[Chilli] MACAuth problem

Ryan Day ryan.day at cirrusworks.net
Thu May 5 11:15:00 UTC 2011 

I think this is the relevant information, let me know if there is
something particular to look for.


This is me doing the initial DHCP request, the going to www.xkcd.com:

dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=ff:ff:ff:ff:ff:ff prot=0800 2048 len=342
dhcp.c: 2811: 0 (Debug) dhcp/bootps request being processed
dhcp.c: 571: 0 (Debug) DHCP newconn: 00:22:19:f7:7f:c0
chilli.c: 3721: 0 (Debug) New DHCP request from MAC=00-22-19-F7-7F-C0
chilli.c: 3724: 0 (Debug) New DHCP connection established
chilli.c: 3567: 0 (Debug) DHCP request for IP address
chilli.c: 1141: 0 (Debug) Starting radius authentication
radius.c: 1101: 0 (Debug) pw encode secret=testing123
radius.c: 1423: 0 (Debug) RADIUS to XXX.XXX.XXX.XXX:1812
ippool.c: 438: 0 (Debug) Requesting new static ip: 0.0.0.0
ippool.c: 438: 0 (Debug) Requesting new dynamic ip: 0.0.0.0
chilli.c: 3676: 0 (Debug) Client MAC=00-22-19-F7-7F-C0 assigned IP
10.192.156.2
dhcp.c: 2077: 0 (Debug) !!! dhcp server :  !!!
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=ff:ff:ff:ff:ff:ff prot=0800 2048 len=354
dhcp.c: 2811: 0 (Debug) dhcp/bootps request being processed
dhcp.c: 2077: 0 (Debug) !!! dhcp server :  !!!
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:1f:27:8e:2b:04
dst=01:00:0c:cc:cc:cd prot=0032 50 len=64
dhcp.c: 3452: 0 (Debug) Layer2 PROT: 0x0032 dropped
chilli.c: 3211: 0 (Debug) Received RADIUS response
chilli.c: 3277: 0 (Debug) Radius Access-Accept from radius server
radius.c: 1423: 0 (Debug) RADIUS to XXX.XXX.XXX.XXX:1813
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=ff:ff:ff:ff:ff:ff prot=0806 2054 len=60
dhcp.c: 3878: 0 (Debug) ARP: 00-22-19-F7-7F-C0 asking about 10.192.156.1
dhcp.c: 3803: 0 (Debug) ARP: Replying to 10.192.156.2 / 00-22-19-F7-7F-C0
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:25:90:01:32:f7
dst=00:22:19:f7:7f:c0 prot=0806 2054 len=42
dhcp.c: 3837: 0 (Debug) ARP: Received other ARP than request!
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=01:00:5e:7f:ff:fa prot=0800 2048 len=1036
dhcp.c: 2796: 0 (Debug) Not for our MAC or broadcast: 01-00-5E-7F-FF-FA
dhcp.c: 3452: 0 (Debug) Layer2 PROT: 0x0032 dropped
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:1f:27:8e:2b:04
dst=01:00:0c:cc:cc:cd prot=0032 50 len=64
dhcp.c: 3452: 0 (Debug) Layer2 PROT: 0x0032 dropped
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=ff:ff:ff:ff:ff:ff prot=0800 2048 len=92
dhcp.c: 2891: 0 (Debug) Broadcasted UDP to port 137
radius.c: 1423: 0 (Debug) RADIUS to XXX.XXX.XXX.XXX:1813
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:1f:27:8e:2b:04
dst=01:00:0c:cc:cc:cd prot=0032 50 len=64
dhcp.c: 3452: 0 (Debug) Layer2 PROT: 0x0032 dropped
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=ff:ff:ff:ff:ff:ff prot=0806 2054 len=60
dhcp.c: 3878: 0 (Debug) ARP: 00-22-19-F7-7F-C0 asking about 10.192.156.1
dhcp.c: 3803: 0 (Debug) ARP: Replying to 10.192.156.2 / 00-22-19-F7-7F-C0
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:25:90:01:32:f7
dst=00:22:19:f7:7f:c0 prot=0806 2054 len=42
dhcp.c: 3837: 0 (Debug) ARP: Received other ARP than request!
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=00:25:90:01:32:f7 prot=0800 2048 len=72
dhcp.c: 1386: 0 (Debug) dhcp_dns plen=72 dlen=18 olen=18
dhcp.c: 1388: 0 (Debug) DNS ID:    45657
dhcp.c: 1389: 0 (Debug) DNS Flags: 256
dhcp.c: 1411: 0 (Debug) qd: 1
dns.c: 182: 0 (Debug) dns_copy_res(left=18 olen=18 qsize=512)
dns.c: 205: 0 (Debug) It was a dns record type: 1 class: 1
dns.c: 39: 0 (Debug) dlen=512 reslen=18 olen=18 lvl=0
dns.c: 73: 0 (Debug) part[www] reslen=17 l=3 dlen=512
dns.c: 73: 0 (Debug) part[xkcd] reslen=13 l=4 dlen=508
dns.c: 73: 0 (Debug) part[com] reslen=8 l=3 dlen=503
dns.c: 234: 0 (Debug) Q: www.xkcd.com
dhcp.c: 1412: 0 (Debug) an: 2
dns.c: 182: 0 (Debug) dns_copy_res(left=30 olen=48 qsize=512)
dns.c: 205: 0 (Debug) It was a dns record type: 5 class: 1
dns.c: 182: 0 (Debug) dns_copy_res(left=16 olen=48 qsize=512)
dns.c: 205: 0 (Debug) It was a dns record type: 1 class: 1
dns.c: 265: 0 (Debug) A record
dns.c: 270: 0 (Debug) checking .paypal.com [www.xkcd.com]
dns.c: 270: 0 (Debug) checking .paypalobjects.com [www.xkcd.com]
dhcp.c: 1413: 0 (Debug) ns: 0
dhcp.c: 1414: 0 (Debug) ar: 0
dhcp.c: 1416: 0 (Debug) left (should be zero): 0
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=00:25:90:01:32:f7 prot=0800 2048 len=66
chilli.c: 466: 0 (Debug) Leaky bucket timediff: 0, bucketup: 72/5000,
bucketdown: 88/5000, up: 66, down: 0
tun.c: 705: 0 (Debug) tun_decaps(idx=0, len=52)




