Strange Problem with chap.
Oguzhan Kayhan
oguzhank at bilkent.edu.tr
Tue Nov 11 09:48:16 CET 2008
Hello,
I am using chilli-coova as hotspot and making its authentication via
freeradius.
I dont know if you have any experience with this software but, It has 2
kind of login pages. One is a cgi page with clean password, other is a
java script making chap authentication.
here is the problem.
On freeradius i am using rlm_perl authentication for my users.
When i use cgi page or radtest tool and send clean password, everything
works flawless...
But if i decide to use chap somthing strange happens..
If i type correct user/pass freeradus denies it.. But it i type the
password wrong, freeradius accepts it..
Heres the debug for freeradius..
7798-1 is with the right user/pass comination
7798 is the wrong user/pass combination
rad_recv: Access-Request packet from host 139.179.14.250 port 33545,
id=30, length=285
Vendor-14559-Attr-8 = 0x312e302e3131
User-Name = "7798-1"
CHAP-Challenge = 0x091c2ecc9622c2b8072a20db2a85840e
CHAP-Password = 0x001143a4c3f8a192f89b9ff9e7f6f85fe0
NAS-IP-Address = 192.168.182.1
Service-Type = Login-User
Framed-IP-Address = 192.168.182.2
Calling-Station-Id = "00-14-22-A1-BB-AB"
Called-Station-Id = "00-0E-0C-6E-6E-7C"
NAS-Identifier = "nas01"
Acct-Session-Id = "491944cd00000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,"
WISPr-Location-Name = "My_HotSpot"
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Message-Authenticator = 0xcf009790c3d4d941242929020db19b43
server lojnet {
+- entering group authorize
++[preprocess] returns ok
users: Matched entry DEFAULT at line 72
++[files] returns ok
++[control] returns ok
perl_pool: item 0xbe7fd00 asigned new request. Handled so far: 1
found interpetator at address 0xbe7fd00
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair CHAP-Password = 0x001143a4c3f8a192f89b9ff9e7f6f85fe0
rlm_perl: Added pair WISPr-Logoff-URL = http://192.168.182.1:3990/logoff
rlm_perl: Added pair Acct-Session-Id = 491944cd00000001
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Vendor-14559-Attr-8 = 0x312e302e3131
rlm_perl: Added pair Called-Station-Id = 00-0E-0C-6E-6E-7C
rlm_perl: Added pair Message-Authenticator =
0xcf009790c3d4d941242929020db19b43
rlm_perl: Added pair CHAP-Challenge = 0x091c2ecc9622c2b8072a20db2a85840e
rlm_perl: Added pair NAS-IP-Address = 192.168.182.1
rlm_perl: Added pair Calling-Station-Id = 00-14-22-A1-BB-AB
rlm_perl: Added pair WISPr-Location-ID = isocc=,cc=,ac=,network=Coova,
rlm_perl: Added pair User-Name = 7798-1
rlm_perl: Added pair NAS-Identifier = nas01
rlm_perl: Added pair Framed-IP-Address = 192.168.182.2
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair WISPr-Location-Name = My_HotSpot
rlm_perl: Added pair Reply-Message = Unknown Username Or Password
rlm_perl: Added pair Simultaneous-Use = 1
rlm_perl: Added pair Auth-Type = Perl
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xbe7fd00
++[perl_lojnet] returns reject
Invalid user: [7798-1/<CHAP-Password>] (from client wireless-client port 1
cli 00-14-22-A1-BB-AB)
} # server lojnet
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> 7798-1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 21 for 1 seconds
Going to the next request
Waking up in 0.7 seconds.
Sending delayed reject for request 21
Sending Access-Reject of id 30 to 139.179.14.250 port 33545
Reply-Message = "Unknown Username Or Password"
Waking up in 4.9 seconds.
