop.com/ca/en/elecrow-ds3231-high-precision-rtc-clock-module-raspberry-pi-b.html
     https://learningdevelopments.co.nz/products/rtc-clock-module-for-raspberry-pi
   
2) Download the last image of Raspbian Lite to be flashed
   https://downloads.raspberrypi.org/raspios_lite_armhf_latest (currently 2021-03-04-raspios-buster-armhf-lite.zip)

3) Format your SD Card using the SD Card Association’s formatting tool
   https://www.sdcard.org/downloads/formatter/

4) Flash the raw image using the universal Windows/macOS/Linux Etcher from Balena: https://www.balena.io/etcher/
   or Win32DiskImager for Windows: https://sourceforge.net/projects/win32diskimager/files/latest/download
   or the dd UNIX tool
   This should take about 10 minutes.

5) Copy all files from multiotp/raspberry/boot-part to the root of the SD Card
   (it could overwrite some files like config.txt, were we have already enabled the I2C)

6) When copy is done, eject the SD Card

7) Connect the Raspberry Pi to the local network

8) Put the SD card into the Raspberry Pi and boot it

9) Login directly on your Raspberry Pi, or using SSH, with the default username "pi" and the password "raspberry"

10) Launch the initial configuration by typing sudo raspi-config

11) Choose the following options
    1) Change User Password
    2) Network options
       N1) N1 Hostname (change the hostname to your favorite name, for example "multiotp")
    4) Localization Options (if needed)
    7) Advanced Options
       A1) Expand Filesystem

12) Select Finish and answer "<Yes>" to reboot, or type "sudo reboot"

13) Login again directly (after about 30 seconds) on your Raspberry Pi, or using SSH, with the default username "pi" and your new password

14) Type "sudo /boot/install.sh"
    Everything is done automatically (it will take about 35 minutes) and the Raspberry Pi will reboot automatically at the end

15) The fixed IP address is set to 192.168.1.44, with a default gateway at 192.168.1.1
    To adapt the network configuration, edit the file /etc/network/interfaces

16) Congratulations! You have now an open source and fully OATH compliant
    strong two factors authentication server!
    Surf on http(s)://192.168.1.44 to use the basic interface (admin / 1234)

17) The default radius secret is set to myfirstpass for the subnet 192.168.0.0/16.
    To adapt the freeradius configuration, edit the file /etc/freeradius/clients.conf.