Re: Apple devices can´t authenticate

Roberto Carna robertocarna36 at gmail.com
Wed Aug 14 16:55:02 CEST 2013


I tried with Android device and it use CHAP authentication as Apple devices.

OK, here is the complete log....thanks a lot!!!

rad_recv: Accounting-Request packet from host 127.0.0.1 port 3799,
id=74, length=172
        Acct-Status-Type = Interim-Update
        User-Name = "pagos"
        Calling-Station-Id = "00-0C-E7-12-71-BF"
        Called-Station-Id = "00-15-5D-01-32-04"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 6
        NAS-Port-Id = "00000006"
        NAS-IP-Address = 0.0.0.0
        NAS-Identifier = "nas01"
        Framed-IP-Address = 192.168.1.16
        Acct-Session-Id = "520b975800000006"
        Acct-Input-Octets = 33494
        Acct-Output-Octets = 42669
        Acct-Input-Gigawords = 0
        Acct-Output-Gigawords = 0
        Acct-Input-Packets = 181
        Acct-Output-Packets = 165
        Acct-Session-Time = 491
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 6,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
"520b975800000006",User-Name = "pagos"'
[acct_unique] Acct-Unique-Session-ID = "a14e1d0a24db831a".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "pagos", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
        expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/detail-20130814
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/detail-20130814
        expand: %t -> Wed Aug 14 11:51:11 2013
++[detail] returns ok
++[unix] returns noop
        expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
        expand: %{User-Name} -> pagos
++[radutmp] returns ok
        expand: /var/log/freeradius/sradutmp -> /var/log/freeradius/sradutmp
        expand: %{User-Name} -> pagos
++[sradutmp] returns ok
        expand: %{User-Name} -> pagos
[sql] sql_set_user escaped user --> 'pagos'
        expand: %{Acct-Input-Gigawords} -> 0
        expand: %{Acct-Input-Octets} -> 33494
        expand: %{Acct-Output-Gigawords} -> 0
        expand: %{Acct-Output-Octets} -> 42669
        expand:            UPDATE radacct           SET
framedipaddress = '%{Framed-IP-Address}',              acctsessiontime
    = '%{Acct-Session-Time}',              acctinputoctets     =
'%{%{Acct-Input-Gigawords}:-0}'  << 32 |
     '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
     '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid =
'%{Acct-Session-Id}'           AND username        =
'%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'
->            UPDATE radacct           SET
framedipaddress = '192.168.1.16',              acctsessiontime     =
'491',              acctinputoctets     = '0'  << 32 |
                   '33494',              acctoutputoctets    = '0' <<
32 |                                    '42669'           WHERE
acctsessionid = '520b975800000006'           AND username        =
'pagos'           AND nasipaddress    = '0.0.0.0'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
        expand: %{User-Name} -> pagos
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 74 to 127.0.0.1 port 3799
Finished request 0.
Cleaning up request 0 ID 74 with timestamp +47
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 47716, id=0, length=213
        User-Name = "pagos"
        CHAP-Challenge = 0x102ce36fe571e8dd135b7aacbbfaedba
        CHAP-Password = 0x0027261c4744170b60d7ceb2e02b12a62b
        NAS-IP-Address = 0.0.0.0
        Service-Type = Login-User
        Framed-IP-Address = 192.168.1.17
        Calling-Station-Id = "F0-CB-A1-A5-56-71"
        Called-Station-Id = "00-15-5D-01-32-04"
        NAS-Identifier = "nas01"
        Acct-Session-Id = "520b996100000002"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 2
        Message-Authenticator = 0x1fceb0d21eb5534aa4d358b82c239c28
        WISPr-Logoff-URL = "http://192.168.1.1:3990/logoff"
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "pagos", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
        expand: %{User-Name} -> pagos
[sql] sql_set_user escaped user --> 'pagos'
rlm_sql (sql): Reserving sql socket id: 3
        expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'pagos'           ORDER BY id
[sql] User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'pagos'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'pagos'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[max_all_mb] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
[expiration] Checking Expiration time: 'October 26 2021 24:00:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "pagos" with CHAP password
[chap] Using clear text password "pagos" for user pagos authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
        expand: %{User-Name} -> pagos
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 0 to 127.0.0.1 port 47716
Waking up in 4.9 seconds.
Cleaning up request 1 ID 0 with timestamp +66
Ready to process requests.

THANKS A LOT

2013/8/14 Alan DeKok <aland at deployingradius.com>:
> Roberto Carna wrote:
>> Dear, the debug is this:
>>
>> [chap] Login attempt by "pepe" with CHAP password
>> [chap] Using clear text password "1234" for user pepe authentication
>> [chap] Password check failed
>> ++[chap] Returns reject
>> Failed to authenticate the user
>>
>> THe password is 1234 and I try many times...
>
>   Are you sure that's from an Apple device?  They don't do CHAP for WiFi
> authentication.
>
>> Any idea ??? Because from other Windos and Android devices the
>> authentication works OK.
>
>   Post the FULL debug log.  Honestly.  That's why we ask for it.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list