Just to close the subject, I reinstalled a server with the 32 bits version of Ubuntu server, and now it's working.
The bug is confirmed and I submittted a bug on Ubuntu
Pages 1
You are not logged in. Please login or register.
Chillispot Forum → Posts by lapin
Pages 1
Just to close the subject, I reinstalled a server with the 32 bits version of Ubuntu server, and now it's working.
The bug is confirmed and I submittted a bug on Ubuntu
seems it's getting closer :
http://www.chillispot.info/chilliforum/viewtopic.php?id=349
yes !
mmmmh I begin to have a doubt ...
I'm using a 64 bits version of Ubuntu, and I notice that in my Wireshark capture, all paquets sent by chilli have a message-authentificator that have only zeros after the 1st 8 bytes, like :
Message-Authenticator: DF09B19E000000000000000000000000
When the one sent by radclient (radtest calls it) have something like :
Message-Authenticator: 9A67B23A03BDC920A49E0F59413023B8
Do you think what I think ?
Couldn't it be a bug of chilli when compiled on 64 bits systems ? seems there is an overflow or something and the Message-authenticator is truncated to 6 bytes ?
I was following this howto (and the related for different versions of Ubuntu).
Yesterday, after having enough, I started again from scratch : reinstalled Ubuntu 8.04 LTS server (instead of 9.04 server), reinstalled all packages, configured.
Now I have exactly the same errors, but the difference is that now I'm running freeradius 1.1.7 instead of 2.0 ; and the problem with the invalid Message-Authenticator is still there.
Is there any special content in the radius database that I have ? I have that currently :
records only in the radcheck table, like this :
id UserName Attribute op Value
4 lapin Auth-Type := Local
5 lapin User-Password == pass123
All other tables are empty (nas, radgroupcheck among others)
Any comment ?
Both Chilli and freeradius are on debug mode on the console, foreground.
The only message I get in the freeradius console is immediately that :
---------
Wed Sep 9 12:48:00 2009 : Error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response.
---------
repeated a few times.
regards
Of course it has been triple checked, and put back to easy readable password to be sure there is no typo. Both uamsecret and radiussecret.
I even got the source and compiled myself a version of chilli, and I've got exactly the same error still. Pretty disappointed.
Hi,
I'm trying to setup chillispot 1.0-10 on a Ubuntu 9.04 server, with freeradius 2.1.0, and I'm experiencing communication problems between Chilli and Freeradius.
I'm sure about my radiussecret in the chilli.conf and in the freeradius clients.conf. I have experienced many different secrets, and I always receive this message from freeradius (run in debug mode, as well as chilli daemon) :
-----------------------------
Wed Sep 9 12:48:00 2009 : Error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response.
-----------------------------
If i run a "radtest" test, the server answers correctly with a Access-Accept request.
I have a tried with a few accounts configured in either Mysql radcheck table and plain file "users", i have always the same error. I checked with the other "hotspotlogin.php" script instead of the "hotspotlogin.cgi", no better result.
Now I just run wireshark to capture some paquets and there is something different in the radius paquets sent from radtest than from chilli.
Here is the frame which is accepted (with radtest):
=================================
No. Time Source Destination Protocol Info
268 3.750178 127.0.0.1 127.0.0.1 RADIUS Access-Request(1) (id=118, l=62)
Frame 268 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 51483 (51483), Dst Port: radius (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x76 (118)
Length: 62
Authenticator: F111473F0D933103A3EC7880F2E65FBD
[The response to this request is in frame 269]
Attribute Value Pairs
AVP: l=12 t=User-Name(1): chillispot
AVP: l=18 t=User-Password(2): Encrypted
AVP: l=6 t=NAS-IP-Address(4): 192.168.182.1
AVP: l=6 t=NAS-Port(5): 0
------------------------------------------------------
and here is the frame that is sent from chilli and that freeradius refuse :
No. Time Source Destination Protocol Info
1008 30.626386 127.0.0.1 127.0.0.1 RADIUS Access-Request(1) (id=0, l=201)
Frame 1008 (243 bytes on wire, 243 bytes captured)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 35931 (35931), Dst Port: radius (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x0 (0)
Length: 201
Authenticator: E61C4FB477F4DB4994BE5560B08C2FA4
Attribute Value Pairs
AVP: l=12 t=User-Name(1): chillispot
AVP: l=18 t=User-Password(2): Encrypted
AVP: l=6 t=NAS-IP-Address(4): 127.0.0.1
AVP: l=6 t=Service-Type(6): Login-User(1)
AVP: l=6 t=Framed-IP-Address(8): 192.168.182.3
AVP: l=19 t=Calling-Station-Id(31): 00-08-02-E8-89-36
AVP: l=19 t=Called-Station-Id(30): 00-11-43-D3-79-69
AVP: l=7 t=NAS-Identifier(32): nas01
AVP: l=18 t=Acct-Session-Id(44): 4aa77c2f00000000
AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
AVP: l=6 t=NAS-Port(5): 0
AVP: l=18 t=Message-Authenticator(80): 156DCCEF000000000000000000000000
AVP: l=40 t=Vendor-Specific(26) v=WISPr(14122)
here is my freeradius clients.conf:
--------------
client 127.0.0.1 {
secret = *********
shortname = localhost
nastype = other
#require_message_authenticator = no
}
-------------------------
I have spent hours on that project, and i'm sure chillispot is perfect for that, but there should be something really weird in my config ...
Help please !
Pages 1
Chillispot Forum → Posts by lapin
Powered by PunBB 1.4.4, supported by Informer Technologies, Inc.