Hello, I am using chilli-coova as hotspot and making its authentication via freeradius. I dont know if you have any experience with this software but, It has 2 kind of login pages. One is a cgi page with clean password, other is a java script making chap authentication.
here is the problem. On freeradius i am using rlm_perl authentication for my users. When i use cgi page or radtest tool and send clean password, everything works flawless... But if i decide to use chap somthing strange happens.. If i type correct user/pass freeradus denies it.. But it i type the password wrong, freeradius accepts it.. Heres the debug for freeradius.. 7798-1 is with the right user/pass comination 7798 is the wrong user/pass combination rad_recv: Access-Request packet from host 139.179.14.250 port 33545, id=30, length=285 Vendor-14559-Attr-8 = 0x312e302e3131 User-Name = "7798-1" CHAP-Challenge = 0x091c2ecc9622c2b8072a20db2a85840e CHAP-Password = 0x001143a4c3f8a192f89b9ff9e7f6f85fe0 NAS-IP-Address = 192.168.182.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "00-14-22-A1-BB-AB" Called-Station-Id = "00-0E-0C-6E-6E-7C" NAS-Identifier = "nas01" Acct-Session-Id = "491944cd00000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova," WISPr-Location-Name = "My_HotSpot" WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Message-Authenticator = 0xcf009790c3d4d941242929020db19b43 server lojnet { +- entering group authorize ++[preprocess] returns ok users: Matched entry DEFAULT at line 72 ++[files] returns ok ++[control] returns ok perl_pool: item 0xbe7fd00 asigned new request. Handled so far: 1 found interpetator at address 0xbe7fd00 rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair CHAP-Password = 0x001143a4c3f8a192f89b9ff9e7f6f85fe0 rlm_perl: Added pair WISPr-Logoff-URL = http://192.168.182.1:3990/logoff rlm_perl: Added pair Acct-Session-Id = 491944cd00000001 rlm_perl: Added pair Service-Type = Login-User rlm_perl: Added pair Vendor-14559-Attr-8 = 0x312e302e3131 rlm_perl: Added pair Called-Station-Id = 00-0E-0C-6E-6E-7C rlm_perl: Added pair Message-Authenticator = 0xcf009790c3d4d941242929020db19b43 rlm_perl: Added pair CHAP-Challenge = 0x091c2ecc9622c2b8072a20db2a85840e rlm_perl: Added pair NAS-IP-Address = 192.168.182.1 rlm_perl: Added pair Calling-Station-Id = 00-14-22-A1-BB-AB rlm_perl: Added pair WISPr-Location-ID = isocc=,cc=,ac=,network=Coova, rlm_perl: Added pair User-Name = 7798-1 rlm_perl: Added pair NAS-Identifier = nas01 rlm_perl: Added pair Framed-IP-Address = 192.168.182.2 rlm_perl: Added pair NAS-Port = 1 rlm_perl: Added pair WISPr-Location-Name = My_HotSpot rlm_perl: Added pair Reply-Message = Unknown Username Or Password rlm_perl: Added pair Simultaneous-Use = 1 rlm_perl: Added pair Auth-Type = Perl perl_pool total/active/spare [32/0/32] Unreserve perl at address 0xbe7fd00 ++[perl_lojnet] returns reject Invalid user: [7798-1/<CHAP-Password>] (from client wireless-client port 1 cli 00-14-22-A1-BB-AB) } # server lojnet Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> 7798-1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 21 for 1 seconds Going to the next request Waking up in 0.7 seconds. Sending delayed reject for request 21 Sending Access-Reject of id 30 to 139.179.14.250 port 33545 Reply-Message = "Unknown Username Or Password" Waking up in 4.9 seconds. Cleaning up request 21 ID 30 with timestamp +1299 Ready to process requests. rad_recv: Access-Request packet from host 139.179.14.250 port 56290, id=34, length=283 Vendor-14559-Attr-8 = 0x312e302e3131 User-Name = "7798" CHAP-Challenge = 0xf5a327d969a14458fc8e232dc2b2dd0e CHAP-Password = 0x00754c55931928ae23c86ffc791482d963 NAS-IP-Address = 192.168.182.