Further down the debug I see:

dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:1f:27:8e:2b:04
dst=01:00:0c:cc:cc:cd prot=0032 50 len=64
dhcp.c: 3452: 0 (Debug) Layer2 PROT: 0x0032 dropped
tun.c: 705: 0 (Debug) tun_decaps(idx=0, len=1470)
chilli.c: 466: 0 (Debug) Leaky bucket timediff: 1, bucketup: 2614/5000,
bucketdown: 4430/5000, up: 0, down: 1470
chilli.c: 506: 0 (Debug) Leaky bucket deleting downlink packet
tun.c: 705: 0 (Debug) tun_decaps(idx=0, len=40)
chilli.c: 466: 0 (Debug) Leaky bucket timediff: 1, bucketup: 2486/5000,
bucketdown: 4302/5000, up: 0, down: 40
dhcp.c: 3715: 0 (Debug) adding 14 to IP frame length 40
radius.c: 1423: 0 (Debug) RADIUS to 173.203.238.107:1813
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=00:25:90:01:32:f7 prot=0800 2048 len=60
tun.c: 705: 0 (Debug) tun_decaps(idx=0, len=40)
dhcp.c: 3715: 0 (Debug) adding 14 to IP frame length 40
tun.c: 705: 0 (Debug) tun_decaps(idx=0, len=40)
dhcp.c: 3715: 0 (Debug) adding 14 to IP frame length 40
dhcp.c: 1996: 0 (Debug) Resetting connection on port 80->65379 (undo)
dhcp.c: 3742: 0 (Debug) dhcp_undoDNAT() returns true
tun.c: 705: 0 (Debug) tun_decaps(idx=0, len=40)
dhcp.c: 3715: 0 (Debug) adding 14 to IP frame length 40
dhcp.c: 1996: 0 (Debug) Resetting connection on port 80->65379 (undo)
dhcp.c: 3742: 0 (Debug) dhcp_undoDNAT() returns true
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=00:25:90:01:32:f7 prot=0800 2048 len=66
tun.c: 705: 0 (Debug) tun_decaps(idx=0, len=52)
dhcp.c: 3715: 0 (Debug) adding 14 to IP frame length 52
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=00:25:90:01:32:f7 prot=0800 2048 len=60
dhcp.c: 3421: 0 (Debug) dhcp_decaps: src=00:22:19:f7:7f:c0
dst=00:25:90:01:32:f7 prot=0800 2048 len=733
tun.c: 705: 0 (Debug) tun_decaps(idx=0, len=40)
dhcp.c: 3715: 0 (Debug) adding 14 to IP frame length 40
redir.c: 2097: 0 (Debug) end of http-request
redir.c: 2324: 0 (Debug) -->> Setting
userurl=[http://www.google.com/cse/brand?form=cse-search-box&lang=en]
redir.c: 3490: 0 (Debug) Processing received request
redir.c: 3705: 0 (Debug) redir_accept: Original request
redir.c: 3726: 0 (Debug) ---->>> resetting challenge:
f4466fbc1fa3ddcd3714c05c35436dfa
redir.c: 3735: 0 (Debug) ---->>> challenge: f4466fbc1fa3ddcd3714c05c35436dfa
redir.c: 2969: 0 (Debug) close_exit

Which, I'm assuming, is where I'm no longer authenticated.


On 05/05/2011 01:48 AM, David Bird wrote:
> What does the chilli debug output say? 
>
> --
>   David Bird
>   Coova Technologies, LLC
>
> On May 4, 2011, at 8:15 PM, Ryan Day <ryan.day at cirrusworks.net> wrote:
>
>> I'm running coova 1.2.5, with
>>
>> /usr/local/sbin/chilli --macpasswd macpass --macauth --uamanydns -c
>> /etc/chilli2.conf --tundev tun1 -d --fg
>>
>> as my command line. I'm trying to use MAC authentication, and am seeing
>> a very strange problem.
>>
>> When I first get a DHCP reply to my laptop, I can watch the RADIUS
>> request go out, the server accepts it, and sends back the accept
>> message. I can watch the process over tcpdump, and in all the logs. I am
>> able to load the data for that first request(so all the text on a
>> webpage, but no images or javascript). When I try to reload the page, I
>> am sent to my splash page and asked to login.
>>
>> It looks like each request after the very first are not being
>> authenticated. If I use --macreauth, I can see the RADIUS requests being
>> sent out everytime I visit a page, the requests are accepted(tcpdump
>> shows me the accept come back), but I'm still redirected to the splash page.
>>
>> Am I missing a step, or using the wrong options, or anything else?
>> Thanks for any ideas!
>>
>>
>> Ryan
>> _______________________________________________
>> Chilli mailing list
>> Chilli at coova.org
>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli

More information about the Chilli mailing list