I tried with Android device and it use CHAP authentication as Apple devices.
OK, here is the complete log....thanks a lot!!! rad_recv: Accounting-Request packet from host 127.0.0.1 port 3799, id=74, length=172 Acct-Status-Type = Interim-Update User-Name = "pagos" Calling-Station-Id = "00-0C-E7-12-71-BF" Called-Station-Id = "00-15-5D-01-32-04" NAS-Port-Type = Wireless-802.11 NAS-Port = 6 NAS-Port-Id = "00000006" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.1.16 Acct-Session-Id = "520b975800000006" Acct-Input-Octets = 33494 Acct-Output-Octets = 42669 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 181 Acct-Output-Packets = 165 Acct-Session-Time = 491 +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 6,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "520b975800000006",User-Name = "pagos"' [acct_unique] Acct-Unique-Session-ID = "a14e1d0a24db831a". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "pagos", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting {...} expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/detail-20130814 [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/detail-20130814 expand: %t -> Wed Aug 14 11:51:11 2013 ++[detail] returns ok ++[unix] returns noop expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp expand: %{User-Name} -> pagos ++[radutmp] returns ok expand: /var/log/freeradius/sradutmp -> /var/log/freeradius/sradutmp expand: %{User-Name} -> pagos ++[sradutmp] returns ok expand: %{User-Name} -> pagos [sql] sql_set_user escaped user --> 'pagos' expand: %{Acct-Input-Gigawords} -> 0 expand: %{Acct-Input-Octets} -> 33494 expand: %{Acct-Output-Gigawords} -> 0 expand: %{Acct-Output-Octets} -> 42669 expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '192.168.1.16', acctsessiontime = '491', acctinputoctets = '0' << 32 | '33494', acctoutputoctets = '0' << 32 | '42669' WHERE acctsessionid = '520b975800000006' AND username = 'pagos' AND nasipaddress = '0.0.0.0' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok expand: %{User-Name} -> pagos attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 74 to 127.0.0.1 port 3799 Finished request 0. Cleaning up request 0 ID 74 with timestamp +47 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 47716, id=0, length=213 User-Name = "pagos" CHAP-Challenge = 0x102ce36fe571e8dd135b7aacbbfaedba CHAP-Password = 0x0027261c4744170b60d7ceb2e02b12a62b NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.1.17 Calling-Station-Id = "F0-CB-A1-A5-56-71" Called-Station-Id = "00-15-5D-01-32-04" NAS-Identifier = "nas01" Acct-Session-Id = "520b996100000002" NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Message-Authenticator = 0x1fceb0d21eb5534aa4d358b82c239c28 WISPr-Logoff-URL = "http://192.168.1.1:3990/logoff" +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "pagos", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> pagos [sql] sql_set_user escaped user --> 'pagos' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'pagos' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'pagos' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'pagos' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[max_all_mb] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] returns noop [expiration] Checking Expiration time: 'October 26 2021 24:00:00' ++[expiration] returns ok ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "pagos" with CHAP password [chap] Using clear text password "pagos" for user pagos authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> pagos attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 0 to 127.0.0.1 port 47716 Waking up in 4.9 seconds. Cleaning up request 1 ID 0 with timestamp +66 Ready to process requests. THANKS A LOT 2013/8/14 Alan DeKok <al...@deployingradius.com>: > Roberto Carna wrote: >> Dear, the debug is this: >> >> [chap] Login attempt by "pepe" with CHAP password >> [chap] Using clear text password "1234" for user pepe authentication >> [chap] Password check failed >> ++[chap] Returns reject >> Failed to authenticate the user >> >> THe password is 1234 and I try many times... > > Are you sure that's from an Apple device? They don't do CHAP for WiFi > authentication. > >> Any idea ??? Because from other Windos and Android devices the >> authentication works OK. > > Post the FULL debug log. Honestly. That's why we ask for it. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html