Beginner Question: "Hotspot Login Failed"

Sean Wingert seanw at norris-stevens.com
Thu Sep 9 20:01:10 CEST 2010


Thanks to Alan and Stephen, I am closer to a solution. I realized the scrambled password was due to hotspotlogin.php (I need to study Chillispot more), so for now I commented out its uamsecret line, which -- although it still fails on the 123 account -- provides different output in debugging mode:


rad_recv: Access-Request packet from host 192.168.0.72 port 2116, id=0, length=209
        User-Name = "123"
        CHAP-Challenge = 0x176af9b56c5cd047480bbaa4e88b04fd
        CHAP-Password = 0x00a6498cb1313e02eb187f93dc05302b50
        NAS-IP-Address = 0.0.0.0
        Service-Type = Login-User
        Framed-IP-Address = 192.168.182.3
        Calling-Station-Id = "C4-17-FE-1C-5C-9D"
        Called-Station-Id = "00-24-A5-6F-81-0A"
        NAS-Identifier = "1"
        Acct-Session-Id = "4c892dd400000000"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 0
        Message-Authenticator = 0x5a8e0072ed810540ab6baf61b668b2bd
        WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
+- entering group authorize
++[preprocess] returns ok
  rlm_chap: Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "123", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
        expand: %{User-Name} -> 123
rlm_sql (sql): sql_set_user escaped user --> '123'
rlm_sql (sql): Reserving sql socket id: 4
        expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '123'           ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '123'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '123'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "CHAP"
+- entering group CHAP
  rlm_chap: login attempt by "123" with CHAP password
  rlm_chap: Using clear text password "123" for user 123 authentication.
  rlm_chap: Password check failed
++[chap] returns reject
auth: Failed to validate the user.
Login incorrect (rlm_chap: Wrong user password): [123/<CHAP-Password>] (from client Subnet port 0 cli C4-17-FE-1C-5C-9D)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> 123
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 10 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 10
Sending Access-Reject of id 0 to 192.168.0.72 port 2116
Waking up in 4.9 seconds.
Cleaning up request 10 ID 0 with timestamp +3707
Ready to process requests.

This message is intended only for the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law.  If you are not the intended recipient, or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited, and you are requested to return the original message to the sender.




More information about the Freeradius-Users mailing list