Beginner Question: "Hotspot Login Failed"
Sean Wingert
seanw at norris-stevens.com
Thu Sep 9 20:47:49 CEST 2010
Thanks again, Alan. Sorry, not selectively. I do not understand how to proceed. What does "your configuration" refer to specifically? (users, radcheck, *.conf, chillispot?) I grepped all the config files for "known" and none appeared to be insightful (to my newbie understanding of radius).
Also, that message may be a red herring anyway (thoughts?), since I just corrected a mistake in the "UAM Allowed" field in Chillispot by including the Nas gateway's IP address (I had previously left it blank in ignorance). That adjustment allowed me to uncomment the $uamsecret in hotspotlogin.php and authenticate with various accounts/methods, such as the 123 (User-Password), entries in the users file, and the "PIN" (Daloradius) password (radcheck for "Auth-Type"). For example:
============================
working (acct 123) debug:
============================
rad_recv: Access-Request packet from host 192.168.0.72 port 2128, id=0, length=190
User-Name = "123"
User-Password = "123"
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.182.2
Calling-Station-Id = "C4-17-FE-1C-5C-9D"
Called-Station-Id = "00-24-A5-6F-81-0A"
NAS-Identifier = "1"
Acct-Session-Id = "4c8944db00000000"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Message-Authenticator = 0x30fbed83c2eb77085b524bd043b27f45
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "123", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> 123
rlm_sql (sql): sql_set_user escaped user --> '123'
rlm_sql (sql): Reserving sql socket id: 1
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '123' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '123' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '123' ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "123"
rlm_pap: Using clear text password "123"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [123/123] (from client Subnet port 0 cli C4-17-FE-1C-5C-9D)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{User-Name} -> 123
rlm_sql (sql): sql_set_user escaped user --> '123'
expand: %{User-Password} -> 123
expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '123', '123', 'Access-Accept', '2010-09-09 11:34:59')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '123', '123', 'Access-Accept', '2010-09-09 11:34:59')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 0 to 192.168.0.72 port 2128
Finished request 47.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 192.168.0.72 port 2126, id=4, length=124
Acct-Status-Type = Start
User-Name = "123"
Calling-Station-Id = "C4-17-FE-1C-5C-9D"
Called-Station-Id = "00-24-A5-6F-81-0A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-Port-Id = "00000000"
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "1"
Framed-IP-Address = 192.168.182.2
Acct-Session-Id = "4c8944db00000000"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 192.168.0.72,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "4c8944db00000000",User-Name = "123"'
rlm_acct_unique: Acct-Unique-Session-ID = "acc24399d8fb1504".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "123", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.0.72/detail-20100909
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.72/detail-20100909
expand: %t -> Thu Sep 9 11:34:59 2010
++[detail] returns ok
++[unix] returns ok
expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
expand: %{User-Name} -> 123
++[radutmp] returns ok
expand: %{User-Name} -> 123
rlm_sql (sql): sql_set_user escaped user --> '123'
expand: %{Acct-Delay-Time} ->
expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}') -> INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('4c8944db00000000', 'acc24399d8fb1504', '123', '', '0.0.0.0', '0', 'Wireless-802.11', '2010-09-09 11:34:59', NULL, '0', '', '', '', '0', '0', '00-24-A5-6F-81-0A', 'C4-17-FE-1C-5C-9D', '', '', '', '192.168.182.2', '0', '0', '')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
expand: %{User-Name} -> 123
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 4 to 192.168.0.72 port 2126
Finished request 48.
Cleaning up request 48 ID 4 with timestamp +6565
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 47 ID 0 with timestamp +6565
Ready to process requests.
Thanks,
Sean
This message is intended only for the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited, and you are requested to return the original message to the sender.
More information about the Freeradius-Users
mailing list