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "00-14-22-A1-BB-AB" Called-Station-Id = "00-0E-0C-6E-6E-7C" NAS-Identifier = "nas01" Acct-Session-Id = "491944cd00000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova," WISPr-Location-Name = "My_HotSpot" WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Message-Authenticator = 0x8ccc91235f97010a7c09802979e2cdea server lojnet { +- entering group authorize ++[preprocess] returns ok users: Matched entry DEFAULT at line 72 ++[files] returns ok ++[control] returns ok perl_pool: item 0xc1dfb10 asigned new request. Handled so far: 1 found interpetator at address 0xc1dfb10 rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair CHAP-Password = 0x00754c55931928ae23c86ffc791482d963 rlm_perl: Added pair WISPr-Logoff-URL = http://192.168.182.1:3990/logoff rlm_perl: Added pair Acct-Session-Id = 491944cd00000001 rlm_perl: Added pair Service-Type = Login-User rlm_perl: Added pair Vendor-14559-Attr-8 = 0x312e302e3131 rlm_perl: Added pair Called-Station-Id = 00-0E-0C-6E-6E-7C rlm_perl: Added pair Message-Authenticator = 0x8ccc91235f97010a7c09802979e2cdea rlm_perl: Added pair CHAP-Challenge = 0xf5a327d969a14458fc8e232dc2b2dd0e rlm_perl: Added pair NAS-IP-Address = 192.168.182.1 rlm_perl: Added pair Calling-Station-Id = 00-14-22-A1-BB-AB rlm_perl: Added pair WISPr-Location-ID = isocc=,cc=,ac=,network=Coova, rlm_perl: Added pair User-Name = 7798 rlm_perl: Added pair NAS-Identifier = nas01 rlm_perl: Added pair Framed-IP-Address = 192.168.182.2 rlm_perl: Added pair NAS-Port = 1 rlm_perl: Added pair WISPr-Location-Name = My_HotSpot rlm_perl: Added pair Simultaneous-Use = 1 rlm_perl: Added pair Auth-Type = Perl perl_pool total/active/spare [32/0/32] Unreserve perl at address 0xc1dfb10 ++[perl_lojnet] returns ok rad_check_password: Found Auth-Type Perl auth: type "Perl" +- entering group Perl perl_pool: item 0xc53f920 asigned new request. Handled so far: 1 found interpetator at address 0xc53f920 rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair CHAP-Password = 0x00754c55931928ae23c86ffc791482d963 rlm_perl: Added pair Acct-Session-Id = 491944cd00000001 rlm_perl: Added pair WISPr-Logoff-URL = http://192.168.182.1:3990/logoff rlm_perl: Added pair Service-Type = Login-User rlm_perl: Added pair Vendor-14559-Attr-8 = 0x312e302e3131 rlm_perl: Added pair Called-Station-Id = 00-0E-0C-6E-6E-7C rlm_perl: Added pair Message-Authenticator = 0x8ccc91235f97010a7c09802979e2cdea rlm_perl: Added pair CHAP-Challenge = 0xf5a327d969a14458fc8e232dc2b2dd0e rlm_perl: Added pair NAS-IP-Address = 192.168.182.1 rlm_perl: Added pair Calling-Station-Id = 00-14-22-A1-BB-AB rlm_perl: Added pair WISPr-Location-ID = isocc=,cc=,ac=,network=Coova, rlm_perl: Added pair User-Name = 7798 rlm_perl: Added pair NAS-Identifier = nas01 rlm_perl: Added pair Framed-IP-Address = 192.168.182.2 rlm_perl: Added pair NAS-Port = 1 rlm_perl: Added pair WISPr-Location-Name = My_HotSpot rlm_perl: Added pair Acct-Interim-Interval = 60 rlm_perl: Added pair WISPr-Bandwidth-Max-Up = 25600000 rlm_perl: Added pair WISPr-Bandwidth-Max-Down = 100000000 rlm_perl: Added pair Simultaneous-Use = 1 rlm_perl: Added pair Auth-Type = Perl perl_pool total/active/spare [32/0/32] Unreserve perl at address 0xc53f920 ++[perl_lojnet] returns ok +- entering group session ++[sql_lojnet] returns noop Login OK: [7798/<CHAP-Password>] (from client wireless-client port 1 cli 00-14-22-A1-BB-AB) +- entering group post-auth ++[exec] returns noop } # server lojnet Sending Access-Accept of id 34 to 139.179.14.250 port 56290 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html