chilli + freeradius + mysql : Password check failed
Hi all, I have a problem, where I work, I installed a system wifi hotspot (chillispot+freeradius+mysql), all in one machine (debian lenny) for external workers. The problem is that freeradius does not understand the password it receives from chillispot L Fri Nov 27 16:13:30 2009 : Info: [chap] Using clear text password "P1s0S" for user 9799-8798-3665-6561 authentication. Fri Nov 27 16:13:30 2009 : Info: [chap] Password check failed P1s0S is the good passwd !!! This well written in the MySQL . I think that chillispot is using PAP instead of CHAP, I've looked at the code file hotspotlogin.php : --------------------------- hotspotlogin.php ----------------------------------------------------- $response = md5("\0" . $_GET['Password'] . $newchal); $newpwd = pack("a32", $_GET['Password']); $pappassword = implode ("", unpack("H32", ($newpwd ^ $newchal))); ---------------------------- FIN ------------------------------------------------------------------ I don’t now. Thanks J -------- radius –XXX -------------- Fri Nov 27 15:35:29 2009 : Debug: Waking up in 4.9 seconds. Fri Nov 27 15:35:34 2009 : Info: Cleaning up request 12 ID 0 with timestamp +5614 Fri Nov 27 15:35:34 2009 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 192.168.65.99 port 54942, id=0, length=229 User-Name = "9799-8798-3665-6561" CHAP-Challenge = 0x6f2ac78657926dd875b49f0178ce89d7 CHAP-Password = 0x00a2d83146dc31d330e294298fafb575c2 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.4 Calling-Station-Id = "00-1C-BF-D3-88-70" Called-Station-Id = "00-0E-7F-FE-01-F9" NAS-Identifier = "nas01" Acct-Session-Id = "4b0fec8100000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x368ff43e6530b497663e3e8b09be3ea8 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Fri Nov 27 16:13:30 2009 : Info: +- entering group authorize {...} Fri Nov 27 16:13:30 2009 : Info: ++[preprocess] returns ok Fri Nov 27 16:13:30 2009 : Info: [chap] Setting 'Auth-Type := CHAP' Fri Nov 27 16:13:30 2009 : Info: ++[chap] returns ok Fri Nov 27 16:13:30 2009 : Info: ++[mschap] returns noop Fri Nov 27 16:13:30 2009 : Info: [suffix] No '@' in User-Name = "9799-8798-3665-6561", looking up realm NULL Fri Nov 27 16:13:30 2009 : Info: [suffix] No such realm "NULL" Fri Nov 27 16:13:30 2009 : Info: ++[suffix] returns noop Fri Nov 27 16:13:30 2009 : Info: [eap] No EAP-Message, not doing EAP Fri Nov 27 16:13:30 2009 : Info: ++[eap] returns noop Fri Nov 27 16:13:30 2009 : Info: ++[unix] returns notfound Fri Nov 27 16:13:30 2009 : Info: ++[files] returns noop Fri Nov 27 16:13:30 2009 : Info: [sql] expand: %{User-Name} -> 9799-8798-3665-6561 Fri Nov 27 16:13:30 2009 : Info: [sql] sql_set_user escaped user --> '9799-8798-3665-6561' Fri Nov 27 16:13:30 2009 : Debug: rlm_sql (sql): Reserving sql socket id: 2 Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '9799-8798-3665-6561' ORDER BY id Fri Nov 27 16:13:30 2009 : Info: [sql] User found in radcheck table Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '9799-8798-3665-6561' ORDER BY id Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '9799-8798-3665-6561' ORDER BY priority Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '1hora' ORDER BY id Fri Nov 27 16:13:30 2009 : Info: [sql] User found in group 1hora Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '1hora' ORDER BY id Fri Nov 27 16:13:30 2009 : Debug: rlm_sql (sql): Released sql socket id: 2 Fri Nov 27 16:13:30 2009 : Info: ++[sql] returns ok Fri Nov 27 16:13:30 2009 : Info: ++[expiration] returns noop Fri Nov 27 16:13:30 2009 : Info: ++[logintime] returns noop Fri Nov 27 16:13:30 2009 : Info: [pap] Found existing Auth-Type, not changing it. Fri Nov 27 16:13:30 2009 : Info: ++[pap] returns noop Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Entering module authorize code Fri Nov 27 16:13:30 2009 : Debug: sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}'' Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561' Fri Nov 27 16:13:30 2009 : Debug: sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561'}' Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] sql_xlat Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] expand: %{User-Name} -> 9799-8798-3665-6561 Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] sql_set_user escaped user --> '9799-8798-3665-6561' Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561' Fri Nov 27 16:13:30 2009 : Debug: rlm_sql (sql): Reserving sql socket id: 1 Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] row[0] returned NULL Fri Nov 27 16:13:30 2009 : Debug: rlm_sql (sql): Released sql socket id: 1 Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561'} -> Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: No integer found in string "" Fri Nov 27 16:13:30 2009 : Info: ++[noresetcounter] returns noop Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Entering module authorize code Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair Fri Nov 27 16:13:30 2009 : Info: ++[dailycounter] returns noop Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Entering module authorize code Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair Fri Nov 27 16:13:30 2009 : Info: ++[monthlycounter] returns noop Fri Nov 27 16:13:30 2009 : Info: Found Auth-Type = CHAP Fri Nov 27 16:13:30 2009 : Info: +- entering group CHAP {...} Fri Nov 27 16:13:30 2009 : Info: [chap] login attempt by "9799-8798-3665-6561" with CHAP password Fri Nov 27 16:13:30 2009 : Info: [chap] Using clear text password "P1s0S" for user 9799-8798-3665-6561 authentication. Fri Nov 27 16:13:30 2009 : Info: [chap] Password check failed Fri Nov 27 16:13:30 2009 : Info: ++[chap] returns reject Fri Nov 27 16:13:30 2009 : Info: Failed to authenticate the user. Fri Nov 27 16:13:30 2009 : Info: Using Post-Auth-Type Reject Fri Nov 27 16:13:30 2009 : Info: +- entering group REJECT {...} Fri Nov 27 16:13:30 2009 : Info: [attr_filter.access_reject] expand: %{User-Name} -> 9799-8798-3665-6561 Fri Nov 27 16:13:30 2009 : Debug: attr_filter: Matched entry DEFAULT at line 11 Fri Nov 27 16:13:30 2009 : Info: ++[attr_filter.access_reject] returns updated Fri Nov 27 16:13:30 2009 : Info: Delaying reject of request 13 for 1 seconds Fri Nov 27 16:13:30 2009 : Debug: Going to the next request Fri Nov 27 16:13:30 2009 : Debug: Waking up in 0.9 seconds. Fri Nov 27 16:13:31 2009 : Info: Sending delayed reject for request 13 Sending Access-Reject of id 0 to 192.168.65.99 port 54942 Fri Nov 27 16:13:31 2009 : Debug: Waking up in 4.9 seconds. Fri Nov 27 16:13:36 2009 : Info: Cleaning up request 13 ID 0 with timestamp +7896 Fri Nov 27 16:13:36 2009 : Debug: Ready to process requests. ------------------------------ FIN ------------------------------------------------------------------- _________________________________________________________________ Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soc...
I have a problem, where I work, I installed a system wifi hotspot (chillispot+freeradius+mysql), all in one machine (debian lenny) for external workers. The problem is that freeradius does not understand the password it receives from chillispot L
P1s0S is the good passwd !!! This well written in the MySQL .
Is it well written oon the login page? Try simpler password (something like 12345 - that will work even with CAPS LOCK on). If it still fails take it up with chillispot people.
I think that chillispot is using PAP instead of CHAP, I've looked at the code file hotspotlogin.php :
It's not:
rad_recv: Access-Request packet from host 192.168.65.99 port 54942, id=0, length=229 User-Name = "9799-8798-3665-6561" CHAP-Challenge = 0x6f2ac78657926dd875b49f0178ce89d7 CHAP-Password = 0x00a2d83146dc31d330e294298fafb575c2
Ivan Kalik
are you using Crypted password in the database? you have to use clear passwords in the database to successful login through chillispot and freeradius. Regards tnt@kalik.net wrote:
I have a problem, where I work, I installed a system wifi hotspot (chillispot+freeradius+mysql), all in one machine (debian lenny) for external workers. The problem is that freeradius does not understand the password it receives from chillispot L
P1s0S is the good passwd !!! This well written in the MySQL .
Is it well written oon the login page? Try simpler password (something like 12345 - that will work even with CAPS LOCK on). If it still fails take it up with chillispot people.
