Authentication issues from Apple devices
stentofon
richard.adams at stentofon.com.au
Sat May 14 05:42:03 CEST 2011
Hello. I have configured a Wireless Hotspot using the EasyHotSpot system,
that uses FreeRadius for authentication.
I am having problems only when Apple devices (iphone, ipad, macbooks)
attempt to connect to the hotspot.
This is confusing, as all other devices and software (Winxp, Vista, 7,
Symbian, Blackberry, Android etc) authenticate perfectly.
As a test case, and while running debugging, I attempted to connect with my
Blackberry and an Iphone using the same username and password. I have
attached the results. As you will see, using the same username and
password, the blackberry authenticates while the iphone fails. I cannot see
any reason for this in the log. Can anyone please assist?
Failed log:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 60277, id=0,
length=216
User-Name = "sandra"
CHAP-Challenge = 0x0571777ec7661c411af641e8952291b9
CHAP-Password = 0x00120c16a8ff125a7a348459a0f40a86a9
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.182.10
Calling-Station-Id = "DC-2B-61-9C-92-E6"
Called-Station-Id = "00-0D-56-9C-AC-F6"
NAS-Identifier = "nas01"
Acct-Session-Id = "4dcde5a500000000"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Message-Authenticator = 0x35f8e8bc299636c4cd468b533de65f78
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "sandra", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> sandra
[sql] sql_set_user escaped user --> 'sandra'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radcheck WHERE
username = 'sandra' ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radreply WHERE
username = 'sandra' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'sandra'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[max_all_mb] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
[expiration] Checking Expiration time: 'September 11 2011 24:00:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "sandra" with CHAP password
[chap] Using clear text password "sandra" for user sandra authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} -> sandra
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 127.0.0.1 port 60277
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +36
Ready to process requests.
Sucessful Log:
rad_recv: Access-Request packet from host 127.0.0.1 port 44107, id=0,
length=216
User-Name = "sandra"
CHAP-Challenge = 0x97824e8524637118ae2cf716a0362b97
CHAP-Password = 0x00f729a50979c25ef7d9d9e5e4cc1b2907
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.182.8
Calling-Station-Id = "CC-55-AD-93-77-E6"
Called-Station-Id = "00-0D-56-9C-AC-F6"
NAS-Identifier = "nas01"
Acct-Session-Id = "4dcde8c300000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Message-Authenticator = 0xf30387317dabf479ce7642e776e0295e
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "sandra", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> sandra
[sql] sql_set_user escaped user --> 'sandra'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radcheck WHERE
username = 'sandra' ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radreply WHERE
username = 'sandra' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'sandra'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[max_all_mb] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
[expiration] Checking Expiration time: 'September 11 2011 24:00:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "sandra" with CHAP password
[chap] Using clear text password "sandra" for user sandra authentication.
[chap] chap user sandra authenticated succesfully
++[chap] returns ok
+- entering group session {...}
expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
expand: %{User-Name} -> sandra
++[radutmp] returns ok
+- entering group post-auth {...}
expand: %{User-Name} -> sandra
[sql] sql_set_user escaped user --> 'sandra'
expand: %{User-Password} ->
expand: %{Chap-Password} -> 0x00f729a50979c25ef7d9d9e5e4cc1b2907
expand: INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'sandra', '0x00f729a50979c25ef7d9d9e5e4cc1b2907',
'Access-Accept', '2011-05-14 12:28:43')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'sandra', '0x00f729a50979c25ef7d9d9e5e4cc1b2907',
'Access-Accept', '2011-05-14 12:28:43')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 0 to 127.0.0.1 port 44107
WISPr-Bandwidth-Max-Down := 256000
Idle-Timeout := 600
WISPr-Session-Terminate-Time := "2011-9-11T24:00:00"
Acct-Interim-Interval := 120
Session-Timeout = 10409477
Finished request 1.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Authentication-issues-from-Apple-devices-tp4394941p4394941.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list