Freeradius + MySQL problem

tnt at kalik.net tnt at kalik.net
Fri Jan 16 15:50:04 CET 2009 

Yes. Post the whole debug including startup. Something is not right here.
authorize is not in radiusd.conf in 2.x.

Ivan Kalik
Kalik Informatika ISP


Dana 16/1/2009, "Leigh Martell" <leigh.martell at gmail.com> piše:

>Post the entire debug from start to finish and as well as some tests. The
>first whack of debug tells you how freeradius is parsing your config.
>
>Once you have that done we should be able to figure where the issue lie.
>
>Take Care,
>Leigh
>
>On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi <onaogh at gmail.com> wrote:
>
>> hi, first of all, i thank all people who are giving thier time to help.
>>
>> before i subscribe here and post my email,  i am searching around in
>> internet since a week
>> and trying my best to solve it, i have learned many things,but there is one
>> problem i cannot get it solved.
>> i am trying to make hotspot for some building, i choosed:
>> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
>> server
>> and CoovaAP on WRT54GL sending user credentials to backend server for
>> authentication
>> my configs (default settings not showed, lines i changed showed)
>>
>> freeradius radiusd.conf
>> ================================================
>>     .
>>     .     all default
>>     .
>> log {
>>     .
>>     .
>>         #at the end of log{
>>         auth = yes
>>         auth_badpass = yes
>>         auth_goodpass = yes
>> }
>>
>> modules {
>>     .
>>     .
>>     .
>>     $INCLUDE sql.conf #already there
>>     $INCLUDE sql/mysql/counter.conf #already there
>>     .
>>     .
>>     .
>> }
>>
>> authorize{
>>         preprocess
>>         chap
>>         mschap
>>         suffix
>>         eap
>>         sql #if i comment out sql and use file, it works, i recive
>> Packet-Accept, with SQL see the pap warning in debug text
>>         pap
>> }
>>
>> accounting{
>>         detail
>>         sql
>> }
>>
>> session{
>>         sql
>> }
>> ==================================================
>> clients.conf
>>
>> client localhost {
>>         ipaddr = 127.0.0.1
>>         secret          = clientradsec36365
>>         require_message_authenticator = no
>>         nastype     = other
>>
>> }
>> ==================================================
>> sql.conf
>> sql {
>>         database = "mysql"
>>         driver = "rlm_sql_${database}"
>>         server = "localhost"
>>         login = "radius"
>>         password = "frsqldblogin36365"
>>         radius_db = "radius"
>>                .
>>                .
>>                .
>>         sqltrace = yes
>>         sqltracefile = ${logdir}/sqltrace.sql
>> .
>> .
>> }
>>
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>
>> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
>> mysql "radius" database, radius at localhost user granted all on radius.*
>>
>> dummy data in tables:
>>
>> mysql> SELECT * FROM radcheck;
>> +----+----------+--------------------+----+-------+
>> | id | username | attribute          | op | value |
>> +----+----------+--------------------+----+-------+
>> |  1 | obaid    | Cleartext-Password | := | 36365 |
>> +----+----------+--------------------+----+-------+
>> 1 row in set (0.00 sec)
>>
>> mysql> SELECT * FROM radusergroup;
>> +----------+-----------+----------+
>> | username | groupname | priority |
>> +----------+-----------+----------+
>> | obaid    | hotspot   |        0 |
>> +----------+-----------+----------+
>> 1 row in set (0.01 sec)
>>
>> mysql> SELECT * FROM radgroupcheck;
>> +----+-----------+-----------+----+-------+
>> | id | groupname | attribute | op | value |
>> +----+-----------+-----------+----+-------+
>> |  2 | hotspot   | Auth-Type | := | Local |
>> +----+-----------+-----------+----+-------+
>> 1 row in set (0.00 sec)
>>
>>
>> mysql> SELECT * FROM radreply;
>> +----+----------+---------------+----+-------+
>> | id | username | attribute     | op | value |
>> +----+----------+---------------+----+-------+
>> |  1 | obaid    | Reply-Message | := | Hello |
>> +----+----------+---------------+----+-------+
>> 1 row in set (0.00 sec)
>>
>> mysql> SELECT * FROM radgroupreply;
>> +----+-----------+-----------------+----+-------------+
>> | id | groupname | attribute       | op | value       |
>> +----+-----------+-----------------+----+-------------+
>> |  1 | hotspot   | Framed-Protocol | := | PPP         |
>> |  2 | hotspot   | Service-Type    | := | Framed-User |
>> +----+-----------+-----------------+----+-------------+
>> 2 rows in set (0.00 sec)
>>
>> @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
>>
>> now when running /usr/sbin/freeradius -X and send auth request with radtest
>> i get
>> radtest obaid 36365 localhost 1812 clientradsec36365
>>
>> Sending Access-Request of id 96 to 127.0.0.1 port 1812
>>         User-Name = "obaid"
>>         User-Password = "36365"
>>         NAS-IP-Address = 192.168.1.100
>>         NAS-Port = 1812
>> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
>> length=20
>>
>> freeradius -X:
>>
>> Listening on authentication address * port 1812
>> Listening on accounting address * port 1813
>> Listening on proxy address * port 1814
>> Ready to process requests.
>> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
>> length=57
>>         User-Name = "obaid"
>>         User-Password = "36365"
>>         NAS-IP-Address = 192.168.1.100
>>         NAS-Port = 1812
>> +- entering group authorize {...}
>> ++[preprocess] returns ok
>> ++[chap] returns noop
>> ++[mschap] returns noop
>> [suffix] No '@' in User-Name = "obaid", looking up realm NULL
>> [suffix] No such realm "NULL"
>> ++[suffix] returns noop
>> [eap] No EAP-Message, not doing EAP
>> ++[eap] returns noop
>> ++[unix] returns notfound
>> ++[files] returns noop
>> ++[expiration] returns noop
>> ++[logintime] returns noop
>> [pap] WARNING! No "known good" password found for the user.  Authentication
>> may fail because of this.
>> ++[pap] returns noop
>> No authenticate method (Auth-Type) configuration found for the request:
>> Rejecting the user
>> Failed to authenticate the user.
>> Login incorrect: [obaid/36365] (from client server port 1812)
>> Using Post-Auth-Type Reject
>> +- entering group REJECT {...}
>>         expand: %{User-Name} -> obaid
>>  attr_filter: Matched entry DEFAULT at line 11
>> ++[attr_filter.access_reject] returns updated
>> Delaying reject of request 0 for 1 seconds
>> Going to the next request
>> Waking up in 0.9 seconds.
>> Sending delayed reject for request 0
>> Sending Access-Reject of id 96 to 127.0.0.1 port 40386
>> Waking up in 4.9 seconds.
>> Cleaning up request 0 ID 96 with timestamp +17
>> Ready to process requests.
>>
>> -=========================================================
>> have you noticed that debug output doesnt talk about sql queries ???, and
>> nothing about sql queries in log files.
>>
>> i have used ntradping to send authentication request with CHAP ticked/not
>> ticked, and i get the same rad+recv:Access-Reject.
>>
>> but with all same config (except commenting sql and uncomment file in
>> radius.conf) and radtesting it works fine.
>>
>> it is probably radius cant query mysql, but i used mtop (mysql monitoring
>> tool) and it showes that radius queried mysql
>>
>> or it might be wrong dummy data...
>> -----
>>
>> i will appreciate it very much if some one will guide me through this.
>>
>> thanks for reading.
>>
>> Obaid Ghaznawi
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>

More information about the Freeradius-Users mailing list