same username with different password mysql chap

Brent Wilkinson brent at air2data.com
Fri Mar 11 01:02:50 CET 2011


Alan,

I am apparently using a old guide.  Made the updates to this. Still
expierencing same issue

+-----+----------+--------------------+----+--------+-------+------------+
| id  | username | attribute          | op | value  | PID   | expires    |
+-----+----------+--------------------+----+--------+-------+------------+
| 462 | 10295    | Cleartext-Password | := | 912547 | 10295 | 2011-03-21 |
| 463 | 10295    | Cleartext-Password | := | 659320 | 10295 | 2011-03-21 |
| 464 | 10295    | Cleartext-Password | := | 322438 | 10295 | 2011-03-28 |

When I try to authenticate with any of the above the chap still ends up
using the wrong username pw to verify against.

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59,
length=216
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "00:13:E8:17:C9:09"
	Called-Station-Id = "test1"
	NAS-Port-Id = "ether2"
	User-Name = "10295"
	MS-CHAP-Domain = "test"
	NAS-Port = 2153775135
	Acct-Session-Id = "8060001f"
	Framed-IP-Address = 10.0.100.251
	Mikrotik-Host-IP = 10.0.100.251
	CHAP-Challenge = 0x16869b7cab8761381fd3e2ea56fc674a
	CHAP-Password = 0xdb03b44fee89561ab0a0bfdbf383f19cd8
	Service-Type = Login-User
	WISPr-Logoff-URL = "http://10.0.100.1/logout"
	NAS-Identifier = "a2dtest"
	NAS-IP-Address = 192.168.99.175
	Mikrotik-Realm = "test"
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "10295", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] 	expand: %{User-Name} -> 10295
[sql] sql_set_user escaped user --> '10295'
rlm_sql (sql): Reserving sql socket id: 2
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'          ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radcheck
WHERE username = '10295'          ORDER BY id
[sql] User found in radcheck table
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radreply
WHERE username = '10295'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = '10295'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "10295" with CHAP password
[chap] Using clear text password "566703" for user 10295 authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> 10295
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59,
length=216
Waiting to send Access-Reject to client hotspot port 35587 - ID: 59
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59,
length=216
Waiting to send Access-Reject to client hotspot port 35587 - ID: 59
Waking up in 0.3 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 59 to 192.168.99.175 port 35587
Waking up in 4.9 seconds.
Cleaning up request 1 ID 59 with timestamp +36
Ready to process requests.

Thanks
Brent


Hi,

> +-----+----------+-----------+----+--------+-------+------------+
> | id  | username | attribute | op | value  | PID   | expires    |
> +-----+----------+-----------+----+--------+-------+------------+
> | 462 | 10295    | password  | == | 912547 | 10295 | 2011-03-21 |
                    ^^^^^^^^^    ^^^

                   thats wrong    so is that


the attribute should be 'Cleartext-Password'
the operator should be := 



wonder what Doc or guide you are following?

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list