|
||||||||
Hi, According logs, Radius is taking care of user name and password provided by this NAS, so I think the NAS is well configured in his Free Radius clients.conf file. It seems there is a pb of password encryption, I don't use MySQL with Radius. Are MySQL tables of MyISAM type ? Is Value attribute from radcheck table of Password type (ie encrypted ?) Denis Mitch (WebCob) wrote: > Is your mono in the allow list on the radius server? radius servers don't > accept auth's from all "NAS" - you have to have the NAS in the config of the > radius server, and you have to have set the same shared secret, which is > used to encrypt the password... > > m/ > > >>-----Original Message----- >>From: David Orman [mailto:david dot orman at orblivion dot com] >>Sent: Wednesday, October 20, 2004 3:00 AM >>To: m0n0wall at lists dot m0n0 dot ch >>Subject: [m0n0wall] troubles with radius/captive portal - please advise >> >> >>Hi all. :) >> >> I've gotten my soekris in, and am trying to get captive >>portal working >>w/ radius (freeradius + mysql specifically). >> >>I made an entry for a "test" user with "test" password in the db, this >>is what it looks like... >> >>mysql> select * from usergroup; >>+----------+-----------+----------+ >>| UserName | GroupName | priority | >>+----------+-----------+----------+ >>| test | test | 0 | >>+----------+-----------+----------+ >>1 row in set (0.00 sec) >> >>mysql> select * from radcheck; >>+----+----------+-----------+----+-------+ >>| id | UserName | Attribute | op | Value | >>+----+----------+-----------+----+-------+ >>| 1 | test | Password | == | test | >>+----+----------+-----------+----+-------+ >>1 row in set (0.00 sec) >> >>mysql> >> >> >>Now, in testing... >> >>pulsar# radtest test test localhost 1812 secret >>Sending Access-Request of id 69 to 127.0.0.1:1812 >> User-Name = "test" >> User-Password = "test" >> NAS-IP-Address = pulsar.orblivion.com >> NAS-Port = 1812 >>rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=69, >>length=20 >>pulsar# >> >>So it seems freeradius/mysql is working fine. The problem arises when I >>try to use the captive portal/m0n0wall. :) >> >>My captive portal code is just the default code: >> >><html> >><body> >><form method="post" action=""> >> <input name="accept" type="submit" value="Continue"> >> <input name="auth_user" type="text"> >> <input name="auth_pass" type="password"> >></form> >></body> >></html> >> >>This is what I see in the error logs when attempting test/test as >>username/password: >> >>Tue Oct 19 23:52:52 2004 : Info: rlm_sql (sql): No matching entry in >>the database for request from user [test] >>Tue Oct 19 23:52:52 2004 : Auth: Login incorrect: >>[test/\272}S\0045\244\351i\317h\332\366s\2231\346] (from client ap1 >>port 0) >> >>More detail: >> >>Tue Oct 19 23:52:52 2004 >> Service-Type = Login-User >> User-Name = "test" >> User-Password = "\272}S\0045\244\351i\317h\332\366s\2231\346" >> NAS-Identifier = "ap1.orblivion.com" >> NAS-Port = 0 >> NAS-Port-Type = Ethernet >> NAS-IP-Address = 67.52.79.22 >> Client-IP-Address = 67.52.79.22 >> >>It seems the user-password is being garbled into something strange/odd. >>I've attempted shuffling the pap password encryption scheme to all the >>available options in freeradius as I read in the mailing list m0n0wall >>uses PAP, but it's made no difference. Any ideas on what the problem >>is? I'm sure it's user error, i've never touched radius before. :) >> >>Cheeers, >>David Orman >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > -- Denis Mirassou Service Réseaux Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T) |