(RADIATOR) Chilispot
Derek Slaven
dereks at CSL.WS
Tue May 29 01:43:21 CDT 2007
Hello Huge,
I've tested radiator using the utility below and yes, everything works fine. It is able to authenticate when I use the tool below but when I try thru Chillispot, authentication always fails due to 'bad password'. I've checked and re-checked my secret and they are exactly the same so I'm a bit lost here. I've attached my radius config file 'chilitest.cfg'; the chilispot config file 'chillispot.conf'; radius log file 'radius.log'; and password log file 'password.log'. Hopefully this might help identify the problem.
cheers,
Derek
Hello Derek -
You should test the Radiator part of this independently with the
radpwtst utility included in the Radiator distribution.
cd /your/Radaitor/distribution
perl radpwtst -auth_port .... -acct_port ..... -secret ..... -
user ...... -password ......
Here is the help for radpwtst:
Radiator-3.17.1 hugh$ perl radpwtst -h
usage: radpwtst [-h] [-time] [-iterations n]
[-trace [level]] [-s server] [-secret secret]
[-noauth] [-noacct][-nostart] [-nostop] [-status]
[-chap] [-mschap] [-mschapv2] [-eapmd5] [-eapotp] [-
eapgtc] [-sip]
[-eaphex xxxxxxxxxxxxx]
[-accton] [-acctoff] [-framed_ip_address address]
[-auth_port port] [-acct_port port] [-identifier n]
[-user username] [-password password]
[-nas_ip_address address] [-nas_identifier string]
[-nas_port port] [-nas_port_type type] [-service_type
service]
[-calling_station_id string] [-called_station_id string]
[-session_id string] [-interactive]
[-delay_time n] [-session_time n] [-input_octets n]
[-output_octets n] [-timeout n] [-dictionary file,file]
[-gui] [-class string] [-useoldascendpasswords]
[-code requestcode] [-raw data] [-rawfile filename]
[-rawfileseq filename]
[-outport port] [-bind_address dotted-ip-address]
[attribute=value]...
I am fairly certain that the problem is incorrect shared secrets.
regards
Hugh
On 25 May 2007, at 10:55, Derek Slaven wrote:
> Hello Hugh,
> I have tried using AuthBy FILE but still the same problem. Shared
> secrets are the same so no problems there. However, authentication
> fails and indicates that the password submitted from Chilispot is
> incorrect.
> When I check the password log file this is what it shows.
>
> Tue May 22 13:38:02 2007:1179880682:dereks:i¥?g)A^¥Z�ªz?
> ®I:password:FAIL
> Tue May 22 13:45:01
> 2007:1179881101:dereks:Ë~ç·ß�à<�s"$?¯:password:FAIL
> Tue May 22 14:34:10 2007:1179884050:dereks:¢
> pOEÓ²K�ïdsóXÖ.:password:FAIL
>
> It appears that radiator cannot make sense of the password that is
> sent to it from Chilispot. Would you have any clues what could
> cause this?
>
> Cheers,
> Derek
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Friday, 11 May 2007 12:24 p.m.
> To: Derek Slaven
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Chilispot
>
>
> Hello Derek -
>
> The first thing I would check is the shared secrets.
>
> You should probably start with a simple AuthBy FILE to begin with,
> and once you have that working correctly you can go on to using SQL.
>
> regards
>
> Hugh
>
>
> On 12 May 2007, at 07:17, Derek Slaven wrote:
>
>> Hi,
>>
>> Trying to create a hotspot using Chilispot which connects to Win2k3
>> radius server. Running a trace 5 debug on radiator produces a
>> report saying connection reject due to bad password. These are the
>> applications I am using for this environment. I have included the
>> debug report below
>>
>>
>>
>> Perl 5.6.1
>>
>> Radiator 3.17.1
>>
>> SQL2000sp3
>>
>>
>>
>> Cheers,
>>
>> Derek
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Thu May 10 16:28:26 2007: NOTICE: Server started: Radiator 3.17.1
>> on radius4
>>
>> Thu May 10 16:30:08 2007: DEBUG: Packet dump:
>>
>> *** Received from 192.168.1.1 port 2067 ....