Cleaning up request 21 ID 30 with timestamp +1299
Ready to process requests.
rad_recv: Access-Request packet from host 139.179.14.250 port 56290,
id=34, length=283
Vendor-14559-Attr-8 = 0x312e302e3131
User-Name = "7798"
CHAP-Challenge = 0xf5a327d969a14458fc8e232dc2b2dd0e
CHAP-Password = 0x00754c55931928ae23c86ffc791482d963
NAS-IP-Address = 192.168.182.1
Service-Type = Login-User
Framed-IP-Address = 192.168.182.2
Calling-Station-Id = "00-14-22-A1-BB-AB"
Called-Station-Id = "00-0E-0C-6E-6E-7C"
NAS-Identifier = "nas01"
Acct-Session-Id = "491944cd00000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,"
WISPr-Location-Name = "My_HotSpot"
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Message-Authenticator = 0x8ccc91235f97010a7c09802979e2cdea
server lojnet {
+- entering group authorize
++[preprocess] returns ok
users: Matched entry DEFAULT at line 72
++[files] returns ok
++[control] returns ok
perl_pool: item 0xc1dfb10 asigned new request. Handled so far: 1
found interpetator at address 0xc1dfb10
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair CHAP-Password = 0x00754c55931928ae23c86ffc791482d963
rlm_perl: Added pair WISPr-Logoff-URL = http://192.168.182.1:3990/logoff
rlm_perl: Added pair Acct-Session-Id = 491944cd00000001
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Vendor-14559-Attr-8 = 0x312e302e3131
rlm_perl: Added pair Called-Station-Id = 00-0E-0C-6E-6E-7C
rlm_perl: Added pair Message-Authenticator =
0x8ccc91235f97010a7c09802979e2cdea
rlm_perl: Added pair CHAP-Challenge = 0xf5a327d969a14458fc8e232dc2b2dd0e
rlm_perl: Added pair NAS-IP-Address = 192.168.182.1
rlm_perl: Added pair Calling-Station-Id = 00-14-22-A1-BB-AB
rlm_perl: Added pair WISPr-Location-ID = isocc=,cc=,ac=,network=Coova,
rlm_perl: Added pair User-Name = 7798
rlm_perl: Added pair NAS-Identifier = nas01
rlm_perl: Added pair Framed-IP-Address = 192.168.182.2
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair WISPr-Location-Name = My_HotSpot
rlm_perl: Added pair Simultaneous-Use = 1
rlm_perl: Added pair Auth-Type = Perl
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xc1dfb10
++[perl_lojnet] returns ok
rad_check_password: Found Auth-Type Perl
auth: type "Perl"
+- entering group Perl
perl_pool: item 0xc53f920 asigned new request. Handled so far: 1
found interpetator at address 0xc53f920
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair CHAP-Password = 0x00754c55931928ae23c86ffc791482d963
rlm_perl: Added pair Acct-Session-Id = 491944cd00000001
rlm_perl: Added pair WISPr-Logoff-URL = http://192.168.182.1:3990/logoff
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Vendor-14559-Attr-8 = 0x312e302e3131
rlm_perl: Added pair Called-Station-Id = 00-0E-0C-6E-6E-7C
rlm_perl: Added pair Message-Authenticator =
0x8ccc91235f97010a7c09802979e2cdea
rlm_perl: Added pair CHAP-Challenge = 0xf5a327d969a14458fc8e232dc2b2dd0e
rlm_perl: Added pair NAS-IP-Address = 192.168.182.1
rlm_perl: Added pair Calling-Station-Id = 00-14-22-A1-BB-AB
rlm_perl: Added pair WISPr-Location-ID = isocc=,cc=,ac=,network=Coova,
rlm_perl: Added pair User-Name = 7798
rlm_perl: Added pair NAS-Identifier = nas01
rlm_perl: Added pair Framed-IP-Address = 192.168.182.2
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair WISPr-Location-Name = My_HotSpot
rlm_perl: Added pair Acct-Interim-Interval = 60
rlm_perl: Added pair WISPr-Bandwidth-Max-Up = 25600000
rlm_perl: Added pair WISPr-Bandwidth-Max-Down = 100000000
rlm_perl: Added pair Simultaneous-Use = 1
rlm_perl: Added pair Auth-Type = Perl
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xc53f920
++[perl_lojnet] returns ok
+- entering group session
++[sql_lojnet] returns noop
Login OK: [7798/<CHAP-Password>] (from client wireless-client port 1 cli
00-14-22-A1-BB-AB)
+- entering group post-auth
++[exec] returns noop
} # server lojnet
Sending Access-Accept of id 34 to 139.179.14.250 port 56290
More information about the Freeradius-Users
mailing list