[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "David Orman" <david dot orman at orblivion dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] troubles with radius/captive portal - please advise
 Date:  Wed, 20 Oct 2004 10:25:18 -0700
Is your mono in the allow list on the radius server? radius servers don't
accept auth's from all "NAS" - you have to have the NAS in the config of the
radius server, and you have to have set the same shared secret, which is
used to encrypt the password...

m/

> -----Original Message-----
> From: David Orman [mailto:david dot orman at orblivion dot com]
> Sent: Wednesday, October 20, 2004 3:00 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] troubles with radius/captive portal - please advise
>
>
> Hi all. :)
>
> 	I've gotten my soekris in, and am trying to get captive
> portal working
> w/ radius (freeradius + mysql specifically).
>
> I made an entry for a "test" user with "test" password in the db, this
> is what it looks like...
>
> mysql> select * from usergroup;
> +----------+-----------+----------+
> | UserName | GroupName | priority |
> +----------+-----------+----------+
> | test     | test      |        0 |
> +----------+-----------+----------+
> 1 row in set (0.00 sec)
>
> mysql> select * from radcheck;
> +----+----------+-----------+----+-------+
> | id | UserName | Attribute | op | Value |
> +----+----------+-----------+----+-------+
> |  1 | test     | Password  | == | test  |
> +----+----------+-----------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql>
>
>
> Now, in testing...
>
> pulsar# radtest test test localhost 1812 secret
> Sending Access-Request of id 69 to 127.0.0.1:1812
>          User-Name = "test"
>          User-Password = "test"
>          NAS-IP-Address = pulsar.orblivion.com
>          NAS-Port = 1812
> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=69,
> length=20
> pulsar#
>
> So it seems freeradius/mysql is working fine. The problem arises when I
> try to use the captive portal/m0n0wall. :)
>
> My captive portal code is just the default code:
>
> <html>
> <body>
> <form method="post" action="">



> </form>
> </body>
> </html>
>
> This is what I see in the error logs when attempting test/test as
> username/password:
>
> Tue Oct 19 23:52:52 2004 : Info: rlm_sql (sql): No matching entry in
> the database for request from user [test]
> Tue Oct 19 23:52:52 2004 : Auth: Login incorrect:
> [test/\272}S\0045\244\351i\317h\332\366s\2231\346] (from client ap1
> port 0)
>
> More detail:
>
> Tue Oct 19 23:52:52 2004
>          Service-Type = Login-User
>          User-Name = "test"
>          User-Password = "\272}S\0045\244\351i\317h\332\366s\2231\346"
>          NAS-Identifier = "ap1.orblivion.com"
>          NAS-Port = 0
>          NAS-Port-Type = Ethernet
>          NAS-IP-Address = 67.52.79.22
>          Client-IP-Address = 67.52.79.22
>
> It seems the user-password is being garbled into something strange/odd.
> I've attempted shuffling the pap password encryption scheme to all the
> available options in freeradius as I read in the mailing list m0n0wall
> uses PAP, but it's made no difference. Any ideas on what the problem
> is? I'm sure it's user error, i've never touched radius before. :)
>
> Cheeers,
> David Orman
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>