[ previous ] [ next ] [ threads ]
 
 From:  David Orman <david dot orman at orblivion dot com>
 To:  mirassou at cict dot fr
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] troubles with radius/captive portal - please advise
 Date:  Wed, 20 Oct 2004 21:03:04 -1000 
The secret was wrong in the client configuration table. I sorted it, 
and it worked like a charm. Now I'm trying to figure out to get each 
user's MAC address so I can prevent them from sharing accounts with 
buddies. :) Any input would be much appreciated.

Cheers,
David

On Oct 20, 2004, at 20:57, Denis Mirassou wrote:

> Hi,
>
> According logs, Radius is taking care of user name and password 
> provided by this NAS, so I think the NAS is well configured in his 
> Free Radius clients.conf file.
>
> It seems there is a pb of password encryption, I don't use MySQL with 
> Radius.
> Are MySQL tables of MyISAM type ?
> Is Value attribute from radcheck table of Password type (ie encrypted 
> ?)
>
> Denis
>
> Mitch (WebCob) wrote:
>> Is your mono in the allow list on the radius server? radius servers 
>> don't
>> accept auth's from all "NAS" - you have to have the NAS in the config 
>> of the
>> radius server, and you have to have set the same shared secret, which 
>> is
>> used to encrypt the password...
>> m/
>>> -----Original Message-----
>>> From: David Orman [mailto:david dot orman at orblivion dot com]
>>> Sent: Wednesday, October 20, 2004 3:00 AM
>>> To: m0n0wall at lists dot m0n0 dot ch
>>> Subject: [m0n0wall] troubles with radius/captive portal - please 
>>> advise
>>>
>>>
>>> Hi all. :)
>>>
>>> 	I've gotten my soekris in, and am trying to get captive
>>> portal working
>>> w/ radius (freeradius + mysql specifically).
>>>
>>> I made an entry for a "test" user with "test" password in the db, 
>>> this
>>> is what it looks like...
>>>
>>> mysql> select * from usergroup;
>>> +----------+-----------+----------+
>>> | UserName | GroupName | priority |
>>> +----------+-----------+----------+
>>> | test     | test      |        0 |
>>> +----------+-----------+----------+
>>> 1 row in set (0.00 sec)
>>>
>>> mysql> select * from radcheck;
>>> +----+----------+-----------+----+-------+
>>> | id | UserName | Attribute | op | Value |
>>> +----+----------+-----------+----+-------+
>>> |  1 | test     | Password  | == | test  |
>>> +----+----------+-----------+----+-------+
>>> 1 row in set (0.00 sec)
>>>
>>> mysql>
>>>
>>>
>>> Now, in testing...
>>>
>>> pulsar# radtest test test localhost 1812 secret
>>> Sending Access-Request of id 69 to 127.0.0.1:1812
>>>         User-Name = "test"
>>>         User-Password = "test"
>>>         NAS-IP-Address = pulsar.orblivion.com
>>>         NAS-Port = 1812
>>> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=69,
>>> length=20
>>> pulsar#
>>>
>>> So it seems freeradius/mysql is working fine. The problem arises 
>>> when I
>>> try to use the captive portal/m0n0wall. :)
>>>
>>> My captive portal code is just the default code:
>>>
>>> <html>
>>> <body>
>>> <form method="post" action="">
>>>     <input name="accept" type="submit" value="Continue">
>>>     <input name="auth_user" type="text">
>>>     <input name="auth_pass" type="password">
>>> </form>
>>> </body>
>>> </html>
>>>
>>> This is what I see in the error logs when attempting test/test as
>>> username/password:
>>>
>>> Tue Oct 19 23:52:52 2004 : Info: rlm_sql (sql): No matching entry in
>>> the database for request from user [test]
>>> Tue Oct 19 23:52:52 2004 : Auth: Login incorrect:
>>> [test/\272}S\0045\244\351i\317h\332\366s\2231\346] (from client ap1
>>> port 0)
>>>
>>> More detail:
>>>
>>> Tue Oct 19 23:52:52 2004
>>>         Service-Type = Login-User
>>>         User-Name = "test"
>>>         User-Password = "\272}S\0045\244\351i\317h\332\366s\2231\346"
>>>         NAS-Identifier = "ap1.orblivion.com"
>>>         NAS-Port = 0
>>>         NAS-Port-Type = Ethernet
>>>         NAS-IP-Address = 67.52.79.22
>>>         Client-IP-Address = 67.52.79.22
>>>
>>> It seems the user-password is being garbled into something 
>>> strange/odd.
>>> I've attempted shuffling the pap password encryption scheme to all 
>>> the
>>> available options in freeradius as I read in the mailing list 
>>> m0n0wall
>>> uses PAP, but it's made no difference. Any ideas on what the problem
>>> is? I'm sure it's user error, i've never touched radius before. :)
>>>
>>> Cheeers,
>>> David Orman
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> -- 
> Denis Mirassou
> Service Réseaux
> Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>