|
||||||||||
Ok, I was wrong :-( How do you want to do a check on user MAC address ? Using "Deny unknown clients" in DHCP config ? Denis David Orman wrote: > The secret was wrong in the client configuration table. I sorted it, and > it worked like a charm. Now I'm trying to figure out to get each user's > MAC address so I can prevent them from sharing accounts with buddies. :) > Any input would be much appreciated. > > Cheers, > David > > On Oct 20, 2004, at 20:57, Denis Mirassou wrote: > >> Hi, >> >> According logs, Radius is taking care of user name and password >> provided by this NAS, so I think the NAS is well configured in his >> Free Radius clients.conf file. >> >> It seems there is a pb of password encryption, I don't use MySQL with >> Radius. >> Are MySQL tables of MyISAM type ? >> Is Value attribute from radcheck table of Password type (ie encrypted ?) >> >> Denis >> >> Mitch (WebCob) wrote: >> >>> Is your mono in the allow list on the radius server? radius servers >>> don't >>> accept auth's from all "NAS" - you have to have the NAS in the config >>> of the >>> radius server, and you have to have set the same shared secret, which is >>> used to encrypt the password... >>> m/ >>> >>>> -----Original Message----- >>>> From: David Orman [mailto:david dot orman at orblivion dot com] >>>> Sent: Wednesday, October 20, 2004 3:00 AM >>>> To: m0n0wall at lists dot m0n0 dot ch >>>> Subject: [m0n0wall] troubles with radius/captive portal - please advise >>>> >>>> >>>> Hi all. :) >>>> >>>> I've gotten my soekris in, and am trying to get captive >>>> portal working >>>> w/ radius (freeradius + mysql specifically). >>>> >>>> I made an entry for a "test" user with "test" password in the db, this >>>> is what it looks like... >>>> >>>> mysql> select * from usergroup; >>>> +----------+-----------+----------+ >>>> | UserName | GroupName | priority | >>>> +----------+-----------+----------+ >>>> | test | test | 0 | >>>> +----------+-----------+----------+ >>>> 1 row in set (0.00 sec) >>>> >>>> mysql> select * from radcheck; >>>> +----+----------+-----------+----+-------+ >>>> | id | UserName | Attribute | op | Value | >>>> +----+----------+-----------+----+-------+ >>>> | 1 | test | Password | == | test | >>>> +----+----------+-----------+----+-------+ >>>> 1 row in set (0.00 sec) >>>> >>>> mysql> >>>> >>>> >>>> Now, in testing... >>>> >>>> pulsar# radtest test test localhost 1812 secret >>>> Sending Access-Request of id 69 to 127.0.0.1:1812 >>>> User-Name = "test" >>>> User-Password = "test" >>>> NAS-IP-Address = pulsar.orblivion.com >>>> NAS-Port = 1812 >>>> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=69, >>>> length=20 >>>> pulsar# >>>> >>>> So it seems freeradius/mysql is working fine. The problem arises when I >>>> try to use the captive portal/m0n0wall. :) >>>> >>>> My captive portal code is just the default code: >>>> >>>> <html> >>>> <body> >>>> <form method="post" action=""> >>>> <input name="accept" type="submit" value="Continue"> >>>> <input name="auth_user" type="text"> >>>> <input name="auth_pass" type="password"> >>>> </form> >>>> </body> >>>> </html> >>>> >>>> This is what I see in the error logs when attempting test/test as >>>> username/password: >>>> >>>> Tue Oct 19 23:52:52 2004 : Info: rlm_sql (sql): No matching entry in >>>> the database for request from user [test] >>>> Tue Oct 19 23:52:52 2004 : Auth: Login incorrect: >>>> [test/\272}S\0045\244\351i\317h\332\366s\2231\346] (from client ap1 >>>> port 0) >>>> >>>> More detail: >>>> >>>> Tue Oct 19 23:52:52 2004 >>>> Service-Type = Login-User >>>> User-Name = "test" >>>> User-Password = "\272}S\0045\244\351i\317h\332\366s\2231\346" >>>> NAS-Identifier = "ap1.orblivion.com" >>>> NAS-Port = 0 >>>> NAS-Port-Type = Ethernet >>>> NAS-IP-Address = 67.52.79.22 >>>> Client-IP-Address = 67.52.79.22 >>>> >>>> It seems the user-password is being garbled into something strange/odd. >>>> I've attempted shuffling the pap password encryption scheme to all the >>>> available options in freeradius as I read in the mailing list m0n0wall >>>> uses PAP, but it's made no difference. Any ideas on what the problem >>>> is? I'm sure it's user error, i've never touched radius before. :) >>>> >>>> Cheeers, >>>> David Orman >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> >> >> -- >> Denis Mirassou >> Service Réseaux >> Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T) >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > -- Denis Mirassou Service Réseaux Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T) |