[ previous ] [ next ] [ threads ]
 
 From:  Denis Mirassou <mirassou at cict dot fr>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] troubles with radius/captive portal - please advise
 Date:  Thu, 21 Oct 2004 08:57:38 +0200
Hi,

According logs, Radius is taking care of user name and password provided 
by this NAS, so I think the NAS is well configured in his Free Radius 
clients.conf file.

It seems there is a pb of password encryption, I don't use MySQL with 
Radius.
Are MySQL tables of MyISAM type ?
Is Value attribute from radcheck table of Password type (ie encrypted ?)

Denis

Mitch (WebCob) wrote:
> Is your mono in the allow list on the radius server? radius servers don't
> accept auth's from all "NAS" - you have to have the NAS in the config of the
> radius server, and you have to have set the same shared secret, which is
> used to encrypt the password...
> 
> m/
> 
> 
>>-----Original Message-----
>>From: David Orman [mailto:david dot orman at orblivion dot com]
>>Sent: Wednesday, October 20, 2004 3:00 AM
>>To: m0n0wall at lists dot m0n0 dot ch
>>Subject: [m0n0wall] troubles with radius/captive portal - please advise
>>
>>
>>Hi all. :)
>>
>>	I've gotten my soekris in, and am trying to get captive
>>portal working
>>w/ radius (freeradius + mysql specifically).
>>
>>I made an entry for a "test" user with "test" password in the db, this
>>is what it looks like...
>>
>>mysql> select * from usergroup;
>>+----------+-----------+----------+
>>| UserName | GroupName | priority |
>>+----------+-----------+----------+
>>| test     | test      |        0 |
>>+----------+-----------+----------+
>>1 row in set (0.00 sec)
>>
>>mysql> select * from radcheck;
>>+----+----------+-----------+----+-------+
>>| id | UserName | Attribute | op | Value |
>>+----+----------+-----------+----+-------+
>>|  1 | test     | Password  | == | test  |
>>+----+----------+-----------+----+-------+
>>1 row in set (0.00 sec)
>>
>>mysql>
>>
>>
>>Now, in testing...
>>
>>pulsar# radtest test test localhost 1812 secret
>>Sending Access-Request of id 69 to 127.0.0.1:1812
>>         User-Name = "test"
>>         User-Password = "test"
>>         NAS-IP-Address = pulsar.orblivion.com
>>         NAS-Port = 1812
>>rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=69,
>>length=20
>>pulsar#
>>
>>So it seems freeradius/mysql is working fine. The problem arises when I
>>try to use the captive portal/m0n0wall. :)
>>
>>My captive portal code is just the default code:
>>
>><html>
>><body>
>><form method="post" action="">
>>     <input name="accept" type="submit" value="Continue">
>>     <input name="auth_user" type="text">
>>     <input name="auth_pass" type="password">
>></form>
>></body>
>></html>
>>
>>This is what I see in the error logs when attempting test/test as
>>username/password:
>>
>>Tue Oct 19 23:52:52 2004 : Info: rlm_sql (sql): No matching entry in
>>the database for request from user [test]
>>Tue Oct 19 23:52:52 2004 : Auth: Login incorrect:
>>[test/\272}S\0045\244\351i\317h\332\366s\2231\346] (from client ap1
>>port 0)
>>
>>More detail:
>>
>>Tue Oct 19 23:52:52 2004
>>         Service-Type = Login-User
>>         User-Name = "test"
>>         User-Password = "\272}S\0045\244\351i\317h\332\366s\2231\346"
>>         NAS-Identifier = "ap1.orblivion.com"
>>         NAS-Port = 0
>>         NAS-Port-Type = Ethernet
>>         NAS-IP-Address = 67.52.79.22
>>         Client-IP-Address = 67.52.79.22
>>
>>It seems the user-password is being garbled into something strange/odd.
>>I've attempted shuffling the pap password encryption scheme to all the
>>available options in freeradius as I read in the mailing list m0n0wall
>>uses PAP, but it's made no difference. Any ideas on what the problem
>>is? I'm sure it's user error, i've never touched radius before. :)
>>
>>Cheeers,
>>David Orman
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 


-- 
Denis Mirassou

Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T)