No MySQL queries with freeradius 2.x from Lenny

Tim Sylvester tim.sylvester at networkradius.com
Thu Mar 5 10:01:25 CET 2009


Denny,

A couple of things:

1. Check the SQL How To at: http://wiki.freeradius.org/SQL_HOWTO

2. The radcheck table should have entries like:

     mysql> select * from radcheck;
     +----+----------------+--------------------+------------------+------+
     | id | UserName       | Attribute          | Value            | Op   | 
     +----+----------------+--------------------+------------------+------+
     |  1 | fredf          | Cleartext-Password | wilma            | :=   |
     |  2 | barney         | Cleartext-Password | betty            | :=   |
     |  2 | dialrouter     | Cleartext-Password | dialup           | :=   |
     +----+----------------+--------------------+------------------+------+
     3 rows in set (0.01 sec)

Your table has the Password attribute and Op is ==

3. Send all of the debug output from the radius server. The useful
information is missing from this section of the debug output:

Wed Mar  4 20:00:03 2009 : Debug: ++[unix] returns notfound
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: calling sql
(rlm_sql) for request 1
Wed Mar  4 20:00:03 2009 : Debug: rlm_sql (sql): Reserving sql socket id: 2
Wed Mar  4 20:00:03 2009 : Debug: 



	expand:  ->
Wed Mar  4 20:00:03 2009 : Error: rlm_sql (sql): Error generating query;
rejecting user


Wed Mar  4 20:00:03 2009 : Debug: rlm_sql (sql): Released sql socket id:2
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: returned from sql
(rlm_sql) for request 1
Wed Mar  4 20:00:03 2009 : Debug: ++[sql] returns fail
Wed Mar  4 20:00:03 2009 : Auth: Invalid user: [chillispot/chillispot] (from
client localhost port 0)


Tim

-----Original Message-----
From:
freeradius-users-bounces+tim.sylvester=networkradius.com at lists.freeradius.or
g
[mailto:freeradius-users-bounces+tim.sylvester=networkradius.com at lists.freer
adius.org] On Behalf Of Denny Schierz
Sent: Thursday, March 05, 2009 12:40 AM
To: freeradius-users at lists.freeradius.org
Subject: No MySQL queries with freeradius 2.x from Lenny

hi,

i tried to get coopa chilli running, but i have problems with radius and
mysql. Radius works with users from "files", but not with mysql. I can only
see on startup some mysql messages (connect) but no queries at all.
The system Debian Lenny.

sql.conf

sql {
	database = "mysql"

	driver = "rlm_sql_mysql"

	server = "localhost"
	login = "radius"
	password = "secret"

	radius_db = "radius"

	acct_table1 = "radacct"
	acct_table2 = "radacct"

	postauth_table = "radpostauth"

	authcheck_table = "radcheck"
	authreply_table = "radreply"

	groupcheck_table = "radgroupcheck"
	groupreply_table = "radgroupreply"

	usergroup_table = "radusergroup"


	deletestalesessions = yes

	sqltrace = yes
	sqltracefile = ${logdir}/sqltrace.sql

	num_sql_socks = 5

	connect_failure_retry_delay = 60

	readclients = yes

	nas_table = "nas"

}

(from a small egrep command, hope, there is everything ok)


Debug Output:

rad_recv: Access-Request packet from host 127.0.0.1 port 51722, id=2,
length=199
	Vendor-14559-Attr-8 = 0x312e302e3132
	User-Name = "chillispot"
	User-Password = "chillispot"
	Service-Type = Administrative-User
	NAS-Port-Type = Wireless-802.11
	NAS-IP-Address = 10.1.0.1
	Called-Station-Id = "00-0C-29-98-FE-1D"
	NAS-Identifier = "nas01"
	WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,"
	WISPr-Location-Name = "My_HotSpot"
	Acct-Session-Id = "49aec18f00000000"
	Message-Authenticator = 0x21b6e2efd764dc022a55ff0b7ecd3072

