FreeRadius Accounting not working, bad passwords not cheked

I'm trying to configure a captive portal using a router with OpenWRT+ChilliSpot and an external server with Freeradius and a Web Server.

• ChilliSpot 1.3.0

My issue right now is that the freeradius server answer OK if the username exists on database, no matter if password is correct or not

After a few months fighting with the router it seems everything works as it's suposed to be:

• You connect to the wifi (you don't have access to internet)
• The router redirects you to the captive portal
• You make the login, that's managed by Chilli who send the login to FreeRadius
• If your user/password is correct, you gain access to internet

Everything worked fine, until I tried to set Freeradius to use MySQL. I'm kinda lost with all the atributes, I'll make a resume about the structure I'm trying to achieve:

• Group General with Session-Timeout and Idle-Timeout (This both are working fine)
  • I have set the Session and Idle timeout in the table radgroupreply
• Users with Expiration and Chap-Passwords
  • I added this atributes to table radcheck

I've added also in my intent to make things work some other attributes:

• Service-Type == Login-User
• Fall-Through = Yes

Into radcheck and radgroupcheck tables (I supose I must change this)

I've trying to read/find some place to know about the FreeRadius attributes but I'm never sure about them, If I shall put them in radchek or radreply (or radgroupcheck/radgroupreply). I've cheked FreeRadius RFC but I'm never sure about the attributes.

This is the query sent by Chilli to Freeradius:

rad_recv: Accounting-Request packet from host  port 58620, id=16, length=222
        ChilliSpot-Version = "1.3.0-svn"
        ChilliSpot-Attr-10 = 0x00000002
        Event-Timestamp = "Jan  1 1970 00:17:18 UTC"
        User-Name = "garcia"
        Acct-Status-Type = Start
        Acct-Session-Id = "549198cb00000001"
        Framed-IP-Address = 10.1.0.2
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        NAS-Port-Id = "00000001"
        Calling-Station-Id = "HH-HH-HH-HH-HH-HH"
        Called-Station-Id = "HH-HH-HH-HH-HH-HH"
        NAS-IP-Address = 10.1.0.1
        NAS-Identifier = "mynas"

And this is the full trace that is executed by freeradius:

# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 123.123.123.123,NAS-IP-Address = 10.1.0.1,Acct-Session-Id = "549198cb00000001",User-Name 
= "garcia"'
[acct_unique] Acct-Unique-Session-ID = "7d27c494d7b404c8".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "garcia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/freeradius/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 123.123.123.123
[detail]        expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freerad
ius/radacct/123.123.123.123/detail-20141217
[detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/rad
acct/123.123.123.123/detail-20141217
[detail]        expand: %t -> Wed Dec 17 15:00:38 2014
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> garcia
++[radutmp] returns ok
[sql] expand: %{User-Name} -> garcia
[sql] sql_set_user escaped user --> 'garcia'
[sql] expand: %{Acct-Delay-Time} ->
[sql] ... expanding second conditional
[sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime,  acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,  acctoutputoctets, calledstationid,  callingstationid, acctterminatecause, servicetype,framedprotocol,   framedipaddress, acctstartdelay,   acctstopdelay,    xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: MYSQL check_error: 1054 received
[sql] Couldn't insert SQL accounting START record - Unknown column 'xascendsessionsvrkey' in 'field list'
[sql] expand: %{Acct-Delay-Time} ->
[sql] ... expanding second conditional
[sql] expand:UPDATE radacct SET acctstarttime     = '%S', acctstartdelay    = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid  = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress     = '%{NAS-IP-Address}' ->UPDATE radacct SET acctstarttime     = '2014-12-17 15:00:38', acctstartdelay    = '0', connectinfo_start = '' WHERE acctsessionid  = '549198cb00000001' AND username = 'garcia' AND nasipaddress     = '10.1.0.1'
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok

If I remove the Auth-Type := Accept from the radgroupcheck table the login fails here:

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "garcia" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.

But the user has Chap-Password defined in the radcheck table !

• Wich is the simplest way to log users with Chap-Passwords ?
• What should I have in radchek, radreply, radgroupcheck and radgroupreply ?

Finally solved my issue, the problem was a tipo issue, I have in my database:

 160 | e6867740-7d07-4783-b210-5cc3accb44eb | ClearText-Password | := | pass

I wrote ClearText-Password with the T of "text" in capital letter.

The right way is Cleartext-Password with the t of "text" non capital letter.