I think that chillispot is using PAP instead of CHAP, I've looked at the code file hotspotlogin.php :
It's not:
rad_recv: Access-Request packet from host 192.168.65.99 port 54942, id=0, length=229 User-Name = "9799-8798-3665-6561" CHAP-Challenge = 0x6f2ac78657926dd875b49f0178ce89d7 CHAP-Password = 0x00a2d83146dc31d330e294298fafb575c2
Ivan Kalik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Whats the version of freeradius are you using? ----- Original Message ----- From: José Adiel Blandón Rivera To: FreeRadius users mailing list Sent: Friday, November 27, 2009 5:37 PM Subject: Re: chilli + freeradius + mysql : Password check failed are you using Crypted password in the database? you have to use clear passwords in the database to successful login through chillispot and freeradius. Regards tnt@kalik.net wrote: I have a problem, where I work, I installed a system wifi hotspot (chillispot+freeradius+mysql), all in one machine (debian lenny) for external workers. The problem is that freeradius does not understand the password it receives from chillispot L P1s0S is the good passwd !!! This well written in the MySQL . Is it well written oon the login page? Try simpler password (something like 12345 - that will work even with CAPS LOCK on). If it still fails take it up with chillispot people. I think that chillispot is using PAP instead of CHAP, I've looked at the code file hotspotlogin.php : It's not: rad_recv: Access-Request packet from host 192.168.65.99 port 54942, id=0, length=229 User-Name = "9799-8798-3665-6561" CHAP-Challenge = 0x6f2ac78657926dd875b49f0178ce89d7 CHAP-Password = 0x00a2d83146dc31d330e294298fafb575c2 Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ------------------------------------------------------------------------------ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all, Forgive me for not answering but weekends I do not work J
tnt@kalik.net>Is it well written oon the login page? Try simpler password (something>like 12345 - that will work even with CAPS LOCK on). If it still fails>take it up with chillispot people.
I have tried with 1234 : --------------------------------- INICIO --------------------------------------------------- Mon Nov 30 10:45:56 2009 : Debug: rlm_sql (sql): Released sql socket id: 4 Mon Nov 30 10:45:56 2009 : Info: ++[sql] returns ok Mon Nov 30 10:45:56 2009 : Info: ++[expiration] returns noop Mon Nov 30 10:45:56 2009 : Info: ++[logintime] returns noop Mon Nov 30 10:45:56 2009 : Info: [pap] Found existing Auth-Type, not changing it. Mon Nov 30 10:45:56 2009 : Info: ++[pap] returns noop Mon Nov 30 10:45:56 2009 : Debug: rlm_sqlcounter: Entering module authorize code Mon Nov 30 10:45:56 2009 : Debug: sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}'' Mon Nov 30 10:45:56 2009 : Info: [noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561' Mon Nov 30 10:45:56 2009 : Debug: sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561'}' Mon Nov 30 10:45:56 2009 : Info: [noresetcounter] sql_xlat Mon Nov 30 10:45:56 2009 : Info: [noresetcounter] expand: %{User-Name} -> 9799-8798-3665-6561 Mon Nov 30 10:45:56 2009 : Info: [noresetcounter] sql_set_user escaped user --> '9799-8798-3665-6561' Mon Nov 30 10:45:56 2009 : Info: [noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561' Mon Nov 30 10:45:56 2009 : Debug: rlm_sql (sql): Reserving sql socket id: 3 Mon Nov 30 10:45:56 2009 : Info: [noresetcounter] row[0] returned NULL Mon Nov 30 10:45:56 2009 : Debug: rlm_sql (sql): Released sql socket id: 3 Mon Nov 30 10:45:56 2009 : Info: [noresetcounter] expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561'} -> Mon Nov 30 10:45:56 2009 : Debug: rlm_sqlcounter: No integer found in string "" Mon Nov 30 10:45:56 2009 : Info: ++[noresetcounter] returns noop Mon Nov 30 10:45:56 2009 : Debug: rlm_sqlcounter: Entering module authorize code Mon Nov 30 10:45:56 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair Mon Nov 30 10:45:56 2009 : Info: ++[dailycounter] returns noop Mon Nov 30 10:45:56 2009 : Debug: rlm_sqlcounter: Entering module authorize code Mon Nov 30 10:45:56 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair Mon Nov 30 10:45:56 2009 : Info: ++[monthlycounter] returns noop Mon Nov 30 10:45:56 2009 : Info: Found Auth-Type = CHAP Mon Nov 30 10:45:56 2009 : Info: +- entering group CHAP {...