Hi, I'm trying to connect my hotspot to freeradius with the mysql. With the old version(1.1.7) works good! Now I installed newer version and I copied the same configurations in new files (radius.con, site-enabled/default, sql.conf, client.conf ); but don't works!! Looks the debugging (freeradius -XXX), I believe that the problem is this:
Fri Mar 5 17:05:48 2010 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[pap] returns noop Fri Mar 5 17:05:48 2010 : Debug: rad_check_password: Found Auth-Type CHAP Fri Mar 5 17:05:48 2010 : Debug: auth: type "CHAP" Fri Mar 5 17:05:48 2010 : Debug: +- entering group CHAP Fri Mar 5 17:05:48 2010 : Debug: modsingle[authenticate]: calling chap (rlm_chap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: rlm_chap: login attempt by "user" with CHAP password Fri Mar 5 17:05:48 2010 : Debug: rlm_chap: Cleartext-Password is required for authentication Fri Mar 5 17:05:48 2010 : Debug: modsingle[authenticate]: returned from chap (rlm_chap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[chap] returns invalid Fri Mar 5 17:05:48 2010 : Debug: auth: Failed to validate the user. Fri Mar 5 17:05:48 2010 : Auth: Login incorrect (rlm_chap: Clear text password not available): [user/<CHAP-Password>] (from client nas port 2154823689 cli 00:25:D3:XX:XX:XX)
How can I fix the problem?? This is all debugging on freeradius -XXX:
Fri Mar 5 17:05:26 2010 : Debug: Listening on authentication address * port 1812 Fri Mar 5 17:05:26 2010 : Debug: Listening on accounting address * port 1813 Fri Mar 5 17:05:26 2010 : Debug: Listening on proxy address * port 1814 Fri Mar 5 17:05:26 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.100 port 60079, id=20, length=198 NAS-Port-Type = Ethernet Calling-Station-Id = "00:25:D3:XX:XX:XX" Called-Station-Id = "hotspot1" NAS-Port-Id = "wlan1" User-Name = "user" NAS-Port = 2154823689 Acct-Session-Id = "80700009" Framed-IP-Address = 10.5.50.251 Mikrotik-Host-IP = 10.5.50.251 CHAP-Challenge = 0xc9da34f1dc7f357d5c51772d9da40e38 CHAP-Password = 0xa1c879f954b7bd431d878d20b8fcef94ef Service-Type = Login-User WISPr-Logoff-URL = "http://10.5.50.1/logout" NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.1.100 Fri Mar 5 17:05:48 2010 : Debug: +- entering group authorize Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[preprocess] returns ok Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: rlm_chap: Setting 'Auth-Type := CHAP' Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[chap] returns ok Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[mschap] returns noop Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Mar 5 17:05:48 2010 : Debug: rlm_realm: No '@' in User-Name = "user", looking up realm NULL Fri Mar 5 17:05:48 2010 : Debug: rlm_realm: No such realm "NULL" Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[suffix] returns noop Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[eap] returns noop Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling unix (rlm_unix) for request 0 Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from unix (rlm_unix) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[unix] returns notfound Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[files] returns noop Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling expiration (rlm_expiration) for request 0 Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from expiration (rlm_expiration) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[expiration] returns noop Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling logintime (rlm_logintime) for request 0 Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from logintime (rlm_logintime) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[logintime] returns noop Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Mar 5 17:05:48 2010 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[pap] returns noop Fri Mar 5 17:05:48 2010 : Debug: rad_check_password: Found Auth-Type CHAP Fri Mar 5 17:05:48 2010 : Debug: auth: type "CHAP" Fri Mar 5 17:05:48 2010 : Debug: +- entering group CHAP Fri Mar 5 17:05:48 2010 : Debug: modsingle[authenticate]: calling chap (rlm_chap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: rlm_chap: login attempt by "user" with CHAP password Fri Mar 5 17:05:48 2010 : Debug: rlm_chap: Cleartext-Password is required for authentication Fri Mar 5 17:05:48 2010 : Debug: modsingle[authenticate]: returned from chap (rlm_chap) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[chap] returns invalid Fri Mar 5 17:05:48 2010 : Debug: auth: Failed to validate the user. Fri Mar 5 17:05:48 2010 : Auth: Login incorrect (rlm_chap: Clear text password not available): [user/<CHAP-Password>] (from client nas port 2154823689 cli 00:25:D3:XX:XX:XX) Fri Mar 5 17:05:48 2010 : Debug: Found Post-Auth-Type Reject Fri Mar 5 17:05:48 2010 : Debug: +- entering group REJECT Fri Mar 5 17:05:48 2010 : Debug: modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 0 Fri Mar 5 17:05:48 2010 : Debug: expand: %{User-Name} -> user Fri Mar 5 17:05:48 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Fri Mar 5 17:05:48 2010 : Debug: modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 0 Fri Mar 5 17:05:48 2010 : Debug: ++[attr_filter.access_reject] returns updated Fri Mar 5 17:05:48 2010 : Debug: Delaying reject of request 0 for 1 seconds Fri Mar 5 17:05:48 2010 : Debug: Going to the next request Fri Mar 5 17:05:48 2010 : Debug: Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.1.100 port 60079, id=20, length=198 Fri Mar 5 17:05:49 2010 : Debug: Waiting to send Access-Reject to client nas port 60079 - ID: 20 Fri Mar 5 17:05:49 2010 : Debug: Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 192.168.1.100 port 60079, id=20, length=198 Fri Mar 5 17:05:49 2010 : Debug: Waiting to send Access-Reject to client nas port 60079 - ID: 20 Fri Mar 5 17:05:49 2010 : Debug: Waking up in 0.3 seconds. Fri Mar 5 17:05:49 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 20 to 192.168.1.100 port 60079 Fri Mar 5 17:05:49 2010 : Debug: Waking up in 4.9 seconds. Fri Mar 5 17:05:54 2010 : Debug: Cleaning up request 0 ID 20 with timestamp +22 Fri Mar 5 17:05:54 2010 : Debug: Ready to process requests.
Thanks a lot!! Bye Tokie
On 03/05/2010 01:18 PM, Tokie wrote:
Hi, I'm trying to connect my hotspot to freeradius with the mysql. With the old version(1.1.7) works good! Now I installed newer version and I copied the same configurations in new files (radius.con, site-enabled/default, sql.conf, client.conf ); but don't works!!
Version 1.x and 2.x are *not* configuration compatible. This fact is documented. The recommended procedure when upgrading to 2.x from 1.x is to start with the vanilla unmodified configuration. Read all the documentation in the config area (e.g. /etc/raddb) and *incrementally* modify your configuration to tailor it to your needs based on the 2.x configuration methodology. It will be immensely helpful to you if you place your 2.x configuration files under source code control (starting the the *unmodified* versions), then start "tweaking" saving your state in your source code repository with each successful test and modification. Then when things break you can roll back your configuration to a known state and not play the guessing game of "what did I change that broke it?" -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/
hi, do not just dump 1.1.x config onto any 2.x system - simply take the 2.x and then edit the config to get what you require. looks like you are forced the authentication type in the SQL tables to be CAHP. dont do that. alan
Hi, I did it!! I edited the many config file with the my old configuration(not replaced!!)
looks like you are forced the authentication type in the SQL tables to be CAHP. dont do that.
How can I do?? Why should not I do that?? Tks Il 05/03/2010 20.05, Alan Buxey ha scritto:
hi,
do not just dump 1.1.x config onto any 2.x system - simply take the 2.x and then edit the config to get what you require.
looks like you are forced the authentication type in the SQL tables to be CAHP. dont do that.
alan
__________ Informazioni da ESET NOD32 Antivirus, versione del database delle firme digitali 4918 (20100305) __________
Il messaggio è stato controllato da ESET NOD32 Antivirus.
www.nod32.it
participants (3)
-
Alan Buxey -
John Dennis -
Tokie