>>
>>
>>
>> Packet length = 197
>>
>> 01 00 00 c5 e5 f2 3a 36 a9 98 71 fd ce a6 22 f6
>>
>> 28 e5 89 e9 01 08 64 65 72 65 6b 73 02 12 d6 4f
>>
>> e4 06 ab f8 3b 5e 23 97 c6 b6 81 5b 8e 18 04 06
>>
>> 00 00 00 00 06 06 00 00 00 01 08 06 c0 a8 b6 04
>>
>> 1f 13 30 30 2d 31 32 2d 31 37 2d 46 39 2d 31 44
>>
>> 2d 32 38 1e 13 30 30 2d 31 41 2d 37 30 2d 36 45
>>
>> 2d 46 37 2d 37 32 20 07 66 72 6f 64 6f 2c 12 34
>>
>> 36 34 33 66 66 32 34 30 30 30 30 30 30 30 32 3d
>>
>> 06 00 00 00 13 05 06 00 00 00 02 50 12 2c 38 7f
>>
>> 81 8a b0 a8 71 18 a5 75 29 7c fc 20 c4 1a 28 00
>>
>> 00 37 2a 03 22 68 74 74 70 3a 2f 2f 31 39 32 2e
>>
>> 31 36 38 2e 31 38 32 2e 31 3a 33 39 39 30 2f 6c
>>
>> 6f 67 6f 66 66
>>
>> Code: Access-Request
>>
>> Identifier: 0
>>
>> Authentic: <229><242>:6<169><152>q<253><206><166>"<246>
>> (<229><137><233>
>>
>> Attributes:
>>
>> User-Name = "dereks"
>>
>> User-Password =
>> <214>O<228><6><171><248>;^#<151><198><182><129>[<142><24
>>
>>>
>>
>> NAS-IP-Address = 0.0.0.0
>>
>> Service-Type = Login-User
>>
>> Framed-IP-Address = 192.168.182.4
>>
>> Calling-Station-Id = "00-12-17-F9-1D-28"
>>
>> Called-Station-Id = "00-1A-70-6E-F7-72"
>>
>> NAS-Identifier = "frodo"
>>
>> Acct-Session-Id = "4643ff2400000002"
>>
>> NAS-Port-Type = Wireless-IEEE-802-11
>>
>> NAS-Port = 2
>>
>> Message-Authenticator = ,
>> 8<127><129><138><176><168>q<24><165>u)|<252> <1
>>
>> 96>
>>
>> WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
>>
>>
>>
>> Thu May 10 16:30:08 2007: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>>
>> Thu May 10 16:30:08 2007: DEBUG: Rewrote user name to dereks
>>
>> Thu May 10 16:30:08 2007: DEBUG: Deleting session for dereks,
>> 0.0.0.0, 2
>>
>> Thu May 10 16:30:08 2007: DEBUG: Handling with Radius::AuthEMERALD
>>
>> Thu May 10 16:30:08 2007: DEBUG: Handling with Radius::AuthEMERALD:
>>
>> Thu May 10 16:30:08 2007: DEBUG: Query is: 'select DateAdd(Day,
>> ma.extension+ma.
>>
>> overdue, maExpireDate),
>>
>> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,
>> sa.AccountType,
>>
>> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>>
>> from masteraccounts ma, subaccounts sa
>>
>> where (sa.login = 'dereks' or sa.shell = 'dereks')
>>
>> and ma.customerid = sa.customerid
>>
>> and sa.active <> 0 and ma.active <> 0':
>>
>> Thu May 10 16:30:09 2007: DEBUG: Select results: 2008-05-10
>> 16:30:09.107, 2008-0
>>
>> 5-10 16:30:09.107, 1271, PPP, idontthinkso, dereks, , , 2
>>
>> Thu May 10 16:30:09 2007: DEBUG: Query is: 'select
>> ra.RadAttributeID, ra.RadVend
>>
>> orID,
>>
>> ra.RadVendorType,
>>
>> Data, Value, Type, RadCheck
>>
>> from RadConfigs rc, RadAttributes ra
>>
>> where ra.RadAttributeID = rc.RadAttributeID
>>
>> and ra.RadVendorID = rc.RadVendorID
>>
>> and ra.RadVendorType = rc.RadVendorType
>>
>> and rc.AccountID=1271':
>>
>> Thu May 10 16:30:09 2007: DEBUG: Query is: 'select
>> ra.RadAttributeID, ra.RadVend
>>
>> orID,
>>
>> ra.RadVendorType,
>>
>> Data, Value, Type, RadCheck
>>
>> from RadATConfigs rc, RadAttributes ra
>>
>> where ra.RadAttributeID = rc.RadAttributeID
>>
>> and ra.RadVendorID = rc.RadVendorID
>>
>> and ra.RadVendorType = rc.RadVendorType
>>
>> and rc.AccountType='PPP'':
>>
>> Thu May 10 16:30:09 2007: DEBUG: Radius::AuthEMERALD looks for
>> match with dereks
>>
>> [dereks]
>>
>> Thu May 10 16:30:09 2007: DEBUG: Radius::AuthEMERALD REJECT: Bad
>> Password: derek
>>
>> s [dereks]
>>
>> Thu May 10 16:30:10 2007: DEBUG: Query is: 'select DateAdd(Day,
>> ma.extension+ma.
