HomeForumsOpen-Source SoftwareCoovaChilli Development

problem getting proper handling when radius server rejects

Fri, 04/24/2009 - 09:45 — mctiew

In my configuration, I got everything working as long as my user id and password does not give problem to the radius server.

However, when the user id and password is rejected by the radius server, then I can't ( consistently ) get a proper error handling display on the user-end browser page.

Here is sample output when the user and password is ok :-

</p>
<p>redir.c: 1952: 0 (Debug) Get HTTP Request<br />
redir.c: 1113: 0 (Debug) http-request: GET / HTTP/1.1<br />
redir.c: 1141: 0 (Debug) The path:<br />
redir.c: 1227: 0 (Debug) User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)<br />
redir.c: 1208: 0 (Debug) Host: <a href="http://www.google.com" title="www.google.com">www.google.com</a><br />
redir.c: 1329: 0 (Debug) -->> Setting userurl=[http://www.google.com/]<br />
redir.c: 1961: 0 (Debug) Process HTTP Request<br />
redir.c: 2081: 0 (Debug) Processing received request<br />
redir.c: 2282: 0 (Debug) redir_accept: Original request<br />
redir.c: 1937: 0 (Debug) Calling redir_getstate()<br />
redir.c: 1952: 0 (Debug) Get HTTP Request<br />
redir.c: 1113: 0 (Debug) http-request: GET /logon?username=user1&password=4bfa37b4761919d72d834de3834960ec HTTP/1.1<br />
redir.c: 1141: 0 (Debug) The path: logon<br />
redir.c: 1186: 0 (Debug) Query string: username=user1&password=4bfa37b4761919d72d834de3834960ec<br />
redir.c: 1227: 0 (Debug) User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)<br />
redir.c: 1208: 0 (Debug) Host: 10.1.0.1:3660<br />
redir.c: 1037: 0 (Debug) The parameter username is: [user1]<br />
redir.c: 1262: 0 (Debug) -->> Setting username=[user1]<br />
redir.c: 1037: 0 (Debug) The parameter password is: [4bfa37b4761919d72d834de3834960ec]<br />
redir.c: 1961: 0 (Debug) Process HTTP Request<br />
redir.c: 2081: 0 (Debug) Processing received request<br />
redir.c: 2120: 0 (Debug) redir_accept: Sending radius request</p>
<p>redir.c: 1463: 0 (Debug) created radius packet (code=1, id=0, len=34)</p>
<p>redir.c: 1578: 0 (Debug) sending radius packet (code=1, id=0, len=279)</p>
<p>redir.c: 1349: 0 (Debug) Received access request confirmation from radius server</p>
<p>redir.c: 2126: 0 (Debug) Received radius reply</p>
<p>redir.c: 837: 0 (Debug) here: <a href="http://192.168.132.133/cgi-bin/hotspotlogin.cgi?res=success&uamip=10.1.0.1&uamport=3660&uid=user1&mac=00-1B-77-46-00-18&ip=10.1.0.2&called=00-16-01-AE-6A-97&nasid=00-16-01-AE-6A-97&redirurl=&userurl=http%3a%2f%2fwww.google.com%2f&md=8E21293BF1E59259D14C4C82083C0C61" title="http://192.168.132.133/cgi-bin/hotspotlogin.cgi?res=success&uamip=10.1.0.1&uamport=3660&uid=user1&mac=00-1B-77-46-00-18&ip=10.1.0.2&called=00-16-01-AE-6A-97&nasid=00-16-01-AE-6A-97&redirurl=&userurl=http%3a%2f%2fwww.google.com%2f&md=8E21293BF1E59259D14C4C82083C0C61">http://192.168.132.133/cgi-bin/hotspotlogin.cgi?res=success&uamip=10.1.0...</a></p>
<p>redir.c: 2175: 0 (Debug) -->> Msg userurl=[http://www.google.com/]</p>
<p>chilli.c: 2939: 0 (Debug) Successful UAM login from username=user1 IP=10.1.0.2<br />
chilli.c: 2942: 0 (Debug) Received login from UAM<br />

