Re: Apple devices can´t authenticate
Roberto Carna
robertocarna36 at gmail.com
Wed Aug 14 16:55:02 CEST 2013
I tried with Android device and it use CHAP authentication as Apple devices.
OK, here is the complete log....thanks a lot!!!
rad_recv: Accounting-Request packet from host 127.0.0.1 port 3799,
id=74, length=172
Acct-Status-Type = Interim-Update
User-Name = "pagos"
Calling-Station-Id = "00-0C-E7-12-71-BF"
Called-Station-Id = "00-15-5D-01-32-04"
NAS-Port-Type = Wireless-802.11
NAS-Port = 6
NAS-Port-Id = "00000006"
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "nas01"
Framed-IP-Address = 192.168.1.16
Acct-Session-Id = "520b975800000006"
Acct-Input-Octets = 33494
Acct-Output-Octets = 42669
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Input-Packets = 181
Acct-Output-Packets = 165
Acct-Session-Time = 491
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 6,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
"520b975800000006",User-Name = "pagos"'
[acct_unique] Acct-Unique-Session-ID = "a14e1d0a24db831a".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "pagos", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/detail-20130814
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/detail-20130814
expand: %t -> Wed Aug 14 11:51:11 2013
++[detail] returns ok
++[unix] returns noop
expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
expand: %{User-Name} -> pagos
++[radutmp] returns ok
expand: /var/log/freeradius/sradutmp -> /var/log/freeradius/sradutmp
expand: %{User-Name} -> pagos
++[sradutmp] returns ok
expand: %{User-Name} -> pagos
[sql] sql_set_user escaped user --> 'pagos'
expand: %{Acct-Input-Gigawords} -> 0
expand: %{Acct-Input-Octets} -> 33494
expand: %{Acct-Output-Gigawords} -> 0
expand: %{Acct-Output-Octets} -> 42669
expand: UPDATE radacct SET
framedipaddress = '%{Framed-IP-Address}', acctsessiontime
= '%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'
-> UPDATE radacct SET
framedipaddress = '192.168.1.16', acctsessiontime =
'491', acctinputoctets = '0' << 32 |
'33494', acctoutputoctets = '0' <<
32 | '42669' WHERE
acctsessionid = '520b975800000006' AND username =
'pagos' AND nasipaddress = '0.0.0.0'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
expand: %{User-Name} -> pagos
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 74 to 127.0.0.1 port 3799
Finished request 0.
Cleaning up request 0 ID 74 with timestamp +47
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 47716, id=0, length=213
User-Name = "pagos"
CHAP-Challenge = 0x102ce36fe571e8dd135b7aacbbfaedba
CHAP-Password = 0x0027261c4744170b60d7ceb2e02b12a62b
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.1.17
Calling-Station-Id = "F0-CB-A1-A5-56-71"
Called-Station-Id = "00-15-5D-01-32-04"
NAS-Identifier = "nas01"
Acct-Session-Id = "520b996100000002"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Message-Authenticator = 0x1fceb0d21eb5534aa4d358b82c239c28
WISPr-Logoff-URL = "http://192.168.1.1:3990/logoff"
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "pagos", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> pagos
[sql] sql_set_user escaped user --> 'pagos'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'pagos' ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'pagos' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'pagos' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[max_all_mb] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
[expiration] Checking Expiration time: 'October 26 2021 24:00:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "pagos" with CHAP password
[chap] Using clear text password "pagos" for user pagos authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} -> pagos
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 0 to 127.0.0.1 port 47716
Waking up in 4.9 seconds.
Cleaning up request 1 ID 0 with timestamp +66
Ready to process requests.
THANKS A LOT
2013/8/14 Alan DeKok <aland at deployingradius.com>:
> Roberto Carna wrote:
>> Dear, the debug is this:
>>
>> [chap] Login attempt by "pepe" with CHAP password
>> [chap] Using clear text password "1234" for user pepe authentication
>> [chap] Password check failed
>> ++[chap] Returns reject
>> Failed to authenticate the user
>>
>> THe password is 1234 and I try many times...
>
> Are you sure that's from an Apple device? They don't do CHAP for WiFi
> authentication.
>
>> Any idea ??? Because from other Windos and Android devices the
>> authentication works OK.
>
> Post the FULL debug log. Honestly. That's why we ask for it.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list