HomeForumsOther TopicsCoovaAAA (obsolete)

CHAP password always "does NOT match", please help.

Wed, 11/05/2008 - 11:18 — zfyang

Hi everyone
I’ve setup FreeRadius based on MySQL in Debian.

The system passed local test, but always failed with remote user login request from a Coovachilli portal. Any help or hints how to resolve this? Many thanks!

Here are details of my system:
OS: Debian version 4.0 r5
FreeRadius: 1.1.3 (this is the newest stable version I can apt-get for Debian) MySQL server and client 5.0
CoovaChilli: CoovaAP 1.0 beta7d (in a Linksys WRT54GL box)

This is message in FreeRadius debug mode:
------------------------------------------------------
rad_recv: Access-Request packet from host 192.168.0.130:2086, id=147, length=298
ChilliSpot-Version = "1.0.11"
User-Name = "testuser"
CHAP-Challenge = 0xbf66245eeff4cc3eb1e5a4569c2b87cf
CHAP-Password = 0x00dd6574607c08d4b18ad7c267b2d7b267

... ... ... ...

rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password does NOT match local User-Password
auth: Failed to validate the user.

Finally, this is item in my MySQL radcheck table:
+----+------------+---------------+----+------------+
| id | UserName | Attribute | op | Value |
+----+------------+---------------+----+------------+
| 9 | testuser | User-Password | := | testtest |

(I am sure I input same password, but always NOT match...)

‹ Would you donate for access to CoovaAAA special features? Getting extremely annoyed ›
Wed, 11/05/2008 - 23:48 — Uncle John

Re: CHAP password always "does NOT match", please help.

Thanks for sharing. I use CoovaAAA but I might need the info you provided one day.

Wed, 11/05/2008 - 14:44 — zfyang

Re: CHAP password always "does NOT match", please help.

Well, this problem is resolved.

On Coovachilli side, there should comment out the line "uamsecret = ... " (or use an empty string here?). Otherwise, CHAP encryption does more with this uamsecret and cann't match on freeradius side.