[ previous ] [ next ] [ threads ]
 
 From:  Denis Mirassou <mirassou at cict dot fr>
 To:  David Orman <david dot orman at orblivion dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] troubles with radius/captive portal - please advise
 Date:  Thu, 21 Oct 2004 09:27:41 +0200
Ok, I was wrong :-(

How do you want to do a check on user MAC address ? Using "Deny unknown 
clients" in DHCP config ?

Denis

David Orman wrote:
> The secret was wrong in the client configuration table. I sorted it, and 
> it worked like a charm. Now I'm trying to figure out to get each user's 
> MAC address so I can prevent them from sharing accounts with buddies. :) 
> Any input would be much appreciated.
> 
> Cheers,
> David
> 
> On Oct 20, 2004, at 20:57, Denis Mirassou wrote:
> 
>> Hi,
>>
>> According logs, Radius is taking care of user name and password 
>> provided by this NAS, so I think the NAS is well configured in his 
>> Free Radius clients.conf file.
>>
>> It seems there is a pb of password encryption, I don't use MySQL with 
>> Radius.
>> Are MySQL tables of MyISAM type ?
>> Is Value attribute from radcheck table of Password type (ie encrypted ?)
>>
>> Denis
>>
>> Mitch (WebCob) wrote:
>>
>>> Is your mono in the allow list on the radius server? radius servers 
>>> don't
>>> accept auth's from all "NAS" - you have to have the NAS in the config 
>>> of the
>>> radius server, and you have to have set the same shared secret, which is
>>> used to encrypt the password...
>>> m/
>>>
>>>> -----Original Message-----
>>>> From: David Orman [mailto:david dot orman at orblivion dot com]
>>>> Sent: Wednesday, October 20, 2004 3:00 AM
>>>> To: m0n0wall at lists dot m0n0 dot ch
>>>> Subject: [m0n0wall] troubles with radius/captive portal - please advise
>>>>
>>>>
>>>> Hi all. :)
>>>>
>>>>     I've gotten my soekris in, and am trying to get captive
>>>> portal working
>>>> w/ radius (freeradius + mysql specifically).
>>>>
>>>> I made an entry for a "test" user with "test" password in the db, this
>>>> is what it looks like...
>>>>
>>>> mysql> select * from usergroup;
>>>> +----------+-----------+----------+
>>>> | UserName | GroupName | priority |
>>>> +----------+-----------+----------+
>>>> | test     | test      |        0 |
>>>> +----------+-----------+----------+
>>>> 1 row in set (0.00 sec)
>>>>
>>>> mysql> select * from radcheck;
>>>> +----+----------+-----------+----+-------+
>>>> | id | UserName | Attribute | op | Value |
>>>> +----+----------+-----------+----+-------+
>>>> |  1 | test     | Password  | == | test  |
>>>> +----+----------+-----------+----+-------+
>>>> 1 row in set (0.00 sec)
>>>>
>>>> mysql>
>>>>
>>>>
>>>> Now, in testing...
>>>>
>>>> pulsar# radtest test test localhost 1812 secret
>>>> Sending Access-Request of id 69 to 127.0.0.1:1812
>>>>         User-Name = "test"
>>>>         User-Password = "test"
>>>>         NAS-IP-Address = pulsar.orblivion.com
>>>>         NAS-Port = 1812
>>>> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=69,
>>>> length=20
>>>> pulsar#
>>>>
>>>> So it seems freeradius/mysql is working fine. The problem arises when I
>>>> try to use the captive portal/m0n0wall. :)
>>>>
>>>> My captive portal code is just the default code:
>>>>
>>>> <html>
>>>> <body>
>>>> <form method="post" action="">
>>>>     <input name="accept" type="submit" value="Continue">
>>>>     <input name="auth_user" type="text">
>>>>     <input name="auth_pass" type="password">
>>>> </form>
>>>> </body>
>>>> </html>
>>>>
>>>> This is what I see in the error logs when attempting test/test as
>>>> username/password:
>>>>
>>>> Tue Oct 19 23:52:52 2004 : Info: rlm_sql (sql): No matching entry in
>>>> the database for request from user [test]
>>>> Tue Oct 19 23:52:52 2004 : Auth: Login incorrect:
>>>> [test/\272}S\0045\244\351i\317h\332\366s\2231\346] (from client ap1
>>>> port 0)
>>>>
>>>> More detail:
>>>>
>>>> Tue Oct 19 23:52:52 2004
>>>>         Service-Type = Login-User
>>>>         User-Name = "test"
>>>>         User-Password = "\272}S\0045\244\351i\317h\332\366s\2231\346"
>>>>         NAS-Identifier = "ap1.orblivion.com"
>>>>         NAS-Port = 0
>>>>         NAS-Port-Type = Ethernet
>>>>         NAS-IP-Address = 67.52.79.22
>>>>         Client-IP-Address = 67.52.79.22
>>>>
>>>> It seems the user-password is being garbled into something strange/odd.
>>>> I've attempted shuffling the pap password encryption scheme to all the
>>>> available options in freeradius as I read in the mailing list m0n0wall
>>>> uses PAP, but it's made no difference. Any ideas on what the problem
>>>> is? I'm sure it's user error, i've never touched radius before. :)
>>>>
>>>> Cheeers,
>>>> David Orman
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>
>> -- 
>> Denis Mirassou

>> Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T)
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> 


-- 
Denis Mirassou

Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T)