However when the user and password is rejected by the radius, either due to password expired, maximum usage exceeded and so on, I can get a reliable way to display the radius response on the user web page :-

<br />
redir.c: 1227: 0 (Debug) User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)<br />
redir.c: 1208: 0 (Debug) Host: <a href="http://www.google.com" title="www.google.com">www.google.com</a><br />
redir.c: 1329: 0 (Debug) -->> Setting userurl=[http://www.google.com/]<br />
redir.c: 1961: 0 (Debug) Process HTTP Request<br />
redir.c: 2081: 0 (Debug) Processing received request<br />
redir.c: 2282: 0 (Debug) redir_accept: Original request<br />
redir.c: 1885: 0 (Debug) ---->>> resetting challenge: 7544e62550e16c13ba74c63fe3f723cd<br />
redir.c: 1937: 0 (Debug) Calling redir_getstate()<br />
redir.c: 1952: 0 (Debug) Get HTTP Request<br />
redir.c: 1113: 0 (Debug) http-request: GET /logon?username=test&password=c54109e32f278a7f9150ef65ffd45079 HTTP/1.1<br />
redir.c: 1141: 0 (Debug) The path: logon<br />
redir.c: 1186: 0 (Debug) Query string: username=test&password=c54109e32f278a7f9150ef65ffd45079<br />
redir.c: 1227: 0 (Debug) User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)<br />
redir.c: 1208: 0 (Debug) Host: 10.1.0.1:3660<br />
redir.c: 1037: 0 (Debug) The parameter username is: [test]<br />
redir.c: 1262: 0 (Debug) -->> Setting username=[test]<br />
redir.c: 1037: 0 (Debug) The parameter password is: [c54109e32f278a7f9150ef65ffd45079]<br />
redir.c: 1961: 0 (Debug) Process HTTP Request<br />
redir.c: 2081: 0 (Debug) Processing received request<br />
redir.c: 2120: 0 (Debug) redir_accept: Sending radius request</p>
<p>redir.c: 1463: 0 (Debug) created radius packet (code=1, id=0, len=34)</p>
<p>redir.c: 1578: 0 (Debug) sending radius packet (code=1, id=0, len=278)</p>
<p>redir.c: 2126: 0 (Debug) Received radius reply</p>
<p>redir.c: 1885: 0 (Debug) ---->>> resetting challenge: 11554ebef60dda8ef21f8de5d87293d2<br />
redir.c: 814: 0 (Debug) Unknown res in switch<br />
redir.c: 2175: 0 (Debug) -->> Msg userurl=[http://www.google.com/]<br />

However when I use radclient I could get a proper radius reply message.

Which place is where I have problem ? Is it coovachilli on the openwrt firmware, or is it '/cgi-bin/hotspotlogin.cgi' on the web server or is it the radius server ?

Appreciate any input.

‹ Unknown res in switch 2 questions:redirect after login and slow radius reject ›
Thu, 05/07/2009 - 10:47 — mctiew

Re: problem getting proper handling when radius server rejec

mctiew wrote:

Further to this, I believe that this is a bug somewhere, because I rebooted the whiterussian-based openwrt box with coova chilli, then I could get back the login to display proper radius reply, and the reply comes back fast !

I still need to check under what conditions which I could repeat such a problem.

I am not sure if there are other cases, but one thing for sure, if a login page is left to be there for too long, then only a logon is performed, then there will not be proper handling.

Thu, 05/07/2009 - 03:35 — mctiew

Re: problem getting proper handling when radius server rejec

Further to this, I believe that this is a bug somewhere, because I rebooted the whiterussian-based openwrt box with coova chilli, then I could get back the login to display proper radius reply, and the reply comes back fast !

I still need to check under what conditions which I could repeat such a problem.

Tue, 05/05/2009 - 08:01 — mctiew

Re: problem getting proper handling when radius server rejec

No comments on the above ?

Does it mean that everybody is getting their radius reply messages from the radius server ?

Or is it just me who don't get the radius server REPLY-MESSAGE ?

Regards.