Yes, sorry I meant NAS. You should see an md5 hash of the password in the access request packet. Use wireshark to decode each packet type. That always helps me.
https://wiki.freeradius.org/protocol/Access-Request On Sat, Nov 17, 2018, 5:53 PM Marty Plummer <[email protected] wrote: > Oh wait, do you mean the NAS? Those are all Cisco Meraki MT24's running > OpenWRT > (hopefully once I get this sorted I'll be able to manage them with > openwisp). I've managed > to get a capture of one of the packets, I'm not seeing a User-Password > attribute at all. > > 22:42:45.609551 IP (tos 0x0, ttl 63, id 12096, offset 0, flags [none], > proto UDP (17), length 225) > 10.141.99.51.41461 > 23684b3bc3a7.1812: [udp sum ok] RADIUS, length: > 197 > Access-Request (1), id: 0x88, Authenticator: > 6841fe060f8f623bdc8c09250ccc73e8 > User-Name Attribute (1), length: 10, Value: aleath56 > 0x0000: 616c 6561 7468 3536 > Called-Station-Id Attribute (30), length: 31, Value: > 8A-DC-96-07-AF-F5:GoodSamWifi > 0x0000: 3841 2d44 432d 3936 2d30 372d 4146 2d46 > 0x0010: 353a 476f 6f64 5361 6d57 6966 69 > NAS-Port-Type Attribute (61), length: 6, Value: Wireless - IEEE > 802.11 > 0x0000: 0000 0013 > Service-Type Attribute (6), length: 6, Value: Framed > 0x0000: 0000 0002 > NAS-Port Attribute (5), length: 6, Value: 1 > 0x0000: 0000 0001 > Calling-Station-Id Attribute (31), length: 19, Value: > C0-EE-FB-5B-6A-1F > 0x0000: 4330 2d45 452d 4642 2d35 422d 3641 2d31 > 0x0010: 46 > Connect-Info Attribute (77), length: 24, Value: CONNECT 54Mbps > 802.11a > 0x0000: 434f 4e4e 4543 5420 3534 4d62 7073 2038 > 0x0010: 3032 2e31 3161 > Acct-Session-Id Attribute (44), length: 18, Value: > 3397D5BA38CC6B22 > 0x0000: 3333 3937 4435 4241 3338 4343 3642 3232 > Unknown Attribute (186), length: 6, Value: > 0x0000: 000f ac04 > Unknown Attribute (187), length: 6, Value: > 0x0000: 000f ac04 > Unknown Attribute (188), length: 6, Value: > 0x0000: 000f ac01 > Framed-MTU Attribute (12), length: 6, Value: 1400 > 0x0000: 0000 0578 > EAP-Message Attribute (79), length: 15, Value: .. > 0x0000: 02e6 000d 0161 6c65 6174 6835 36 > Message-Authenticator Attribute (80), length: 18, Value: > .....qV....Q...G > 0x0000: aab7 b311 a071 5616 16cc ff51 e72e 0847 > > > > On Saturday, November 17, 2018 at 4:20:01 PM UTC-6, Marty Plummer wrote: >> >> Clients are varied, I've tried with android (running lineageos, >> relatively recent update) and >> windows 10 (yeah, I kinda expect that to be fucky). I also have some >> users using various >> mac hardware. The only thing that tests correctly is radtest and manual >> curl's. >> >> On Saturday, November 17, 2018 at 3:54:25 PM UTC-6, 2stacks wrote: >>> >>> Apologies if Im asking things you've already answered but what is the >>> client that should be sending the password? Have you tried capturing the >>> traffic to see if the password is being sent? Did you say if testing with >>> radtest works? Perhaps its not a freeradius config issue but something >>> wonky with the client. >>> >>> On Sat, Nov 17, 2018, 4:33 PM Marty Plummer <[email protected] wrote: >>> >>>> Even with using exactly and only what you have in the authorize...etc >>>> sections of >>>> sites-available/default, %{User-Password} still expands to empty. There >>>> has been >>>> no change to that regardless of what suggested changes I've made. >>>> >>>> On Saturday, November 17, 2018 at 1:42:08 PM UTC-6, Federico Capoano >>>> wrote: >>>>> >>>>> PS: >>>>> >>>>> On Saturday, November 17, 2018 at 8:28:29 PM UTC+1, Marty Plummer >>>>> wrote: >>>>>> >>>>>> So is that authorize section the entire thing? as in, comment >>>>>> out/delete the defaults and >>>>>> replace it with that? >>>>>> >>>>> >>>>> Yes >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "OpenWISP" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
