Hi, I have a Linux(Ubuntu) NMS server and I want it to be authenticated Via Freeradius. So If I log into that NMS server it should send requests for authentication to FreeRadius serve. Also, can a windows XP machine be authenticated through Freeradius? I mean not the telnet/SSH login but somethign like RDP or VNC as well. BR, Raheel
Date: Fri, 13 May 2011 20:42:03 -0700 From: richard.adams@stentofon.com.au To: freeradius-users@lists.freeradius.org Subject: Authentication issues from Apple devices
Hello. I have configured a Wireless Hotspot using the EasyHotSpot system, that uses FreeRadius for authentication.
I am having problems only when Apple devices (iphone, ipad, macbooks) attempt to connect to the hotspot.
This is confusing, as all other devices and software (Winxp, Vista, 7, Symbian, Blackberry, Android etc) authenticate perfectly.
As a test case, and while running debugging, I attempted to connect with my Blackberry and an Iphone using the same username and password. I have attached the results. As you will see, using the same username and password, the blackberry authenticates while the iphone fails. I cannot see any reason for this in the log. Can anyone please assist?
Failed log:
Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 60277, id=0, length=216 User-Name = "sandra" CHAP-Challenge = 0x0571777ec7661c411af641e8952291b9 CHAP-Password = 0x00120c16a8ff125a7a348459a0f40a86a9 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.10 Calling-Station-Id = "DC-2B-61-9C-92-E6" Called-Station-Id = "00-0D-56-9C-AC-F6" NAS-Identifier = "nas01" Acct-Session-Id = "4dcde5a500000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x35f8e8bc299636c4cd468b533de65f78 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "sandra", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> sandra [sql] sql_set_user escaped user --> 'sandra' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sandra' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sandra' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'sandra' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[max_all_mb] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] returns noop [expiration] Checking Expiration time: 'September 11 2011 24:00:00' ++[expiration] returns ok ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "sandra" with CHAP password [chap] Using clear text password "sandra" for user sandra authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> sandra attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 0 to 127.0.0.1 port 60277 Waking up in 4.9 seconds. Cleaning up request 0 ID 0 with timestamp +36 Ready to process requests.
Sucessful Log:
rad_recv: Access-Request packet from host 127.0.0.1 port 44107, id=0, length=216 User-Name = "sandra" CHAP-Challenge = 0x97824e8524637118ae2cf716a0362b97 CHAP-Password = 0x00f729a50979c25ef7d9d9e5e4cc1b2907 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.8 Calling-Station-Id = "CC-55-AD-93-77-E6" Called-Station-Id = "00-0D-56-9C-AC-F6" NAS-Identifier = "nas01" Acct-Session-Id = "4dcde8c300000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Message-Authenticator = 0xf30387317dabf479ce7642e776e0295e WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "sandra", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> sandra [sql] sql_set_user escaped user --> 'sandra' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sandra' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sandra' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'sandra' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[max_all_mb] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] returns noop [expiration] Checking Expiration time: 'September 11 2011 24:00:00' ++[expiration] returns ok ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "sandra" with CHAP password [chap] Using clear text password "sandra" for user sandra authentication. [chap] chap user sandra authenticated succesfully ++[chap] returns ok +- entering group session {...} expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp expand: %{User-Name} -> sandra ++[radutmp] returns ok +- entering group post-auth {...} expand: %{User-Name} -> sandra [sql] sql_set_user escaped user --> 'sandra' expand: %{User-Password} -> expand: %{Chap-Password} -> 0x00f729a50979c25ef7d9d9e5e4cc1b2907 expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'sandra', '0x00f729a50979c25ef7d9d9e5e4cc1b2907', 'Access-Accept', '2011-05-14 12:28:43') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'sandra', '0x00f729a50979c25ef7d9d9e5e4cc1b2907', 'Access-Accept', '2011-05-14 12:28:43') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 0 to 127.0.0.1 port 44107 WISPr-Bandwidth-Max-Down := 256000 Idle-Timeout := 600 WISPr-Session-Terminate-Time := "2011-9-11T24:00:00" Acct-Interim-Interval := 120 Session-Timeout = 10409477 Finished request 1.
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Authentication-issues-from-Apple-dev... Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html