Freeradius + CHAP
SANDY KALUGDAN
sandykalugdan at yahoo.com
Mon Apr 7 15:34:17 CEST 2008
chillispot hotspotlogin.cgi contains
# Shared secret used to encrypt challenge with. Prevents dictionary attacks.
# You should change this to your own shared secret.
$uamsecret = "testing123";
# Uncomment the following line if you want to use ordinary user-password
# for radius authentication. Must be used together with $uamsecret.
$userpassword=1;
nas table
>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>| id | nasname | shortname | type | ports | secret | community | description |
>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>| 1 | 127.0.0.1 | localhost | NULL | NULL | testing123 | NULL | NULL |
>+----+-----------+-----------+------+-------+------------+-----------+-------------+
radcheck table
mysql> select * from radcheck;
+----+----------+--------------------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+--------------------+----+-------+
| 1 | s | Cleartext-Password | := | sandy |
| 2 | steve | Cleartext-Password | := | s |
+----+----------+--------------------+----+-------+
2 rows in set (0.00 sec)
clients.conf
client 192.168.182.1/24 {
secret = testing123
shortname = private-network
}
nas table and clients.conf are both on radius server. You need to make
testing123 secret on the portal that is sending those reqests.
Ivan Kalik
Kalik Informatika ISP
Dana 7/4/2008, "SANDY KALUGDAN" <sandykalugdan at yahoo.com> piše:
>I've checked the clients.conf and it uses testing123 as the secret.
>I've created a record on nas
>mysql> select * from nas;
>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>| id | nasname | shortname | type | ports | secret | community | description |
>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>| 1 | 127.0.0.1 | localhost | NULL | NULL | testing123 | NULL | NULL |
>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>
>here is a portion of the radiusd -X output
>
>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
> rad_check_password: Found Auth-Type
>auth: type Local
>auth: user supplied User-Password does NOT match local User-Password
>auth: Failed to validate the user.
>Login incorrect: [s/\365\010\343\323] (from client localhost port 0 cli 00-1C-A4-6F-21-10)
> WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
> Found Post-Auth-Type Reject
>+- entering group REJECT
> expand: %{User-Name} -> s
> attr_filter: Matched entry DEFAULT at line 11
>
>
>
>----- Original Message ----
>From: Ivan Kalik <tnt at kalik.net>
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Sent: Monday, April 7, 2008 16:22:38
>Subject: Re: Freeradius + CHAP
>
>> User-Password = "\340\334\351\234"
>
>Shared secret in clents.conf and on the NAS is not the same.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>Send instant messages to your online friends http://uk.messenger.yahoo.com
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Send instant messages to your online friends http://uk.messenger.yahoo.com
More information about the Freeradius-Users
mailing list