} Mon Nov 30 10:45:56 2009 : Info: [chap] login attempt by "9799-8798-3665-6561" with CHAP password Mon Nov 30 10:45:56 2009 : Info: [chap] Using clear text password "1234" for user 9799-8798-3665-6561 authentication. Mon Nov 30 10:45:56 2009 : Info: [chap] Password check failed Mon Nov 30 10:45:56 2009 : Info: ++[chap] returns reject Mon Nov 30 10:45:56 2009 : Info: Failed to authenticate the user. Mon Nov 30 10:45:56 2009 : Info: Using Post-Auth-Type Reject Mon Nov 30 10:45:56 2009 : Info: +- entering group REJECT {...} Mon Nov 30 10:45:56 2009 : Info: [attr_filter.access_reject] expand: %{User-Name} -> 9799-8798-3665-6561 Mon Nov 30 10:45:56 2009 : Debug: attr_filter: Matched entry DEFAULT at line 11 Mon Nov 30 10:45:56 2009 : Info: ++[attr_filter.access_reject] returns updated Mon Nov 30 10:45:56 2009 : Info: Delaying reject of request 0 for 1 seconds Mon Nov 30 10:45:56 2009 : Debug: Going to the next request Mon Nov 30 10:45:56 2009 : Debug: Waking up in 0.9 seconds. Mon Nov 30 10:45:57 2009 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 0 to 192.168.65.99 port 38212 Mon Nov 30 10:45:57 2009 : Debug: Waking up in 4.9 seconds. Mon Nov 30 10:46:02 2009 : Info: Cleaning up request 0 ID 0 with timestamp +40 Mon Nov 30 10:46:02 2009 : Debug: Ready to process requests. --------------------------------------------------- FIN --------------------------------------------------------------------------------------------------
José Adiel Blandón Rivera canchex@gmail.com
are you using Crypted password in the database? you have to use clear passwords in the database to successful login through chillispot and freeradius.
Regards
I am using Clear passwords : mysql> select * from radcheck; +----+---------------------+--------------------+----+-------+ | id | username | attribute | op | value | +----+---------------------+--------------------+----+-------+ | 2 | 9799-8798-3665-6561 | Cleartext-Password | := | 1234 | +----+---------------------+--------------------+----+-------+ 1 row in set (0.00 sec) mysql>
Charles" charles@goma.kivu-online.com
Whats the version of freeradius are you using?
Mon Nov 30 10:45:15 2009 : Info: FreeRADIUS Version 2.1.7, for host i486-pc-linux-gnu, built on Nov 13 2009 at 15:28:37 Mon Nov 30 10:45:15 2009 : Info: Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. Mon Nov 30 10:45:15 2009 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Mon Nov 30 10:45:15 2009 : Info: PARTICULAR PURPOSE. Mon Nov 30 10:45:15 2009 : Info: You may redistribute copies of FreeRADIUS under the terms of the Mon Nov 30 10:45:15 2009 : Info: GNU General Public License v2. Mon Nov 30 10:45:15 2009 : Info: Starting - reading configuration files ... Regards!! _________________________________________________________________ Windows Live: Make it easier for your friends to see what you’re up to on Facebook. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soc...
When I implemented the Hotspot i used 'User-Password' as password attribute and it works for me, maybe this can help you. Regards. David BiTx0 wrote:
Hi all,
Forgive me for not answering but weekends I do not work J
José Adiel Blandón Rivera canchex@gmail.com <mailto:canchex@gmail.com>
are you using Crypted password in the database? you have to use clear passwords in the database to successful login through chillispot and freeradius.
Regards
I am using Clear passwords :
mysql> select * from radcheck;
+----+---------------------+--------------------+----+-------+
| id | username | attribute | op | value |
+----+---------------------+--------------------+----+-------+
| 2 | 9799-8798-3665-6561 | Cleartext-Password | := | 1234 |
+----+---------------------+--------------------+----+-------+
1 row in set (0.00 sec)
Regards!!
------------------------------------------------------------------------ Windows Live: Make it easier for your friends to see what you’re up to on Facebook. <http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009>
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Charles -
David BiTx0 -
José Adiel Blandón Rivera -
tnt@kalik.net