CoovaChilli Authentication

2.1k views Asked by At

I'm trying to authenticate with CoovaChilli using Radiusd (FreeRADIUS v2.2.5) which is running on Ubuntu 14.04 and I can't succeed.

CoovaChilli is using some different parameters beside to ChilliSpot.

Based on it's own documentation, CoovaChili works with Auth: 0 or 1 Chillispot works with Accept or Reject.

The problem is that I've tried both versions and I still cannot authenticate with radius. Do I have to modify anything in exec module ? I want to keep working both versions (chillispot, coovachilli)

Radius Error Received

...
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
  WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
...

Authorize section

authorize {
...
        exec
       update control {
                Auth-Type := "%{reply:Auth-Type}"
        }
...
}

Exec module

exec {
        wait = yes
        program = "authenticate.php"
        input_pairs = request
        shell_escape = yes
        output = none
        timeout = 10
        output_pairs = reply
}
2

There are 2 answers

0
Arran Cudbard-Bell On

Well your shared secret is incorrect if you're getting the above error. The Access-Accept or Access-Reject is signed using the shared secret, so if it's wrong Chillispot will ignore the response.

0
eddyP23 On

I got this error when in

/etc/raddb/clients.conf

I defined the password of the client with a whitespace character.

Like:

client myClient {
    ipaddr = 999.999.999.999
    secret = password 123
}