我正在尝试使用带有 RADIUSdesk 的 CoovaChilli 和 FreeRadius 设置热点系统。
我已经完成了大部分。Captive 门户登录页面已显示,但我无法以用户身份进行身份验证。
当我查看日志时,我的 OpenWRT 上的 Coova ChilliX????MVJ??? ??<?
作为用户密码发送。
redir.c: 3854: 0 (Debug) redir_accept: Sending RADIUS request
radius.c: 1316: 0 (Debug) RADIUS client 0.0.0.0:0
redir.c: 2670: 0 (Debug) created radius packet (code=1, id=80, len=37)
redir.c: 2708: 0 (Debug) User password 16 [O��F��hs�
t��3]
redir.c: 2831: 0 (Debug) sending radius packet (code=1, id=80, len=299)
radius.c: 321: 0 (Debug) Allocating RADIUS packet
我也查看了 freeradius 日志,得知 Freeradius 解密了原始密码。
(0) pl_reset_time_for_data: $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'X????MVJ??? ??<?'
(0) pl_reset_time_for_data: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '10.1.0.1'
(0) pl_reset_time_for_data: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '5'
(0) pl_reset_time_for_data: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Login-User'
(0) pl_reset_time_for_data: $RAD_REQUEST{'Framed-IP-Address'} = &request:Framed-IP-Address -> '10.1.0.4'
(0) pl_reset_time_for_data: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> 'C0-25-E9-07-52-76'
(0) pl_reset_time_for_data: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'AC-C3-3A-C0-F5-60'
(0) pl_reset_time_for_data: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'HUBS_ROOTS_HUB_1_cp_42'
(0) pl_reset_time_for_data: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11'
(0) pl_reset_time_for_data: $RAD_REQUEST{'Acct-Session-Id'} = &request:Acct-Session-Id -> '5a6c2ea800000005'
(0) pl_reset_time_for_data: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jan 27 2018 07:49:15 UTC'
(0) pl_reset_time_for_data: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x3a3eb994b712e98f3a49e665e27e4d20'
(0) pl_reset_time_for_data: $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> '00000005'
(0) pl_reset_time_for_data: $RAD_REQUEST{'WISPr-Location-ID'} = &request:WISPr-Location-ID -> 'isocc=,cc=,ac=,network=Coova,'
(0) pl_reset_time_for_data: $RAD_REQUEST{'WISPr-Location-Name'} = &request:WISPr-Location-Name -> 'Roots_Daryaganj'
(0) pl_reset_time_for_data: $RAD_REQUEST{'WISPr-Logoff-URL'} = &request:WISPr-Logoff-URL -> 'http://10.1.0.1:3990/logoff'
(0) pl_reset_time_for_data: $RAD_REQUEST{'Realm'} = &request:Realm -> 'roots'
(0) pl_reset_time_for_data: $RAD_REQUEST{'ChilliSpot-Version'} = &request:ChilliSpot-Version -> '1.3.1-svn'
(0) pl_reset_time_for_data: $RAD_REPLY{'Fall-Through'} = &reply:Fall-Through -> 'Yes'
(0) pl_reset_time_for_data: $RAD_CHECK{'User-Profile'} = &control:User-Profile -> '1G-1Day'
(0) pl_reset_time_for_data: $RAD_CHECK{'Cleartext-Password'} = &control:Cleartext-Password -> '<my cleartext password>'
但是,在比较时,服务器使用的是加密密码而不是明文密码。
# Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
(0) Auth-Type PAP {
(0) pap: Login attempt with password
(0) pap: Comparing with "known good" Cleartext-Password
(0) pap: ERROR: Cleartext password "X????MVJ??? ??<?" does not match "known good" password
(0) pap: Passwords don't match
(0) [pap] = reject
(0) } # Auth-Type PAP = reject
(0) Failed to authenticate the user
(0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
(0) Post-Auth-Type REJECT {
(0) attr_filter.access_reject: EXPAND %{User-Name}