same username with different password mysql chap
Brent Wilkinson
brent at air2data.com
Fri Mar 11 01:02:50 CET 2011
Alan,
I am apparently using a old guide. Made the updates to this. Still
expierencing same issue
+-----+----------+--------------------+----+--------+-------+------------+
| id | username | attribute | op | value | PID | expires |
+-----+----------+--------------------+----+--------+-------+------------+
| 462 | 10295 | Cleartext-Password | := | 912547 | 10295 | 2011-03-21 |
| 463 | 10295 | Cleartext-Password | := | 659320 | 10295 | 2011-03-21 |
| 464 | 10295 | Cleartext-Password | := | 322438 | 10295 | 2011-03-28 |
When I try to authenticate with any of the above the chap still ends up
using the wrong username pw to verify against.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59,
length=216
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00:13:E8:17:C9:09"
Called-Station-Id = "test1"
NAS-Port-Id = "ether2"
User-Name = "10295"
MS-CHAP-Domain = "test"
NAS-Port = 2153775135
Acct-Session-Id = "8060001f"
Framed-IP-Address = 10.0.100.251
Mikrotik-Host-IP = 10.0.100.251
CHAP-Challenge = 0x16869b7cab8761381fd3e2ea56fc674a
CHAP-Password = 0xdb03b44fee89561ab0a0bfdbf383f19cd8
Service-Type = Login-User
WISPr-Logoff-URL = "http://10.0.100.1/logout"
NAS-Identifier = "a2dtest"
NAS-IP-Address = 192.168.99.175
Mikrotik-Realm = "test"
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "10295", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> 10295
[sql] sql_set_user escaped user --> '10295'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '10295' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = '10295' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = '10295'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "10295" with CHAP password
[chap] Using clear text password "566703" for user 10295 authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> 10295
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59,
length=216
Waiting to send Access-Reject to client hotspot port 35587 - ID: 59
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59,
length=216
Waiting to send Access-Reject to client hotspot port 35587 - ID: 59
Waking up in 0.3 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 59 to 192.168.99.175 port 35587
Waking up in 4.9 seconds.
Cleaning up request 1 ID 59 with timestamp +36
Ready to process requests.
Thanks
Brent
Hi,
> +-----+----------+-----------+----+--------+-------+------------+
> | id | username | attribute | op | value | PID | expires |
> +-----+----------+-----------+----+--------+-------+------------+
> | 462 | 10295 | password | == | 912547 | 10295 | 2011-03-21 |
^^^^^^^^^ ^^^
thats wrong so is that
the attribute should be 'Cleartext-Password'
the operator should be :=
wonder what Doc or guide you are following?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list