Captive portal with freeradius3 - problem to validate user



  • Hi,
    I have a system in php, for user selfregister, that runs in an older pfsense (2.2.6) with freradius2 - 1.6.19, and works well ...
    the system inserts into the radius radcheck table the fields:
    id username attribute op value, id is numeric autoincremental, username is a numeric value, attribute is always the value: User-Password,op is always the value: ==
    and username is also a numeric value
    Ex:
    id username attribute op value
    1 00112233 User-Password == 7766554433
    I am doing some tests to update this pfsense, but in pfsense 2.4.3 with freeradius3 0.15.5_2 i found problens,
    This gives error at the time of authenticating, The system inserts in radcheck table of radius the fields username and value
    It inserts correctly in the table, but the radius does not release the navigation ... in the loggs it seems:
    Sep 4 14:19:28 radiusd 66127 (1) Login incorrect (Failed retrieving values required to evaluate condition): [nome/senha] (from client portal port 2008 cli 5c:c9:d3:61:aa:3d)
    Sep 4 14:19:28 radiusd 66127 rlm_sql (sql1): Opening additional connection (5), 1 of 3 pending slots used
    Sep 4 14:19:28 radiusd 66127 Need 1 more connections to reach min connections (3)
    Sep 4 14:19:28 radiusd 66127 See "man rlm_pap" for more information
    Sep 4 14:19:28 radiusd 66127 Are you sure you don't mean Cleartext-Password?
    Sep 4 14:19:28 radiusd 66127 Found User-Password == "..."

    Any suggestions for help? Thank you
    Sorry for the poor English writing.



  • @marcosjost said in Captive portal with freeradius3 - problem to validate user:

    Sep 4 14:19:28 radiusd 66127 See "man rlm_pap" for more information
    Sep 4 14:19:28 radiusd 66127 Are you sure you don't mean Cleartext-Password?
    Sep 4 14:19:28 radiusd 66127 Found User-Password == "..."

    What about this one : https://freeradius.org/radiusd/man/rlm_pap.txt - see "NOTES".



  • Hi,thanks, i try just change the field attribute, from User-Password to Cleartext-Password ... but dont work...Or am I not fully understanding the problem?
    The logs now:
    Sep 14 08:36:07 radiusd 77050 (0) Login incorrect (Failed retrieving values required to evaluate condition): [00112233/7766554433] (from client portal port 2016 cli c4:6e:1f:0c:e9:4e)
    Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Opening additional connection (6), 1 of 4 pending slots used
    Sep 14 08:36:07 radiusd 77050 Need 2 more connections to reach min connections (3)
    Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Opening additional connection (5), 1 of 5 pending slots used
    Sep 14 08:36:07 radiusd 77050 rlm_sql (sql1): Closing connection (0): Hit idle_timeout, was idle for 11968 seconds



  • Very usefull : https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu
    and the build-in freeradius commands like radtest :

    [2.4.3-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: radtest x x 192.168.2.1 10 my_radius_secret
    Sent Access-Request Id 111 from 0.0.0.0:56290 to 192.168.2.1:1812 length 71
            User-Name = "x"
            User-Password = "x"
            NAS-IP-Address = 192.168.1.1
            NAS-Port = 10
            Message-Authenticator = 0x00
            Cleartext-Password = "x"
    Received Access-Accept Id 111 from 192.168.2.1:1812 to 0.0.0.0:0 length 50
            WISPr-Bandwidth-Max-Up = 1000000
            WISPr-Bandwidth-Max-Down = 3000000
            Acct-Interim-Interval = 600
    


  • Gertjan very thanks for the help, this howto "kill" the problem...
    insert into radcheck (username,attribute,op,value) values("fredf", "Cleartext-Password", ":=", "wilma");
    attribute em freeradius3 is :=, and in the freeradius2 i was use ==
    Changing the fields at radcheck:
    attribute from User-Password to Cleartext-Password
    op from == to :=
    Works fine
    Thanks!!


Log in to reply