CoovaChilli Authentication

守給你的承諾、 提交于 2019-12-24 10:39:35

问题


I'm trying to authenticate with CoovaChilli using Radiusd (FreeRADIUS v2.2.5) which is running on Ubuntu 14.04 and I can't succeed.

CoovaChilli is using some different parameters beside to ChilliSpot.

Based on it's own documentation, CoovaChili works with Auth: 0 or 1 Chillispot works with Accept or Reject.

The problem is that I've tried both versions and I still cannot authenticate with radius. Do I have to modify anything in exec module ? I want to keep working both versions (chillispot, coovachilli)

Radius Error Received

...
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
  WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
...

Authorize section

authorize {
...
        exec
       update control {
                Auth-Type := "%{reply:Auth-Type}"
        }
...
}

Exec module

exec {
        wait = yes
        program = "authenticate.php"
        input_pairs = request
        shell_escape = yes
        output = none
        timeout = 10
        output_pairs = reply
}

回答1:


Well your shared secret is incorrect if you're getting the above error. The Access-Accept or Access-Reject is signed using the shared secret, so if it's wrong Chillispot will ignore the response.




回答2:


I got this error when in

/etc/raddb/clients.conf

I defined the password of the client with a whitespace character.

Like:

client myClient {
    ipaddr = 999.999.999.999
    secret = password 123
}


来源:https://stackoverflow.com/questions/27288925/coovachilli-authentication

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!