chilli + freeradius + mysql : Password check failed
David BiTx0
bitx0 at hotmail.com
Fri Nov 27 15:38:07 CET 2009
Hi all,
I have a problem, where I work, I installed a system wifi hotspot (chillispot+freeradius+mysql), all in one machine (debian lenny) for external workers.
The problem is that freeradius does not understand the password it receives from chillispot L
Fri Nov 27 16:13:30 2009 : Info: [chap] Using clear text password "P1s0S" for user 9799-8798-3665-6561 authentication.
Fri Nov 27 16:13:30 2009 : Info: [chap] Password check failed
P1s0S is the good passwd !!! This well written in the MySQL .
I think that chillispot is using PAP instead of CHAP, I've looked at the code file hotspotlogin.php :
--------------------------- hotspotlogin.php -----------------------------------------------------
$response = md5("\0" . $_GET['Password'] . $newchal);
$newpwd = pack("a32", $_GET['Password']);
$pappassword = implode ("", unpack("H32", ($newpwd ^ $newchal)));
---------------------------- FIN ------------------------------------------------------------------
I don’t now.
Thanks J
-------- radius –XXX --------------
Fri Nov 27 15:35:29 2009 : Debug: Waking up in 4.9 seconds.
Fri Nov 27 15:35:34 2009 : Info: Cleaning up request 12 ID 0 with timestamp +5614
Fri Nov 27 15:35:34 2009 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 192.168.65.99 port 54942, id=0, length=229
User-Name = "9799-8798-3665-6561"
CHAP-Challenge = 0x6f2ac78657926dd875b49f0178ce89d7
CHAP-Password = 0x00a2d83146dc31d330e294298fafb575c2
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.182.4
Calling-Station-Id = "00-1C-BF-D3-88-70"
Called-Station-Id = "00-0E-7F-FE-01-F9"
NAS-Identifier = "nas01"
Acct-Session-Id = "4b0fec8100000000"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Message-Authenticator = 0x368ff43e6530b497663e3e8b09be3ea8
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Fri Nov 27 16:13:30 2009 : Info: +- entering group authorize {...}
Fri Nov 27 16:13:30 2009 : Info: ++[preprocess] returns ok
Fri Nov 27 16:13:30 2009 : Info: [chap] Setting 'Auth-Type := CHAP'
Fri Nov 27 16:13:30 2009 : Info: ++[chap] returns ok
Fri Nov 27 16:13:30 2009 : Info: ++[mschap] returns noop
Fri Nov 27 16:13:30 2009 : Info: [suffix] No '@' in User-Name = "9799-8798-3665-6561", looking up realm NULL
Fri Nov 27 16:13:30 2009 : Info: [suffix] No such realm "NULL"
Fri Nov 27 16:13:30 2009 : Info: ++[suffix] returns noop
Fri Nov 27 16:13:30 2009 : Info: [eap] No EAP-Message, not doing EAP
Fri Nov 27 16:13:30 2009 : Info: ++[eap] returns noop
Fri Nov 27 16:13:30 2009 : Info: ++[unix] returns notfound
Fri Nov 27 16:13:30 2009 : Info: ++[files] returns noop
Fri Nov 27 16:13:30 2009 : Info: [sql] expand: %{User-Name} -> 9799-8798-3665-6561
Fri Nov 27 16:13:30 2009 : Info: [sql] sql_set_user escaped user --> '9799-8798-3665-6561'
Fri Nov 27 16:13:30 2009 : Debug: rlm_sql (sql): Reserving sql socket id: 2
Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '9799-8798-3665-6561' ORDER BY id
Fri Nov 27 16:13:30 2009 : Info: [sql] User found in radcheck table
Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '9799-8798-3665-6561' ORDER BY id
Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '9799-8798-3665-6561' ORDER BY priority
Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '1hora' ORDER BY id
Fri Nov 27 16:13:30 2009 : Info: [sql] User found in group 1hora
Fri Nov 27 16:13:30 2009 : Info: [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '1hora' ORDER BY id
Fri Nov 27 16:13:30 2009 : Debug: rlm_sql (sql): Released sql socket id: 2
Fri Nov 27 16:13:30 2009 : Info: ++[sql] returns ok
Fri Nov 27 16:13:30 2009 : Info: ++[expiration] returns noop
Fri Nov 27 16:13:30 2009 : Info: ++[logintime] returns noop
Fri Nov 27 16:13:30 2009 : Info: [pap] Found existing Auth-Type, not changing it.