>>
>> overdue, maExpireDate),
>>
>> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,
>> sa.AccountType,
>>
>> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>>
>> from masteraccounts ma, subaccounts sa
>>
>> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
>>
>> and ma.customerid = sa.customerid
>>
>> and sa.active <> 0 and ma.active <> 0':
>>
>> Thu May 10 16:30:10 2007: DEBUG: AuthBy EMERALD result: REJECT, Bad
>> Password
>>
>> Thu May 10 16:30:10 2007: INFO: Access rejected for dereks: Bad
>> Password
>>
>> Thu May 10 16:30:10 2007: DEBUG: Packet dump:
>>
>> *** Sending to 192.168.1.1 port 2067 ....
>>
>>
>>
>> Packet length = 36
>>
>> 03 00 00 24 b9 ae 52 2d 42 eb 43 f8 3a 4c b8 75
>>
>> 2b 70 6a 66 12 10 52 65 71 75 65 73 74 20 44 65
>>
>> 6e 69 65 64
>>
>> Code: Access-Reject
>>
>> Identifier: 0
>>
>> Authentic: <229><242>:6<169><152>q<253><206><166>"<246>
>> (<229><137><233>
>>
>> Attributes:
>>
>> Reply-Message = "Request Denied"
>>
>>
>>
>> Thu May 10 16:30:10 2007: DEBUG: Packet dump:
>>
>> *** Received from 192.168.1.1 port 2067 ....
>>
>>
>>
>> Packet length = 197
>>
>> 01 00 00 c5 e5 f2 3a 36 a9 98 71 fd ce a6 22 f6
>>
>> 28 e5 89 e9 01 08 64 65 72 65 6b 73 02 12 d6 4f
>>
>> e4 06 ab f8 3b 5e 23 97 c6 b6 81 5b 8e 18 04 06
>>
>> 00 00 00 00 06 06 00 00 00 01 08 06 c0 a8 b6 04
>>
>> 1f 13 30 30 2d 31 32 2d 31 37 2d 46 39 2d 31 44
>>
>> 2d 32 38 1e 13 30 30 2d 31 41 2d 37 30 2d 36 45
>>
>> 2d 46 37 2d 37 32 20 07 66 72 6f 64 6f 2c 12 34
>>
>> 36 34 33 66 66 32 34 30 30 30 30 30 30 30 32 3d
>>
>> 06 00 00 00 13 05 06 00 00 00 02 50 12 2c 38 7f
>>
>> 81 8a b0 a8 71 18 a5 75 29 7c fc 20 c4 1a 28 00
>>
>> 00 37 2a 03 22 68 74 74 70 3a 2f 2f 31 39 32 2e
>>
>> 31 36 38 2e 31 38 32 2e 31 3a 33 39 39 30 2f 6c
>>
>> 6f 67 6f 66 66
>>
>> Code: Access-Request
>>
>> Identifier: 0
>>
>> Authentic: <229><242>:6<169><152>q<253><206><166>"<246>
>> (<229><137><233>
>>
>> Attributes:
>>
>> User-Name = "dereks"
>>
>> User-Password =
>> <214>O<228><6><171><248>;^#<151><198><182><129>[<142><24
>>
>>>
>>
>> NAS-IP-Address = 0.0.0.0
>>
>> Service-Type = Login-User
>>
>> Framed-IP-Address = 192.168.182.4
>>
>> Calling-Station-Id = "00-12-17-F9-1D-28"
>>
>> Called-Station-Id = "00-1A-70-6E-F7-72"
>>
>> NAS-Identifier = "frodo"
>>
>> Acct-Session-Id = "4643ff2400000002"
>>
>> NAS-Port-Type = Wireless-IEEE-802-11
>>
>> NAS-Port = 2
>>
>> Message-Authenticator = ,
>> 8<127><129><138><176><168>q<24><165>u)|<252> <1
>>
>> 96>
>>
>> WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
>>
>>
>>
>> Thu May 10 16:30:11 2007: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>>
>> Thu May 10 16:30:11 2007: DEBUG: Rewrote user name to dereks
>>
>> Thu May 10 16:30:11 2007: DEBUG: Deleting session for dereks,
>> 0.0.0.0, 2
>>
>> Thu May 10 16:30:11 2007: DEBUG: Handling with Radius::AuthEMERALD
>>
>> Thu May 10 16:30:11 2007: DEBUG: Handling with Radius::AuthEMERALD:
>>
>> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select DateAdd(Day,
>> ma.extension+ma.
