Freeradius + MySQL problem
Leigh Martell
leigh.martell at gmail.com
Fri Jan 16 15:33:45 CET 2009
I would assume that it is, otherwise it would not start with the INCLUDE
uncommented and sql set in authorize.
On Fri, Jan 16, 2009 at 9:18 AM, Luciano Afranllie <listas.luafran at gmail.com
> wrote:
> Just a stupid question.
>
> Is your freeradius compiled with mysql support?
>
> Do you have rlm_sql_mysql in your module dir?
>
> Regards
> Luciano
>
> On Fri, Jan 16, 2009 at 11:49 AM, obaid ghaznawi <onaogh at gmail.com> wrote:
> > hi, first of all, i thank all people who are giving thier time to help.
> >
> > before i subscribe here and post my email, i am searching around in
> > internet since a week
> > and trying my best to solve it, i have learned many things,but there is
> one
> > problem i cannot get it solved.
> > i am trying to make hotspot for some building, i choosed:
> > Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as
> backend
> > server
> > and CoovaAP on WRT54GL sending user credentials to backend server for
> > authentication
> > my configs (default settings not showed, lines i changed showed)
> >
> > freeradius radiusd.conf
> > ================================================
> > .
> > . all default
> > .
> > log {
> > .
> > .
> > #at the end of log{
> > auth = yes
> > auth_badpass = yes
> > auth_goodpass = yes
> > }
> >
> > modules {
> > .
> > .
> > .
> > $INCLUDE sql.conf #already there
> > $INCLUDE sql/mysql/counter.conf #already there
> > .
> > .
> > .
> > }
> >
> > authorize{
> > preprocess
> > chap
> > mschap
> > suffix
> > eap
> > sql #if i comment out sql and use file, it works, i recive
> > Packet-Accept, with SQL see the pap warning in debug text
> > pap
> > }
> >
> > accounting{
> > detail
> > sql
> > }
> >
> > session{
> > sql
> > }
> > ==================================================
> > clients.conf
> >
> > client localhost {
> > ipaddr = 127.0.0.1
> > secret = clientradsec36365
> > require_message_authenticator = no
> > nastype = other
> >
> > }
> > ==================================================
> > sql.conf
> > sql {
> > database = "mysql"
> > driver = "rlm_sql_${database}"
> > server = "localhost"
> > login = "radius"
> > password = "frsqldblogin36365"
> > radius_db = "radius"
> > .
> > .
> > .
> > sqltrace = yes
> > sqltracefile = ${logdir}/sqltrace.sql
> > .
> > .
> > }
> >
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> >
> > /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
> > mysql "radius" database, radius at localhost user granted all on radius.*
> >
> > dummy data in tables:
> >
> > mysql> SELECT * FROM radcheck;
> > +----+----------+--------------------+----+-------+
> > | id | username | attribute | op | value |
> > +----+----------+--------------------+----+-------+
> > | 1 | obaid | Cleartext-Password | := | 36365 |
> > +----+----------+--------------------+----+-------+
> > 1 row in set (0.00 sec)
> >
> > mysql> SELECT * FROM radusergroup;
> > +----------+-----------+----------+
> > | username | groupname | priority |
> > +----------+-----------+----------+
> > | obaid | hotspot | 0 |
> > +----------+-----------+----------+
> > 1 row in set (0.01 sec)
> >
> > mysql> SELECT * FROM radgroupcheck;
> > +----+-----------+-----------+----+-------+
> > | id | groupname | attribute | op | value |
> > +----+-----------+-----------+----+-------+
> > | 2 | hotspot | Auth-Type | := | Local |
> > +----+-----------+-----------+----+-------+
> > 1 row in set (0.00 sec)
> >
> >
> > mysql> SELECT * FROM radreply;
> > +----+----------+---------------+----+-------+
> > | id | username | attribute | op | value |
> > +----+----------+---------------+----+-------+
> > | 1 | obaid | Reply-Message | := | Hello |
> > +----+----------+---------------+----+-------+
> > 1 row in set (0.00 sec)
> >
> > mysql> SELECT * FROM radgroupreply;
> > +----+-----------+-----------------+----+-------------+
> > | id | groupname | attribute | op | value |
> > +----+-----------+-----------------+----+-------------+
> > | 1 | hotspot | Framed-Protocol | := | PPP |
> > | 2 | hotspot | Service-Type | := | Framed-User |
> > +----+-----------+-----------------+----+-------------+
> > 2 rows in set (0.00 sec)
> >
> > @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
> >
> > now when running /usr/sbin/freeradius -X and send auth request with
> radtest
> > i get
> > radtest obaid 36365 localhost 1812 clientradsec36365
> >
> > Sending Access-Request of id 96 to 127.0.0.1 port 1812
> > User-Name = "obaid"
> > User-Password = "36365"
> > NAS-IP-Address = 192.168.1.100
> > NAS-Port = 1812
> > rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
> > length=20
> >
> > freeradius -X:
> >
> > Listening on authentication address * port 1812
> > Listening on accounting address * port 1813
> > Listening on proxy address * port 1814
> > Ready to process requests.
> > rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
> > length=57
> > User-Name = "obaid"
> > User-Password = "36365"
> > NAS-IP-Address = 192.168.1.100
> > NAS-Port = 1812
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > ++[chap] returns noop
> > ++[mschap] returns noop
> > [suffix] No '@' in User-Name = "obaid", looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix] returns noop
> > [eap] No EAP-Message, not doing EAP
> > ++[eap] returns noop
> > ++[unix] returns notfound
> > ++[files] returns noop
> > ++[expiration] returns noop
> > ++[logintime] returns noop
> > [pap] WARNING! No "known good" password found for the user.
> Authentication
> > may fail because of this.
> > ++[pap] returns noop
> > No authenticate method (Auth-Type) configuration found for the request:
> > Rejecting the user
> > Failed to authenticate the user.
> > Login incorrect: [obaid/36365] (from client server port 1812)
> > Using Post-Auth-Type Reject
> > +- entering group REJECT {...}
> > expand: %{User-Name} -> obaid
> > attr_filter: Matched entry DEFAULT at line 11
> > ++[attr_filter.access_reject] returns updated
> > Delaying reject of request 0 for 1 seconds
> > Going to the next request
> > Waking up in 0.9 seconds.
> > Sending delayed reject for request 0
> > Sending Access-Reject of id 96 to 127.0.0.1 port 40386
> > Waking up in 4.9 seconds.
> > Cleaning up request 0 ID 96 with timestamp +17
> > Ready to process requests.
> >
> > -=========================================================
> > have you noticed that debug output doesnt talk about sql queries ???, and
> > nothing about sql queries in log files.
> >
> > i have used ntradping to send authentication request with CHAP ticked/not
> > ticked, and i get the same rad+recv:Access-Reject.
> >
> > but with all same config (except commenting sql and uncomment file in
> > radius.conf) and radtesting it works fine.
> >
> > it is probably radius cant query mysql, but i used mtop (mysql monitoring
> > tool) and it showes that radius queried mysql
> >
> > or it might be wrong dummy data...
> > -----
> >
> > i will appreciate it very much if some one will guide me through this.
> >
> > thanks for reading.
> >
> > Obaid Ghaznawi
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/b25619fc/attachment.html>
More information about the Freeradius-Users
mailing list