Thanks again, Alan. Sorry, not selectively. I do not understand how to proceed. What does "your configuration" refer to specifically? (users, radcheck, *.conf, chillispot?) I grepped all the config files for "known" and none appeared to be insightful (to my newbie understanding of radius). Also, that message may be a red herring anyway (thoughts?), since I just corrected a mistake in the "UAM Allowed" field in Chillispot by including the Nas gateway's IP address (I had previously left it blank in ignorance). That adjustment allowed me to uncomment the $uamsecret in hotspotlogin.php and authenticate with various accounts/methods, such as the 123 (User-Password), entries in the users file, and the "PIN" (Daloradius) password (radcheck for "Auth-Type"). For example: ============================ working (acct 123) debug: ============================ rad_recv: Access-Request packet from host 192.168.0.72 port 2128, id=0, length=190 User-Name = "123" User-Password = "123" NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "C4-17-FE-1C-5C-9D" Called-Station-Id = "00-24-A5-6F-81-0A" NAS-Identifier = "1" Acct-Session-Id = "4c8944db00000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x30fbed83c2eb77085b524bd043b27f45 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "123", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> 123 rlm_sql (sql): sql_set_user escaped user --> '123' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '123' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '123' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '123' ORDER BY priority rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "123" rlm_pap: Using clear text password "123" rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [123/123] (from client Subnet port 0 cli C4-17-FE-1C-5C-9D) +- entering group post-auth rlm_sql (sql): Processing sql_postauth expand: %{User-Name} -> 123 rlm_sql (sql): sql_set_user escaped user --> '123' expand: %{User-Password} -> 123 expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '123', '123', 'Access-Accept', '2010-09-09 11:34:59') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '123', '123', 'Access-Accept', '2010-09-09 11:34:59') rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 0 to 192.168.0.72 port 2128 Finished request 47. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 192.168.0.72 port 2126, id=4, length=124 Acct-Status-Type = Start User-Name = "123" Calling-Station-Id = "C4-17-FE-1C-5C-9D" Called-Station-Id = "00-24-A5-6F-81-0A" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "00000000" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "1" Framed-IP-Address = 192.168.182.2 Acct-Session-Id = "4c8944db00000000" +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 192.168.0.72,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "4c8944db00000000",User-Name = "123"' rlm_acct_unique: Acct-Unique-Session-ID = "acc24399d8fb1504". ++[acct_unique] returns ok rlm_realm: No '@' in User-Name = "123", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.0.72/detail-20100909 rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.72/detail-20100909 expand: %t -> Thu Sep 9 11:34:59 2010 ++[detail] returns ok ++[unix] returns ok expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp expand: %{User-Name} -> 123 ++[radutmp] returns ok expand: %{User-Name} -> 123 rlm_sql (sql): sql_set_user escaped user --> '123' expand: %{Acct-Delay-Time} -> expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}') -> INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('4c8944db00000000', 'acc24399d8fb1504', '123', '', '0.0.0.0', '0', 'Wireless-802.11', '2010-09-09 11:34:59', NULL, '0', '', '', '', '0', '0', '00-24-A5-6F-81-0A', 'C4-17-FE-1C-5C-9D', '', '', '', '192.168.182.2', '0', '0', '') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok expand: %{User-Name} -> 123 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 4 to 192.168.0.72 port 2126 Finished request 48. Cleaning up request 48 ID 4 with timestamp +6565 Going to the next request Waking up in 4.9 seconds. Cleaning up request 47 ID 0 with timestamp +6565 Ready to process requests. Thanks, Sean This message is intended only for the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited, and you are requested to return the original message to the sender.