Hi, I am newbie about Freeradius. I have One time Password Server as proxy. My user comes to freeradius from GSM operator by using an APN Freeradius uses MySQL to store username and IP Pool.When a user come, Freeradius verifies password from OTP and assing an IP address. Thsi what I wanan doç In LAN tests, there was no problem. But when I try to test from APN to connect my user I get some error. Here is my user and log ##################################### mysql> select * from radcheck where username like '%yagmurgida6%'; +-----+----------------------+------------------------------+----+-------+ | id | username | attribute | op | value | +-----+-------------+---------------------------------------+-----+-------+ | 197 | yagmurgida6 | Cleartext-Password | := | test | +-----+-------------+--------------------------------------+------+-------+ ##################################### rad_recv: Access-Request packet from host 172.30.80.1 port 24160, id=115, length=388 Calling-Station-Id = "905330443893" User-Name = "yagmurgida6" NAS-IP-Address = 172.30.80.1 NAS-Identifier = "MTCGGSNK3" Service-Type = Framed-User Framed-Protocol = GPRS-PDP-Context NAS-Port-Type = Wireless-Other 3GPP-IMSI = "286015044743893" 3GPP-IMSI-MCC-MNC = "28601" 3GPP-NSAPI = "5" 3GPP-Selection-Mode = "0" 3GPP-Charging-ID = 56032450 3GPP-GPRS-Negotiated-QoS-profile = "99-13921F7396F7FE74FAF7FE" 3GPP-Charging-Characteristics = "0800" Called-Station-Id = "yasarapn" 3GPP-SGSN-Address = 86.108.153.10 3GPP-SGSN-MCC-MNC = "28601" 3GPP-GGSN-Address = 86.108.153.126 3GPP-GGSN-MCC-MNC = "28601" 3GPP-Negotiated-DSCP = 18 3GPP-RAT-Type = 1 3GPP-Location-Info = 0x0182f610ec77e26f 3GPP-Attr-23 = 0x8000 3GPP-IMEISV = "3541140143174615" 3GPP-PDP-Type = 0 CHAP-Challenge = 0xae4696cc70b2fa9d1628d9b59e19d7c3 CHAP-Password = 0x0245569539ebb803dbc0534c0540ea2bc8 NAS-Port = 56400 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "yagmurgida6", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> yagmurgida6 [sql] sql_set_user escaped user --> 'yagmurgida6' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE us$ [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE us$ [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'yagmurgida6' ORD$ rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = CHAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group CHAP {...} [chap] login attempt by "yagmurgida6" with CHAP password [chap] Using clear text password "test" for user yagmurgida6 authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> yagmurgida6 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 172.30.80.1 port 24160, id=115, length=388 Waiting to send Access-Reject to client TurkcellNasClient port 24160 - ID: 115 Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 115 to 172.30.80.1 port 24160 Waking up in 4.9 seconds. Cleaning up request 0 ID 115 with timestamp +3231 Ready to process requests. ################################# As I see, there is CHAP and Cleartext-Password not works together. Because of I use OTP as proxy local password not necessary. So to conenct successfully, what attribute I have to use? -- <br> <img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img> <br><br> Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
On Feb 23, 2015, at 10:52 AM, Tevfik Ceydeliler <tevfik.ceydeliler@astron.yasar.com.tr> wrote:
In LAN tests, there was no problem. But when I try to test from APN to connect my user I get some error.
a) The NAS doesn’t implement CHAP correctly. b) The password is wrong. Pick one. Alan DeKok.
participants (2)
-
Alan DeKok -
Tevfik Ceydeliler