Fri Nov 27 16:13:30 2009 : Info: ++[pap] returns noop
Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Entering module authorize code
Fri Nov 27 16:13:30 2009 : Debug: sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}''
Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561'
Fri Nov 27 16:13:30 2009 : Debug: sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561'}'
Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] sql_xlat
Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] expand: %{User-Name} -> 9799-8798-3665-6561
Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] sql_set_user escaped user --> '9799-8798-3665-6561'
Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561'
Fri Nov 27 16:13:30 2009 : Debug: rlm_sql (sql): Reserving sql socket id: 1
Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] row[0] returned NULL
Fri Nov 27 16:13:30 2009 : Debug: rlm_sql (sql): Released sql socket id: 1
Fri Nov 27 16:13:30 2009 : Info: [noresetcounter] expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='9799-8798-3665-6561'} ->
Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: No integer found in string ""
Fri Nov 27 16:13:30 2009 : Info: ++[noresetcounter] returns noop
Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Entering module authorize code
Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair
Fri Nov 27 16:13:30 2009 : Info: ++[dailycounter] returns noop
Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Entering module authorize code
Fri Nov 27 16:13:30 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair
Fri Nov 27 16:13:30 2009 : Info: ++[monthlycounter] returns noop
Fri Nov 27 16:13:30 2009 : Info: Found Auth-Type = CHAP
Fri Nov 27 16:13:30 2009 : Info: +- entering group CHAP {...}
Fri Nov 27 16:13:30 2009 : Info: [chap] login attempt by "9799-8798-3665-6561" with CHAP password
Fri Nov 27 16:13:30 2009 : Info: [chap] Using clear text password "P1s0S" for user 9799-8798-3665-6561 authentication.
Fri Nov 27 16:13:30 2009 : Info: [chap] Password check failed
Fri Nov 27 16:13:30 2009 : Info: ++[chap] returns reject
Fri Nov 27 16:13:30 2009 : Info: Failed to authenticate the user.
Fri Nov 27 16:13:30 2009 : Info: Using Post-Auth-Type Reject
Fri Nov 27 16:13:30 2009 : Info: +- entering group REJECT {...}
Fri Nov 27 16:13:30 2009 : Info: [attr_filter.access_reject] expand: %{User-Name} -> 9799-8798-3665-6561
Fri Nov 27 16:13:30 2009 : Debug: attr_filter: Matched entry DEFAULT at line 11
Fri Nov 27 16:13:30 2009 : Info: ++[attr_filter.access_reject] returns updated
Fri Nov 27 16:13:30 2009 : Info: Delaying reject of request 13 for 1 seconds
Fri Nov 27 16:13:30 2009 : Debug: Going to the next request
Fri Nov 27 16:13:30 2009 : Debug: Waking up in 0.9 seconds.
Fri Nov 27 16:13:31 2009 : Info: Sending delayed reject for request 13
Sending Access-Reject of id 0 to 192.168.65.99 port 54942
Fri Nov 27 16:13:31 2009 : Debug: Waking up in 4.9 seconds.
Fri Nov 27 16:13:36 2009 : Info: Cleaning up request 13 ID 0 with timestamp +7896
Fri Nov 27 16:13:36 2009 : Debug: Ready to process requests.
------------------------------ FIN -------------------------------------------------------------------
_________________________________________________________________
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091127/179ced72/attachment.html>
More information about the Freeradius-Users
mailing list