Freeradius + CHAP

SANDY KALUGDAN sandykalugdan at yahoo.com
Tue Apr 8 11:08:36 CEST 2008 

Ivan, nice to see that you're always there to provide support.

I've managed to have it working somehow. using nokia wifi enabled phones & laptops. All throughout the sessions, I've been using Sony Ericsson's P1i to test the setup (Chillispot + Freeradius + Mysql).

Now I'm checking the reason why it fails when I use Sony Ericsson.



----- Original Message ----
From: Ivan Kalik <tnt at kalik.net>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Tuesday, April 8, 2008 12:53:57
Subject: Re: Freeradius + CHAP

Server debug please.

Ivan Kalik
Kalik Informatika ISP


Dana 8/4/2008, "SANDY KALUGDAN" <sandykalugdan at yahoo.com> piše:

>[root at host SPECS]# radtest s sandy locahost 1645 testing123
>radclient: Failed to find IP address for host locahost: Success
>
>----- Original Message ----
>From: Ivan Kalik <tnt at kalik.net>
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Sent: Monday, April 7, 2008 18:11:04
>Subject: Re: Freeradius + CHAP
>
>Can you do radtest from the machine on which chillispot is installed? If
>radtest does OK - it's a chilli bug. If radtest fails as well - crypto
>libraries on that machine are broken.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 7/4/2008, "SANDY KALUGDAN" <sandykalugdan at yahoo.com> piĹĄe:
>
>>chillispot hotspotlogin.cgi contains
>>
>># Shared secret used to encrypt challenge with. Prevents dictionary attacks.
>># You should change this to your own shared secret.
>>$uamsecret = "testing123";
>>
>># Uncomment the following line if you want to use ordinary user-password
>># for radius authentication. Must be used together with $uamsecret.
>>$userpassword=1;
>>
>>nas table
>>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>>| id | nasname   | shortname | type | ports | secret     | community | description |
>>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>>|  1 | 127.0.0.1 | localhost | NULL |  NULL | testing123 | NULL      | NULL    |
>>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>
>>radcheck table
>>mysql> select * from radcheck;
>>+----+----------+--------------------+----+-------+
>>| id | UserName | Attribute          | op | Value |
>>+----+----------+--------------------+----+-------+
>>|  1 | s        | Cleartext-Password | := | sandy |
>>|  2 | steve    | Cleartext-Password | := | s     |
>>+----+----------+--------------------+----+-------+
>>2 rows in set (0.00 sec)
>>
>>clients.conf
>>client 192.168.182.1/24 {
>>            secret            =    testing123
>>            shortname    =   private-network
>>}
>>
>>
>>nas table and clients.conf are both on radius server. You need to make
>>testing123 secret on the portal that is sending those reqests.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 7/4/2008, "SANDY KALUGDAN" <sandykalugdan at yahoo.com> piÄšÄe:
>>
>>>I've checked the clients.conf and it uses testing123 as the secret.
>>>I've created a record on nas
>>>mysql> select * from nas;
>>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>>| id | nasname   | shortname | type | ports | secret     | community | description |
>>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>>|  1 | 127.0.0.1 | localhost | NULL |  NULL | testing123 | NULL      | NULL    |
>>>+----+-----------+-----------+------+-------+------------+-----------+-------------+
>>>
>>>here is a portion of the radiusd -X output
>>>
>>>rlm_pap: Found existing Auth-Type, not changing it.
>>>++[pap] returns noop
>>>  rad_check_password:  Found Auth-Type
>>>auth: type Local
>>>auth: user supplied User-Password does NOT match local User-Password
>>>auth: Failed to validate the user.
>>>Login incorrect: [s/\365\010\343\323] (from client localhost port 0 cli 00-1C-A4-6F-21-10)
>>>  WARNING: Unprintable characters in the password.        Double-check the shared secret on the server and the NAS!
>>>  Found Post-Auth-Type Reject
>>>+- entering group REJECT
>>>        expand: %{User-Name} -> s
>>> attr_filter: Matched entry DEFAULT at line 11
>>>
>>>
>>>
>>>----- Original Message ----
>>>From: Ivan Kalik <tnt at kalik.net>
>>>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>>>Sent: Monday, April 7, 2008 16:22:38
>>>Subject: Re: Freeradius + CHAP
>>>
>>>>        User-Password = "\340\334\351\234"
>>>
>>>Shared secret in clents.conf and on the NAS is not the same.
>>>
>>>Ivan Kalik
>>>Kalik Informatika ISP
>>>
>>>-
>>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>>
>>>
>>>
>>>Send instant messages to your online friends http://uk.messenger.yahoo.com
>>>
>>>-
>>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>>
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>>Send instant messages to your online friends http://uk.messenger.yahoo.com 
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>Send instant messages to your online friends http://uk.messenger.yahoo.com 
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




Send instant messages to your online friends http://uk.messenger.yahoo.com

More information about the Freeradius-Users mailing list