My problem: user supplied CHAP-Password does NOT match local User-Password
Zhifeng Yang
Zhifeng.Yang at meshcom.com
Tue Nov 4 16:50:03 CET 2008
Hello, everybody
I've setup FreeRadius based on MySQL in Debian system. The system passed local test, but failed with remote user login request from a Coovachilli portal.
It really confused me, because I always get following log message in FreeRadius debug mode:
auth: user supplied CHAP-Password does NOT match local User-Password
I am SURE I input correct password. I wonder if anybody can kindly give me any hints to resolve this issue. Here are details about:
OS: Debian version 4.0 r5
FreeRadius: 1.1.3 (this is the newest stable version I can apt-get for Debian)
MySQL server and client 5.0
CoovaChilli: CoovaAP 1.0 beta7d (this is firmware for Linksys box with CoovaChilli integrated)
This is item in radcheck table:
+----+------------+---------------+----+------------+
| id | UserName | Attribute | op | Value |
+----+------------+---------------+----+------------+
| 9 | chillispot | User-Password | := | chillispot |
And, this is message I have in FreeRadius log:
---------------------------------------------------
rad_recv: Access-Request packet from host 192.168.0.130:2085, id=69, length=301
ChilliSpot-Version = "1.0.11"
User-Name = "chillispot"
CHAP-Challenge = 0x51239bfb2d63ea383f908d3f255915cb
CHAP-Password = 0x00edbc2df1249e7552bdf39f05fa465234
NAS-IP-Address = 192.168.0.130
Service-Type = Login-User
Framed-IP-Address = 10.1.0.2
Calling-Station-Id = "00-14-A5-62-AB-2B"
Called-Station-Id = "00-18-39-C6-0D-C0"
NAS-Identifier = "00-18-39-C6-0D-C0"
Acct-Session-Id = "491058fb00000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Coova"
WISPr-Location-Name = "My_HotSpot"
WISPr-Logoff-URL = "http://10.1.0.1:3660/logoff"
Message-Authenticator = 0x103de768642d50fd1afaacaa5780a226
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
modcall[authorize]: module "preprocess" returns ok for request 12
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 12
modcall[authorize]: module "mschap" returns noop for request 12
rlm_realm: No '@' in User-Name = "chillispot", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 12
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 12
radius_xlat: 'chillispot'
rlm_sql (sql): sql_set_user escaped user --> 'chillispot'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'chillispot' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'chillispot' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'chillispot' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'chillispot' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 12
modcall: leaving group authorize (returns ok) for request 12
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password does NOT match local User-Password
auth: Failed to validate the user.
-------------------------------------------------
Thanks in advantage!
Steven Yang
More information about the Freeradius-Users
mailing list