Hi all, I have these users in my PGSQL table username | pwd ----------+--------- u_3 | pwd_3 u_one | pwd_one u_two | pwd_two
When testing with radtest: ======================================================== miham...@rktmb:~$ radtest u_one pwd_one radius20 10 cot357 Sending Access-Request of id 240 to 41.204.103.216 port 1812 User-Name = "u_one" User-Password = "pwd_one" NAS-IP-Address = 127.0.1.1 NAS-Port = 10 rad_recv: Access-Accept packet from host 41.204.103.216 port 1812, id=240, length=26 Session-Timeout = 320 ======================================================== and freeradius -X trace: ======================================================== [...] auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [u_one/pwd_one] (from client quarante_un_deux_cent_quatre port 10) +- entering group post-auth rlm_sql (sql): Processing sql_postauth expand: %{User-Name} -> u_one rlm_sql (sql): sql_set_user escaped user --> 'u_one' expand: SELECT * FROM f_prepaid_activate('%{SQL-User-Name}') -> SELECT * FROM f_prepaid_activate('u_one') rlm_sql (sql) in sql_postauth: query is SELECT * FROM f_prepaid_activate('u_one') rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 1 rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 128 to 41.204.104.9 port 60642 Session-Timeout = 320 Finished request 18. Going to the next request Waking up in 4.9 seconds. ======================================================= When trying through the coova web form, same login/pass: Failure. Attached is the output of "freeradius -X" My collegues tell me coova must use CHAP for this project. What last setup is missing? Thank you! -- Architecte Informatique: Administration Systeme, Recherche & Developpement + 261 32 11 401 65 Pensez a l'environnement avant d'imprimer ce message
rad_recv: Access-Request packet from host 41.204.104.68 port 2072, id=37, length=304 Vendor-14559-Attr-8 = 0x312e302e3131 User-Name = "u_one" CHAP-Challenge = 0x3e05e8c330102b96a377b004612fb0b8 CHAP-Password = 0x00a8a24ff230a41368ba7c0ceb0dccbd1f NAS-IP-Address = 41.204.104.68 Service-Type = Login-User Framed-IP-Address = 10.111.0.130 Calling-Station-Id = "00-14-2A-AB-4E-98" Called-Station-Id = "00-1D-73-55-95-AD" NAS-Identifier = "00-1D-73-55-95-AD" Acct-Session-Id = "4a69b58200000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 WISPr-Location-ID = "isocc=MG,cc=,ac=,network=Coova,Blueline" WISPr-Location-Name = "COT_HOTSPOT" WISPr-Logoff-URL = "http://10.111.0.1:3660/logoff" Message-Authenticator = 0x0e1108c35fb77d938cff62ae367289b0 +- entering group authorize ++[preprocess] returns ok rlm_chap: Setting 'Auth-Type := CHAP' ++[chap] returns ok rlm_realm: No '@' in User-Name = "u_one", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop expand: %{User-Name} -> u_one rlm_sql (sql): sql_set_user escaped user --> 'u_one' rlm_sql (sql): Reserving sql socket id: 2 expand: SELECT * FROM f_authorize_check_query2('%{SQL-User-Name}','%{User-Password}','%{NAS-IP-Address}') -> SELECT * FROM f_authorize_check_query2('u_one','','41.204.104.68') rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 rlm_sql (sql): User found in radcheck table expand: SELECT * FROM f_authorize_reply_query('%{SQL-User-Name}') -> SELECT * FROM f_authorize_reply_query('u_one') rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [u_one/<CHAP-Password>] (from client quarante_un_deux_cent_quatre port 1 cli 00-14-2A-AB-4E-98) Found Post-Auth-Type Reject +- entering group REJECT ++- group REJECT returns noop Delaying reject of request 19 for 4 seconds Going to the next request Waking up in 0.9 seconds. Waking up in 2.9 seconds. Sending delayed reject for request 19 Sending Access-Reject of id 37 to 41.204.104.68 port 2072 Session-Timeout = 320 Waking up in 4.9 seconds. Cleaning up request 19 ID 37 with timestamp +331 Ready to process requests. ^C
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html