Freeradius + MySQL problem

Luciano Afranllie listas.luafran at gmail.com
Fri Jan 16 15:18:31 CET 2009 

Just a stupid question.

Is your freeradius compiled with mysql support?

Do you have rlm_sql_mysql in your module dir?

Regards
Luciano

On Fri, Jan 16, 2009 at 11:49 AM, obaid ghaznawi <onaogh at gmail.com> wrote:
> hi, first of all, i thank all people who are giving thier time to help.
>
> before i subscribe here and post my email,  i am searching around in
> internet since a week
> and trying my best to solve it, i have learned many things,but there is one
> problem i cannot get it solved.
> i am trying to make hotspot for some building, i choosed:
> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
> server
> and CoovaAP on WRT54GL sending user credentials to backend server for
> authentication
> my configs (default settings not showed, lines i changed showed)
>
> freeradius radiusd.conf
> ================================================
>     .
>     .     all default
>     .
> log {
>     .
>     .
>         #at the end of log{
>         auth = yes
>         auth_badpass = yes
>         auth_goodpass = yes
> }
>
> modules {
>     .
>     .
>     .
>     $INCLUDE sql.conf #already there
>     $INCLUDE sql/mysql/counter.conf #already there
>     .
>     .
>     .
> }
>
> authorize{
>         preprocess
>         chap
>         mschap
>         suffix
>         eap
>         sql #if i comment out sql and use file, it works, i recive
> Packet-Accept, with SQL see the pap warning in debug text
>         pap
> }
>
> accounting{
>         detail
>         sql
> }
>
> session{
>         sql
> }
> ==================================================
> clients.conf
>
> client localhost {
>         ipaddr = 127.0.0.1
>         secret          = clientradsec36365
>         require_message_authenticator = no
>         nastype     = other
>
> }
> ==================================================
> sql.conf
> sql {
>         database = "mysql"
>         driver = "rlm_sql_${database}"
>         server = "localhost"
>         login = "radius"
>         password = "frsqldblogin36365"
>         radius_db = "radius"
>                .
>                .
>                .
>         sqltrace = yes
>         sqltracefile = ${logdir}/sqltrace.sql
> .
> .
> }
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>
> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
> mysql "radius" database, radius at localhost user granted all on radius.*
>
> dummy data in tables:
>
> mysql> SELECT * FROM radcheck;
> +----+----------+--------------------+----+-------+
> | id | username | attribute          | op | value |
> +----+----------+--------------------+----+-------+
> |  1 | obaid    | Cleartext-Password | := | 36365 |
> +----+----------+--------------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radusergroup;
> +----------+-----------+----------+
> | username | groupname | priority |
> +----------+-----------+----------+
> | obaid    | hotspot   |        0 |
> +----------+-----------+----------+
> 1 row in set (0.01 sec)
>
> mysql> SELECT * FROM radgroupcheck;
> +----+-----------+-----------+----+-------+
> | id | groupname | attribute | op | value |
> +----+-----------+-----------+----+-------+
> |  2 | hotspot   | Auth-Type | := | Local |
> +----+-----------+-----------+----+-------+
> 1 row in set (0.00 sec)
>
>
> mysql> SELECT * FROM radreply;
> +----+----------+---------------+----+-------+
> | id | username | attribute     | op | value |
> +----+----------+---------------+----+-------+
> |  1 | obaid    | Reply-Message | := | Hello |
> +----+----------+---------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radgroupreply;
> +----+-----------+-----------------+----+-------------+
> | id | groupname | attribute       | op | value       |
> +----+-----------+-----------------+----+-------------+
> |  1 | hotspot   | Framed-Protocol | := | PPP         |
> |  2 | hotspot   | Service-Type    | := | Framed-User |
> +----+-----------+-----------------+----+-------------+
> 2 rows in set (0.00 sec)
>
> @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
>
> now when running /usr/sbin/freeradius -X and send auth request with radtest
> i get
> radtest obaid 36365 localhost 1812 clientradsec36365
>
> Sending Access-Request of id 96 to 127.0.0.1 port 1812
>         User-Name = "obaid"
>         User-Password = "36365"
>         NAS-IP-Address = 192.168.1.100
>         NAS-Port = 1812
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
> length=20
>
> freeradius -X:
>
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
> length=57
>         User-Name = "obaid"
>         User-Password = "36365"
>         NAS-IP-Address = 192.168.1.100
>         NAS-Port = 1812
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "obaid", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.  Authentication
> may fail because of this.
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [obaid/36365] (from client server port 1812)
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
>         expand: %{User-Name} -> obaid
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 96 to 127.0.0.1 port 40386
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 96 with timestamp +17
> Ready to process requests.
>
> -=========================================================
> have you noticed that debug output doesnt talk about sql queries ???, and
> nothing about sql queries in log files.
>
> i have used ntradping to send authentication request with CHAP ticked/not
> ticked, and i get the same rad+recv:Access-Reject.
>
> but with all same config (except commenting sql and uncomment file in
> radius.conf) and radtesting it works fine.
>
> it is probably radius cant query mysql, but i used mtop (mysql monitoring
> tool) and it showes that radius queried mysql
>
> or it might be wrong dummy data...
> -----
>
> i will appreciate it very much if some one will guide me through this.
>
> thanks for reading.
>
> Obaid Ghaznawi
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list