Authentication issues from Apple devices

stentofon richard.adams at stentofon.com.au
Sat May 14 05:42:03 CEST 2011


Hello.  I have configured a Wireless Hotspot using the EasyHotSpot system,
that uses FreeRadius for authentication.  

I am having problems only when Apple devices (iphone, ipad, macbooks)
attempt to connect to the hotspot.

This is confusing, as all other devices and software (Winxp, Vista, 7,
Symbian, Blackberry, Android etc) authenticate perfectly.

As a test case, and while running debugging, I attempted to connect with my
Blackberry and an Iphone using the same username and password.  I have
attached the results.  As you will see, using the same username and
password, the blackberry authenticates while the iphone fails.  I cannot see
any reason for this in the log.  Can anyone please assist?

Failed log:

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 60277, id=0,
length=216
	User-Name = "sandra"
	CHAP-Challenge = 0x0571777ec7661c411af641e8952291b9
	CHAP-Password = 0x00120c16a8ff125a7a348459a0f40a86a9
	NAS-IP-Address = 0.0.0.0
	Service-Type = Login-User
	Framed-IP-Address = 192.168.182.10
	Calling-Station-Id = "DC-2B-61-9C-92-E6"
	Called-Station-Id = "00-0D-56-9C-AC-F6"
	NAS-Identifier = "nas01"
	Acct-Session-Id = "4dcde5a500000000"
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 0
	Message-Authenticator = 0x35f8e8bc299636c4cd468b533de65f78
	WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "sandra", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
	expand: %{User-Name} -> sandra
[sql] sql_set_user escaped user --> 'sandra'
rlm_sql (sql): Reserving sql socket id: 4
	expand: SELECT id, username, attribute, value, op           FROM radcheck          
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id,
username, attribute, value, op           FROM radcheck           WHERE
username = 'sandra'           ORDER BY id
[sql] User found in radcheck table
	expand: SELECT id, username, attribute, value, op           FROM radreply          
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id,
username, attribute, value, op           FROM radreply           WHERE
username = 'sandra'           ORDER BY id
	expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'sandra'          
ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[max_all_mb] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
[expiration] Checking Expiration time: 'September 11 2011 24:00:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "sandra" with CHAP password
[chap] Using clear text password "sandra" for user sandra authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
	expand: %{User-Name} -> sandra
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 127.0.0.1 port 60277
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +36
Ready to process requests.

Sucessful Log:

rad_recv: Access-Request packet from host 127.0.0.1 port 44107, id=0,
length=216
	User-Name = "sandra"
	CHAP-Challenge = 0x97824e8524637118ae2cf716a0362b97
	CHAP-Password = 0x00f729a50979c25ef7d9d9e5e4cc1b2907
	NAS-IP-Address = 0.0.0.0
	Service-Type = Login-User
	Framed-IP-Address = 192.168.182.8
	Calling-Station-Id = "CC-55-AD-93-77-E6"
	Called-Station-Id = "00-0D-56-9C-AC-F6"
	NAS-Identifier = "nas01"
	Acct-Session-Id = "4dcde8c300000001"
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Message-Authenticator = 0xf30387317dabf479ce7642e776e0295e
	WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "sandra", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
	expand: %{User-Name} -> sandra
[sql] sql_set_user escaped user --> 'sandra'
rlm_sql (sql): Reserving sql socket id: 3
	expand: SELECT id, username, attribute, value, op           FROM radcheck          
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id,
username, attribute, value, op           FROM radcheck           WHERE
username = 'sandra'           ORDER BY id
[sql] User found in radcheck table
	expand: SELECT id, username, attribute, value, op           FROM radreply          
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id,
username, attribute, value, op           FROM radreply           WHERE
username = 'sandra'           ORDER BY id
	expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'sandra'          
ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[max_all_mb] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
[expiration] Checking Expiration time: 'September 11 2011 24:00:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "sandra" with CHAP password
[chap] Using clear text password "sandra" for user sandra authentication.
[chap] chap user sandra authenticated succesfully
++[chap] returns ok
+- entering group session {...}
	expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
	expand: %{User-Name} -> sandra
++[radutmp] returns ok
+- entering group post-auth {...}
	expand: %{User-Name} -> sandra
[sql] sql_set_user escaped user --> 'sandra'
	expand: %{User-Password} -> 
	expand: %{Chap-Password} -> 0x00f729a50979c25ef7d9d9e5e4cc1b2907
	expand: INSERT INTO radpostauth                           (username, pass,
reply, authdate)                           VALUES (                          
'%{User-Name}',                          
'%{%{User-Password}:-%{Chap-Password}}',                          
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                          
(username, pass, reply, authdate)                           VALUES (                          
'sandra',                           '0x00f729a50979c25ef7d9d9e5e4cc1b2907',                          
'Access-Accept', '2011-05-14 12:28:43')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                          
(username, pass, reply, authdate)                           VALUES (                          
'sandra',                           '0x00f729a50979c25ef7d9d9e5e4cc1b2907',                          
'Access-Accept', '2011-05-14 12:28:43')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 0 to 127.0.0.1 port 44107
	WISPr-Bandwidth-Max-Down := 256000
	Idle-Timeout := 600
	WISPr-Session-Terminate-Time := "2011-9-11T24:00:00"
	Acct-Interim-Interval := 120
	Session-Timeout = 10409477
Finished request 1.



--
View this message in context: http://freeradius.1045715.n5.nabble.com/Authentication-issues-from-Apple-devices-tp4394941p4394941.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list