>>
>> overdue, maExpireDate),
>>
>> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,
>> sa.AccountType,
>>
>> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>>
>> from masteraccounts ma, subaccounts sa
>>
>> where (sa.login = 'dereks' or sa.shell = 'dereks')
>>
>> and ma.customerid = sa.customerid
>>
>> and sa.active <> 0 and ma.active <> 0':
>>
>> Thu May 10 16:30:11 2007: DEBUG: Select results: 2008-05-10
>> 16:30:11.607, 2008-0
>>
>> 5-10 16:30:11.607, 1271, PPP, idontthinkso, dereks, , , 2
>>
>> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select
>> ra.RadAttributeID, ra.RadVend
>>
>> orID,
>>
>> ra.RadVendorType,
>>
>> Data, Value, Type, RadCheck
>>
>> from RadConfigs rc, RadAttributes ra
>>
>> where ra.RadAttributeID = rc.RadAttributeID
>>
>> and ra.RadVendorID = rc.RadVendorID
>>
>> and ra.RadVendorType = rc.RadVendorType
>>
>> and rc.AccountID=1271':
>>
>> Thu May 10 16:30:11 2007: DEBUG: Query is: 'select
>> ra.RadAttributeID, ra.RadVend
>>
>> orID,
>>
>> ra.RadVendorType,
>>
>> Data, Value, Type, RadCheck
>>
>> from RadATConfigs rc, RadAttributes ra
>>
>> where ra.RadAttributeID = rc.RadAttributeID
>>
>> and ra.RadVendorID = rc.RadVendorID
>>
>> and ra.RadVendorType = rc.RadVendorType
>>
>> and rc.AccountType='PPP'':
>>
>> Thu May 10 16:30:12 2007: DEBUG: Radius::AuthEMERALD looks for
>> match with dereks
>>
>> [dereks]
>>
>> Thu May 10 16:30:12 2007: DEBUG: Radius::AuthEMERALD REJECT: Bad
>> Password: derek
>>
>> s [dereks]
>>
>> Thu May 10 16:30:12 2007: DEBUG: Query is: 'select DateAdd(Day,
>> ma.extension+ma.
>>
>> overdue, maExpireDate),
>>
>> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID,
>> sa.AccountType,
>>
>> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
>>
>> from masteraccounts ma, subaccounts sa
>>
>> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
>>
>> and ma.customerid = sa.customerid
>>
>> and sa.active <> 0 and ma.active <> 0':
>>
>> Thu May 10 16:30:12 2007: DEBUG: AuthBy EMERALD result: REJECT, Bad
>> Password
>>
>> Thu May 10 16:30:12 2007: INFO: Access rejected for dereks: Bad
>> Password
>>
>> Thu May 10 16:30:12 2007: DEBUG: Packet dump:
>>
>> *** Sending to 192.168.1.1 port 2067 ....
>>
>>
>>
>> Packet length = 36
>>
>> 03 00 00 24 b9 ae 52 2d 42 eb 43 f8 3a 4c b8 75
>>
>> 2b 70 6a 66 12 10 52 65 71 75 65 73 74 20 44 65
>>
>> 6e 69 65 64
>>
>> Code: Access-Reject
>>
>> Identifier: 0
>>
>> Authentic: <229><242>:6<169><152>q<253><206><166>"<246>
>> (<229><137><233>
>>
>> Attributes:
>>
>> Reply-Message = "Request Denied"
>>
>>
>>
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070528/1e151712/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chilitest.cfg
Type: application/octet-stream
Size: 461 bytes
Desc: chilitest.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070528/1e151712/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chilli.conf
Type: application/octet-stream
Size: 271 bytes
Desc: chilli.conf
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070528/1e151712/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius.log
Type: application/octet-stream
Size: 2378 bytes
Desc: radius.log
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070528/1e151712/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Password.log
Type: application/octet-stream
Size: 292 bytes
Desc: Password.log
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070528/1e151712/attachment-0003.obj>
More information about the radiator
mailing list