问题
I'm trying to authenticate with CoovaChilli using Radiusd (FreeRADIUS v2.2.5) which is running on Ubuntu 14.04 and I can't succeed.
CoovaChilli is using some different parameters beside to ChilliSpot.
Based on it's own documentation, CoovaChili works with Auth: 0 or 1 Chillispot works with Accept or Reject.
The problem is that I've tried both versions and I still cannot authenticate with radius. Do I have to modify anything in exec module ? I want to keep working both versions (chillispot, coovachilli)
Radius Error Received
...
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
...
Authorize section
authorize {
...
exec
update control {
Auth-Type := "%{reply:Auth-Type}"
}
...
}
Exec module
exec {
wait = yes
program = "authenticate.php"
input_pairs = request
shell_escape = yes
output = none
timeout = 10
output_pairs = reply
}
回答1:
Well your shared secret is incorrect if you're getting the above error. The Access-Accept or Access-Reject is signed using the shared secret, so if it's wrong Chillispot will ignore the response.
回答2:
I got this error when in
/etc/raddb/clients.conf
I defined the password of the client with a whitespace character.
Like:
client myClient {
ipaddr = 999.999.999.999
secret = password 123
}
来源:https://stackoverflow.com/questions/27288925/coovachilli-authentication