Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal with freeradius3 - problem to validate user

    Scheduled Pinned Locked Moved Captive Portal
    5 Posts 2 Posters 913 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcosjostM
      marcosjost
      last edited by

      Hi,
      I have a system in php, for user selfregister, that runs in an older pfsense (2.2.6) with freradius2 - 1.6.19, and works well ...
      the system inserts into the radius radcheck table the fields:
      id username attribute op value, id is numeric autoincremental, username is a numeric value, attribute is always the value: User-Password,op is always the value: ==
      and username is also a numeric value
      Ex:
      id username attribute op value
      1 00112233 User-Password == 7766554433
      I am doing some tests to update this pfsense, but in pfsense 2.4.3 with freeradius3 0.15.5_2 i found problens,
      This gives error at the time of authenticating, The system inserts in radcheck table of radius the fields username and value
      It inserts correctly in the table, but the radius does not release the navigation ... in the loggs it seems:
      Sep 4 14:19:28 radiusd 66127 (1) Login incorrect (Failed retrieving values required to evaluate condition): [nome/senha] (from client portal port 2008 cli 5c:c9:d3:61:aa:3d)
      Sep 4 14:19:28 radiusd 66127 rlm_sql (sql1): Opening additional connection (5), 1 of 3 pending slots used
      Sep 4 14:19:28 radiusd 66127 Need 1 more connections to reach min connections (3)
      Sep 4 14:19:28 radiusd 66127 See "man rlm_pap" for more information
      Sep 4 14:19:28 radiusd 66127 Are you sure you don't mean Cleartext-Password?
      Sep 4 14:19:28 radiusd 66127 Found User-Password == "..."

      Any suggestions for help? Thank you
      Sorry for the poor English writing.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @marcosjost
        last edited by

        @marcosjost said in Captive portal with freeradius3 - problem to validate user:

        Sep 4 14:19:28 radiusd 66127 See "man rlm_pap" for more information
        Sep 4 14:19:28 radiusd 66127 Are you sure you don't mean Cleartext-Password?
        Sep 4 14:19:28 radiusd 66127 Found User-Password == "..."

        What about this one : https://freeradius.org/radiusd/man/rlm_pap.txt - see "NOTES".

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 1
        • marcosjostM
          marcosjost
          last edited by

          Hi,thanks, i try just change the field attribute, from User-Password to Cleartext-Password ... but dont work...Or am I not fully understanding the problem?
          The logs now:
          Sep 14 08:36:07 radiusd 77050 (0) Login incorrect (Failed retrieving values required to evaluate condition): [00112233/7766554433] (from client portal port 2016 cli c4:6e:1f:0c:e9:4e)
          Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Opening additional connection (6), 1 of 4 pending slots used
          Sep 14 08:36:07 radiusd 77050 Need 2 more connections to reach min connections (3)
          Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Opening additional connection (5), 1 of 5 pending slots used
          Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Closing connection (0): Hit idle_timeout, was idle for 11968 seconds

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            Very usefull : https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu
            and the build-in freeradius commands like radtest :

            [2.4.3-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: radtest x x 192.168.2.1 10 my_radius_secret
            Sent Access-Request Id 111 from 0.0.0.0:56290 to 192.168.2.1:1812 length 71
                    User-Name = "x"
                    User-Password = "x"
                    NAS-IP-Address = 192.168.1.1
                    NAS-Port = 10
                    Message-Authenticator = 0x00
                    Cleartext-Password = "x"
            Received Access-Accept Id 111 from 192.168.2.1:1812 to 0.0.0.0:0 length 50
                    WISPr-Bandwidth-Max-Up = 1000000
                    WISPr-Bandwidth-Max-Down = 3000000
                    Acct-Interim-Interval = 600
            

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 1
            • marcosjostM
              marcosjost
              last edited by

              Gertjan very thanks for the help, this howto "kill" the problem...
              insert into radcheck (username,attribute,op,value) values("fredf", "Cleartext-Password", ":=", "wilma");
              attribute em freeradius3 is :=, and in the freeradius2 i was use ==
              Changing the fields at radcheck:
              attribute from User-Password to Cleartext-Password
              op from == to :=
              Works fine
              Thanks!!

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.