subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
500 views 2 comments
by anonymous


I'm trying to understand a behaviour I have with a RUT950 but also more globally with Coova and if something can be done on any side to avoid this.
I have a hotspot configured with an external splashpage + an external radius (freeradius 2)

Most of the time everything is working fine and clients are authenticated properly, but from time to time the User-Password sent by the RUT in the radius Access-Request is not decoded properly and I don't understand why exactly :

rad_recv: Access-Request packet from host....
        ChilliSpot-Version = "1.3.0"
        User-Name = "test"
        User-Password = "\242\033\351*\363\371/\341\252\026c\205R\277G\352"
        Service-Type = Login-User

Causing the auth to fail of course :

Info: +group PAP {
Info: [pap] login attempt with password "�?�*��/�?c?R�G�"
Info: [pap] Using clear text password "test"
Info: [pap] Passwords don't match
Info: ++[pap] = reject
Info: +} # group PAP = reject
Info: Failed to authenticate the user.
Auth: Login incorrect (rlm_pap: CLEAR TEXT password check failed): [test/\242\033\351*\363\371/\341\252\026c\205R\277G\352] 
Debug:   WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS!

I saw this topic but no answers where provided :

Is there something that can be done at any level to avoid this untimely behavior ?

Thanks and regards

1 Answer

0 votes
by anonymous

Could you please download and send me a troubleshoot file after decoding fails? Please do it via private message.

by anonymous


As it's not happening every time, the only way I found to reproduce the issue is by changing the challenge parameter in the splash page url, so of course when I'm doing this I'm getting a wrong password.

Do you think the troubleshoot file will help in that case which is not really the same when it happens ? As I didn't understand yet why it's happening.
Would you be able to detail this decoding process before the rut sends the radius access-request. That could help me to better understand the process.

I'm not the dev of our software but our code (which is working most of the time) after the splash page is :

$hexchal = pack ("H32", $challenge);
$newchal = pack ("H*", md5($hexchal . $uamsecret));
$newpwd = pack("a32", $password);
$pappassword = implode ("", unpack("H32", ($newpwd ^ $newchal)));

Then we post the credentials that the RUT will use for the auth with $uamip:$uamport/logon?username=$username&password=$pappassword



by anonymous
Can't guarantee that troubleshoot file will help to solve this, but I would like to look deeper into the configuration you have for PAP. This way maybe I'll find something that doesn't fit.