I tried with Android device and it use CHAP authentication as Apple devices. OK, here is the complete log....thanks a lot!!! rad_recv: Accounting-Request packet from host 127.0.0.1 port 3799, id=74, length=172 Acct-Status-Type = Interim-Update User-Name = "pagos" Calling-Station-Id = "00-0C-E7-12-71-BF" Called-Station-Id = "00-15-5D-01-32-04" NAS-Port-Type = Wireless-802.11 NAS-Port = 6 NAS-Port-Id = "00000006" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.1.16 Acct-Session-Id = "520b975800000006" Acct-Input-Octets = 33494 Acct-Output-Octets = 42669 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 181 Acct-Output-Packets = 165 Acct-Session-Time = 491 +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 6,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "520b975800000006",User-Name = "pagos"' [acct_unique] Acct-Unique-Session-ID = "a14e1d0a24db831a". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "pagos", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting {...} expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/detail-20130814 [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/detail-20130814 expand: %t -> Wed Aug 14 11:51:11 2013 ++[detail] returns ok ++[unix] returns noop expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp expand: %{User-Name} -> pagos ++[radutmp] returns ok expand: /var/log/freeradius/sradutmp -> /var/log/freeradius/sradutmp expand: %{User-Name} -> pagos ++[sradutmp] returns ok expand: %{User-Name} -> pagos [sql] sql_set_user escaped user --> 'pagos' expand: %{Acct-Input-Gigawords} -> 0 expand: %{Acct-Input-Octets} -> 33494 expand: %{Acct-Output-Gigawords} -> 0 expand: %{Acct-Output-Octets} -> 42669 expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '192.168.1.16', acctsessiontime = '491', acctinputoctets = '0' << 32 | '33494', acctoutputoctets = '0' << 32 | '42669' WHERE acctsessionid = '520b975800000006' AND username = 'pagos' AND nasipaddress = '0.0.0.0' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok expand: %{User-Name} -> pagos attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 74 to 127.0.0.1 port 3799 Finished request 0. Cleaning up request 0 ID 74 with timestamp +47 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 47716, id=0, length=213 User-Name = "pagos" CHAP-Challenge = 0x102ce36fe571e8dd135b7aacbbfaedba CHAP-Password = 0x0027261c4744170b60d7ceb2e02b12a62b NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.1.17 Calling-Station-Id = "F0-CB-A1-A5-56-71" Called-Station-Id = "00-15-5D-01-32-04" NAS-Identifier = "nas01" Acct-Session-Id = "520b996100000002" NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Message-Authenticator = 0x1fceb0d21eb5534aa4d358b82c239c28 WISPr-Logoff-URL = "http://192.168.1.1:3990/logoff" +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "pagos", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> pagos [sql] sql_set_user escaped user --> 'pagos' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'pagos' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'pagos' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'pagos' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[max_all_mb] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] returns noop [expiration] Checking Expiration time: 'October 26 2021 24:00:00' ++[expiration] returns ok ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "pagos" with CHAP password [chap] Using clear text password "pagos" for user pagos authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> pagos attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 0 to 127.0.0.1 port 47716 Waking up in 4.9 seconds. Cleaning up request 1 ID 0 with timestamp +66 Ready to process requests. THANKS A LOT 2013/8/14 Alan DeKok <aland@deployingradius.com>:
Roberto Carna wrote:
Dear, the debug is this:
[chap] Login attempt by "pepe" with CHAP password [chap] Using clear text password "1234" for user pepe authentication [chap] Password check failed ++[chap] Returns reject Failed to authenticate the user
THe password is 1234 and I try many times...
Are you sure that's from an Apple device? They don't do CHAP for WiFi authentication.
Any idea ??? Because from other Windos and Android devices the authentication works OK.
Post the FULL debug log. Honestly. That's why we ask for it.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html