<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:10pt"><div class="" style="">Hi,</div><div class="" style=""><br class="" style=""></div><div style="color: rgb(0, 0, 0); font-size: 13.63636302947998px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;" class="">I am getting intermittent access-reject response from free-radius even though password was correct. User have to try again and this time user is allowed. Following are the debug logs for one such transaction -</div><div style="color: rgb(0, 0, 0); font-size: 13.63636302947998px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;" class=""><br class="" style=""></div><div style="background-color:
 transparent;" class="">rad_recv: Access-Request packet from host 122.176.209.171 port 23328, id=41, length=321</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">   </span>ChilliSpot-Version = "1.3.0"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre"> </span>User-Name = "aqua"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">   </span>CHAP-Challenge = 0x86b6482ac2204b1801b4705ca5d43722</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">    </span>CHAP-Password = 0x00662b9af994945519294eb931419a5e21</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">   </span>Service-Type = Login-User</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">      </span>Acct-Session-Id = "5380389300000002"</div><div
 style="background-color: transparent;" class=""><span class="" style="white-space:pre">       </span>Framed-IP-Address = 192.168.182.3</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">      </span>NAS-Port-Type = Wireless-802.11</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>NAS-Port = 2</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">   </span>NAS-Port-Id = "00000002"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">     </span>Calling-Station-Id = "60-FA-CD-D1-45-CE"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">     </span>Called-Station-Id = "C8-D3-A3-6C-F2-53"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">      </span>NAS-IP-Address = 192.168.182.1</div><div
 style="background-color: transparent;" class=""><span class="" style="white-space:pre">       </span>NAS-Identifier = "moka_ug"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">   </span>WISPr-Location-ID = "isocc=,cc=,ac=,network=xxxxxxx"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre"> </span>WISPr-Location-Name = "xxxx"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre"> </span>WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>Message-Authenticator = 0xe8d077bea1e4565958097834c2143975</div><div style="background-color: transparent;" class=""># Executing section authorize from file /etc/raddb/sites-enabled/default</div><div style="background-color: transparent;" class="">+- entering group authorize
 {...}</div><div style="background-color: transparent;" class="">++[preprocess] returns ok</div><div style="background-color: transparent;" class="">[chap] Setting 'Auth-Type := CHAP'</div><div style="background-color: transparent;" class="">++[chap] returns ok</div><div style="background-color: transparent;" class="">++[mschap] returns noop</div><div style="background-color: transparent;" class="">++[digest] returns noop</div><div style="background-color: transparent;" class="">[suffix] No '@' in User-Name = "aqua", looking up realm NULL</div><div style="background-color: transparent;" class="">[suffix] No such realm "NULL"</div><div style="background-color: transparent;" class="">++[suffix] returns noop</div><div style="background-color: transparent;" class="">[eap] No EAP-Message, not doing EAP</div><div style="background-color: transparent;" class="">++[eap] returns noop</div><div style="background-color: transparent;" class="">++[files] returns
 noop</div><div style="background-color: transparent;" class="">[sql] <span class="" style="white-space:pre"> </span>expand: %{User-Name} -> aqua</div><div style="background-color: transparent;" class="">[sql] sql_set_user escaped user --> 'aqua'</div><div style="background-color: transparent;" class="">rlm_sql (sql): Reserving sql socket id: 1</div><div style="background-color: transparent;" class="">[sql] <span class="" style="white-space:pre">      </span>expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'aqua'           ORDER BY id</div><div style="background-color: transparent;" class="">[sql] User found in
 radcheck table</div><div style="background-color: transparent;" class="">[sql] <span class="" style="white-space:pre">       </span>expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'aqua'           ORDER BY id</div><div style="background-color: transparent;" class="">[sql] <span class="" style="white-space:pre">      </span>expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup        
   WHERE username = 'aqua'           ORDER BY priority</div><div style="background-color: transparent;" class="">[sql] <span class="" style="white-space:pre">  </span>expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'gartino_ug'           ORDER BY id</div><div style="background-color: transparent;" class="">[sql] User found in group gartino_ug</div><div style="background-color: transparent;" class="">[sql] <span class="" style="white-space:pre"> </span>expand: SELECT id, groupname, attribute,    
       value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'gartino_ug'           ORDER BY id</div><div style="background-color: transparent;" class="">rlm_sql (sql): Released sql socket id: 1</div><div style="background-color: transparent;" class="">++[sql] returns ok</div><div style="background-color: transparent;" class="">++[expiration] returns noop</div><div style="background-color: transparent;" class="">++[logintime] returns noop</div><div style="background-color: transparent;" class="">[pap] WARNING: Auth-Type already set.  Not setting to PAP</div><div style="background-color: transparent;"
 class="">++[pap] returns noop</div><div style="background-color: transparent;" class="">Found Auth-Type = CHAP</div><div style="background-color: transparent;" class=""># Executing group from file /etc/raddb/sites-enabled/default</div><div style="background-color: transparent;" class="">+- entering group CHAP {...}</div><div style="background-color: transparent;" class="">[chap] login attempt by "aqua" with CHAP password</div><div style="background-color: transparent;" class="">[chap] Using clear text password "mango" for user aqua authentication.</div><div style="background-color: transparent;" class="">[chap] Password check failed</div><div style="background-color: transparent;" class="">++[chap] returns reject</div><div style="background-color: transparent;" class="">Failed to authenticate the user.</div><div style="background-color: transparent;" class="">Using Post-Auth-Type Reject</div><div style="background-color: transparent;" class="">#
 Executing group from file /etc/raddb/sites-enabled/default</div><div style="background-color: transparent;" class="">+- entering group REJECT {...}</div><div style="background-color: transparent;" class="">[attr_filter.access_reject] <span class="" style="white-space:pre">    </span>expand: %{User-Name} -> aqua</div><div style="background-color: transparent;" class="">attr_filter: Matched entry DEFAULT at line 11</div><div style="background-color: transparent;" class="">++[attr_filter.access_reject] returns updated</div><div style="background-color: transparent;" class="">Delaying reject of request 3601 for 1 seconds</div><div style="background-color: transparent;" class="">Going to the next request</div><div style="background-color: transparent;" class="">Waking up in 0.9 seconds.</div><div style="background-color: transparent;" class=""><br></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13.63636302947998px;
 font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;" class=""><br></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13.63636302947998px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;" class=""><br></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13.63636302947998px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;" class=""><br></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13.63636302947998px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;" class="">Can someone please help me understand what's going wrong? I am using coovachilli as a capative portal solution which automatically send these packets to
 radius server for AAA.</div><div style="color: rgb(0, 0, 0); font-size: 13.63636302947998px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;" class=""><br class="" style=""></div></div></body></html>