Captive portal with freeradius3 - problem to validate user

marcosjost

Hi,
I have a system in php, for user selfregister, that runs in an older pfsense (2.2.6) with freradius2 - 1.6.19, and works well ...
the system inserts into the radius radcheck table the fields:
id username attribute op value, id is numeric autoincremental, username is a numeric value, attribute is always the value: User-Password,op is always the value: ==
and username is also a numeric value
Ex:
id username attribute op value
1 00112233 User-Password == 7766554433
I am doing some tests to update this pfsense, but in pfsense 2.4.3 with freeradius3 0.15.5_2 i found problens,
This gives error at the time of authenticating, The system inserts in radcheck table of radius the fields username and value
It inserts correctly in the table, but the radius does not release the navigation ... in the loggs it seems:
Sep 4 14:19:28 radiusd 66127 (1) Login incorrect (Failed retrieving values required to evaluate condition): [nome/senha] (from client portal port 2008 cli 5c:c9:d3:61:aa:3d)
Sep 4 14:19:28 radiusd 66127 rlm_sql (sql1): Opening additional connection (5), 1 of 3 pending slots used
Sep 4 14:19:28 radiusd 66127 Need 1 more connections to reach min connections (3)
Sep 4 14:19:28 radiusd 66127 See "man rlm_pap" for more information
Sep 4 14:19:28 radiusd 66127 Are you sure you don't mean Cleartext-Password?
Sep 4 14:19:28 radiusd 66127 Found User-Password == "..."

Any suggestions for help? Thank you
Sorry for the poor English writing.

Gertjan

@marcosjost said in Captive portal with freeradius3 - problem to validate user:

Sep 4 14:19:28 radiusd 66127 See "man rlm_pap" for more information
Sep 4 14:19:28 radiusd 66127 Are you sure you don't mean Cleartext-Password?
Sep 4 14:19:28 radiusd 66127 Found User-Password == "..."

What about this one : https://freeradius.org/radiusd/man/rlm_pap.txt - see "NOTES".

marcosjost

Hi,thanks, i try just change the field attribute, from User-Password to Cleartext-Password ... but dont work...Or am I not fully understanding the problem?
The logs now:
Sep 14 08:36:07 radiusd 77050 (0) Login incorrect (Failed retrieving values required to evaluate condition): [00112233/7766554433] (from client portal port 2016 cli c4:6e:1f:0c:e9:4e)
Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Opening additional connection (6), 1 of 4 pending slots used
Sep 14 08:36:07 radiusd 77050 Need 2 more connections to reach min connections (3)
Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Opening additional connection (5), 1 of 5 pending slots used
Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Closing connection (0): Hit idle_timeout, was idle for 11968 seconds

Gertjan

Very usefull : https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu
and the build-in freeradius commands like radtest :

[2.4.3-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: radtest x x 192.168.2.1 10 my_radius_secret
Sent Access-Request Id 111 from 0.0.0.0:56290 to 192.168.2.1:1812 length 71
        User-Name = "x"
        User-Password = "x"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 10
        Message-Authenticator = 0x00
        Cleartext-Password = "x"
Received Access-Accept Id 111 from 192.168.2.1:1812 to 0.0.0.0:0 length 50
        WISPr-Bandwidth-Max-Up = 1000000
        WISPr-Bandwidth-Max-Down = 3000000
        Acct-Interim-Interval = 600

marcosjost

Gertjan very thanks for the help, this howto "kill" the problem...
insert into radcheck (username,attribute,op,value) values("fredf", "Cleartext-Password", ":=", "wilma");
attribute em freeradius3 is :=, and in the freeradius2 i was use ==
Changing the fields at radcheck:
attribute from User-Password to Cleartext-Password
op from == to :=
Works fine
Thanks!!