Dear all. I am trying to use Chillispot for captive portal with freeradius v 1.188.2.4.2.16 as the radius server. I am new to both Chillispot and freeradius. Since most users of our organization have mail account in our postfix mail server, I tried to use postfix user password that stored in mysql for authentication. Therefore there will be two types of user, i.e users with postfix user password (encrypted password) and users with cleartext password as normally created using voucher generator.
I inserted a user in radcheck with cleartext password, and a user from postfix mysql mailbox table. So my radcheck is : +-----+----------+---------------+----+------------------------------------+ | id | username | attribute | op | value | +-----+----------+---------------+----+------------------------------------+ | 223 | testman | User-Password | := | 123456 | | 225 | testman1 | User-Password | := | $1$bbf49e0f$MAcN54vB4L0wcKuYOCnQv/ | +-----+----------+---------------+----+------------------------------------+ The usergroup table : +----------+-----------+----------+ | username | groupname | priority | +----------+-----------+----------+ | testman | voucher | 1 | | testman1 | postfix | 1 | +----------+-----------+----------+ Test for user with cleartext password was successful. $ sudo radtest testman 123456 localhost 22 easyhotspot Sending Access-Request of id 142 to 127.0.0.1 port 1812 User-Name = "testman" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 22 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=142, length=20 Test for user with postfix user password was unsuccessful $ sudo radtest testman1 123456 localhost 22 easyhotspot Sending Access-Request of id 161 to 127.0.0.1 port 1812 User-Name = "testman1" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 22 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=161, length=20 from debugging : rad_recv: Access-Request packet from host 127.0.0.1:32817, id=161, length=60 User-Name = "testman1" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 22 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 modcall[authorize]: module "preprocess" returns ok for request 11 radius_xlat: 'testman1' rlm_sql (sql): sql_set_user escaped user --> 'testman1' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'testman1' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testman1' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'testman1' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'testman1' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok for request 11 modcall: leaving group authorize (returns ok) for request 11 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 11 for 1 seconds Finished request 11 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 161 to 127.0.0.1 port 32817 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 11 ID 161 with timestamp 48ced6ba Then I put Auth-Type:=PAP in radgroupcheck table +----+-----------+-----------+----+-------+ | id | groupname | attribute | op | value | +----+-----------+-----------+----+-------+ | 21 | postfix | Auth-Type | == | PAP | +----+-----------+-----------+----+-------+ However user with postfix user password still fail to authenticate $ sudo radtest testman1 123456 localhost 22 easyhotspot Sending Access-Request of id 157 to 127.0.0.1 port 1812 User-Name = "testman1" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 22 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=157, length=20 from debugging : rad_recv: Access-Request packet from host 127.0.0.1:32816, id=157, length=60 User-Name = "testman1" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 22 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 radius_xlat: 'testman1' rlm_sql (sql): sql_set_user escaped user --> 'testman1' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'testman1' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testman1' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'testman1' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'testman1' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 10 modcall: leaving group authorize (returns ok) for request 10 rad_check_password: Found Auth-Type PAP auth: type "PAP" Processing the authenticate section of radiusd.conf modcall: entering group PAP for request 10 rlm_pap: login attempt with password 123456 rlm_pap: Using clear text password "$1$bbf49e0f$MAcN54vB4L0wcKuYOCnQv/". rlm_pap: Passwords don't match modcall[authenticate]: module "pap" returns reject for request 10 modcall: leaving group PAP (returns reject) for request 10 auth: Failed to validate the user. Delaying request 10 for 1 seconds Finished request 10 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 157 to 127.0.0.1 port 32816 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 10 ID 157 with timestamp 48ced617 Nothing to do. Sleeping until we see a request. Radiusd.conf was unchanged. Is there any method to use user password of postfix mysql mailbox data to authenticate freeradius user? Thanks in advance, and sorry for my bad English. Best regards TM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html