Freeradius + CHAP
Ivan Kalik
tnt at kalik.net
Mon Apr 7 16:11:04 CEST 2008
Can you do radtest from the machine on which chillispot is installed? If
radtest does OK - it's a chilli bug. If radtest fails as well - crypto
libraries on that machine are broken.
Ivan Kalik
Kalik Informatika ISP
Dana 7/4/2008, "SANDY KALUGDAN" <sandykalugdan at yahoo.com> piše:
>chillispot hotspotlogin.cgi contains
>
># Shared secret used to encrypt challenge with. Prevents dictionary attacks.
># You should change this to your own shared secret.
>$uamsecret = "testing123";
>
># Uncomment the following line if you want to use ordinary user-password
># for radius authentication. Must be used together with $uamsecret.
>$userpassword=1;
>
>nas table
>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>| id | nasname | shortname | type | ports | secret | community | description |
>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>| 1 | 127.0.0.1 | localhost | NULL | NULL | testing123 | NULL | NULL |
>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>
>radcheck table
>mysql> select * from radcheck;
>+----+----------+--------------------+----+-------+
>| id | UserName | Attribute | op | Value |
>+----+----------+--------------------+----+-------+
>| 1 | s | Cleartext-Password | := | sandy |
>| 2 | steve | Cleartext-Password | := | s |
>+----+----------+--------------------+----+-------+
>2 rows in set (0.00 sec)
>
>clients.conf
>client 192.168.182.1/24 {
> secret = testing123
> shortname = private-network
>}
>
>
>nas table and clients.conf are both on radius server. You need to make
>testing123 secret on the portal that is sending those reqests.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 7/4/2008, "SANDY KALUGDAN" <sandykalugdan at yahoo.com> piĹĄe:
>
>>I've checked the clients.conf and it uses testing123 as the secret.
>>I've created a record on nas
>>mysql> select * from nas;
>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>| id | nasname | shortname | type | ports | secret | community | description |
>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>| 1 | 127.0.0.1 | localhost | NULL | NULL | testing123 | NULL | NULL |
>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>
>>here is a portion of the radiusd -X output
>>
>>rlm_pap: Found existing Auth-Type, not changing it.
>>++[pap] returns noop
>> rad_check_password: Found Auth-Type
>>auth: type Local
>>auth: user supplied User-Password does NOT match local User-Password
>>auth: Failed to validate the user.
>>Login incorrect: [s/\365\010\343\323] (from client localhost port 0 cli 00-1C-A4-6F-21-10)
>> WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
>> Found Post-Auth-Type Reject
>>+- entering group REJECT
>> expand: %{User-Name} -> s
>> attr_filter: Matched entry DEFAULT at line 11
>>
>>
>>
>>----- Original Message ----
>>From: Ivan Kalik <tnt at kalik.net>
>>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>>Sent: Monday, April 7, 2008 16:22:38
>>Subject: Re: Freeradius + CHAP
>>
>>> User-Password = "\340\334\351\234"
>>
>>Shared secret in clents.conf and on the NAS is not the same.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>>Send instant messages to your online friends http://uk.messenger.yahoo.com
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>Send instant messages to your online friends http://uk.messenger.yahoo.com
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list