My problem: user supplied CHAP-Password does NOT match local User-Password
Hello, everybody I've setup FreeRadius based on MySQL in Debian system. The system passed local test, but failed with remote user login request from a Coovachilli portal. It really confused me, because I always get following log message in FreeRadius debug mode: auth: user supplied CHAP-Password does NOT match local User-Password I am SURE I input correct password. I wonder if anybody can kindly give me any hints to resolve this issue. Here are details about: OS: Debian version 4.0 r5 FreeRadius: 1.1.3 (this is the newest stable version I can apt-get for Debian) MySQL server and client 5.0 CoovaChilli: CoovaAP 1.0 beta7d (this is firmware for Linksys box with CoovaChilli integrated) This is item in radcheck table: +----+------------+---------------+----+------------+ | id | UserName | Attribute | op | Value | +----+------------+---------------+----+------------+ | 9 | chillispot | User-Password | := | chillispot | And, this is message I have in FreeRadius log: --------------------------------------------------- rad_recv: Access-Request packet from host 192.168.0.130:2085, id=69, length=301 ChilliSpot-Version = "1.0.11" User-Name = "chillispot" CHAP-Challenge = 0x51239bfb2d63ea383f908d3f255915cb CHAP-Password = 0x00edbc2df1249e7552bdf39f05fa465234 NAS-IP-Address = 192.168.0.130 Service-Type = Login-User Framed-IP-Address = 10.1.0.2 Calling-Station-Id = "00-14-A5-62-AB-2B" Called-Station-Id = "00-18-39-C6-0D-C0" NAS-Identifier = "00-18-39-C6-0D-C0" Acct-Session-Id = "491058fb00000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Coova" WISPr-Location-Name = "My_HotSpot" WISPr-Logoff-URL = "http://10.1.0.1:3660/logoff" Message-Authenticator = 0x103de768642d50fd1afaacaa5780a226 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 modcall[authorize]: module "preprocess" returns ok for request 12 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 12 modcall[authorize]: module "mschap" returns noop for request 12 rlm_realm: No '@' in User-Name = "chillispot", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 12 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 12 radius_xlat: 'chillispot' rlm_sql (sql): sql_set_user escaped user --> 'chillispot' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'chillispot' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'chillispot' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'chillispot' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'chillispot' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 12 modcall: leaving group authorize (returns ok) for request 12 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied CHAP-Password does NOT match local User-Password auth: Failed to validate the user. ------------------------------------------------- Thanks in advantage! Steven Yang
participants (2)
-
Alan DeKok -
Zhifeng Yang