Wed Mar  4 20:00:03 2009 : Debug: +- entering group authorize
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1 Wed Mar  4 20:00:03 2009 : Debug:
++[preprocess] returns ok
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: calling chap
(rlm_chap) for request 1
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: returned from
chap (rlm_chap) for request 1
Wed Mar  4 20:00:03 2009 : Debug: ++[chap] returns noop
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: calling mschap
(rlm_mschap) for request 1
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1
Wed Mar  4 20:00:03 2009 : Debug: ++[mschap] returns noop
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: calling suffix
(rlm_realm) for request 1
Wed Mar  4 20:00:03 2009 : Debug:     rlm_realm: No '@' in User-Name =
"chillispot", looking up realm NULL
Wed Mar  4 20:00:03 2009 : Debug:     rlm_realm: No such realm "NULL"
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: returned from
suffix (rlm_realm) for request 1
Wed Mar  4 20:00:03 2009 : Debug: ++[suffix] returns noop
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: calling eap
(rlm_eap) for request 1
Wed Mar  4 20:00:03 2009 : Debug:   rlm_eap: No EAP-Message, not doing
EAP
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: returned from
eap (rlm_eap) for request 1
Wed Mar  4 20:00:03 2009 : Debug: ++[eap] returns noop
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: calling unix
(rlm_unix) for request 1
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: returned from
unix (rlm_unix) for request 1
Wed Mar  4 20:00:03 2009 : Debug: ++[unix] returns notfound
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: calling sql
(rlm_sql) for request 1
Wed Mar  4 20:00:03 2009 : Debug: rlm_sql (sql): Reserving sql socket
id: 2
Wed Mar  4 20:00:03 2009 : Debug: 



	expand:  ->
Wed Mar  4 20:00:03 2009 : Error: rlm_sql (sql): Error generating query;
rejecting user


Wed Mar  4 20:00:03 2009 : Debug: rlm_sql (sql): Released sql socket id:
2
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[authorize]: returned from
sql (rlm_sql) for request 1
Wed Mar  4 20:00:03 2009 : Debug: ++[sql] returns fail
Wed Mar  4 20:00:03 2009 : Auth: Invalid user: [chillispot/chillispot]
(from client localhost port 0)
Wed Mar  4 20:00:03 2009 : Debug:   Found Post-Auth-Type Reject
Wed Mar  4 20:00:03 2009 : Debug: +- entering group REJECT
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 1
Wed Mar  4 20:00:03 2009 : Debug: 	expand: %{User-Name} -> chillispot
Wed Mar  4 20:00:03 2009 : Debug:  attr_filter: Matched entry DEFAULT at
line 11
Wed Mar  4 20:00:03 2009 : Debug:   modsingle[post-auth]: returned from
attr_filter.access_reject (rlm_attr_filter) for request 1
Wed Mar  4 20:00:03 2009 : Debug: ++[attr_filter.access_reject] returns
updated
Wed Mar  4 20:00:03 2009 : Debug: Delaying reject of request 1 for 1
seconds
Wed Mar  4 20:00:03 2009 : Debug: Going to the next request
Wed Mar  4 20:00:03 2009 : Debug: Waking up in 0.9 seconds.
Wed Mar  4 20:00:04 2009 : Debug: Sending delayed reject for request 1
Sending Access-Reject of id 2 to 127.0.0.1 port 51722
Wed Mar  4 20:00:04 2009 : Debug: Waking up in 4.9 seconds.
Wed Mar  4 20:00:09 2009 : Debug: Cleaning up request 1 ID 2 with
timestamp +63
Wed Mar  4 20:00:09 2009 : Debug: Ready to process requests.


SQL Table;

mysql> select * from radcheck;
+----+------------+-----------+----+------------+
| id | UserName   | Attribute | op | Value      |
+----+------------+-----------+----+------------+
|  1 | mysqltest  | Password  | == | testsecret | 
|  2 | chillispot | Password  | == | chillispot | 
+----+------------+-----------+----+------------+
2 rows in set (0.00 sec)


mysql> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| nas              | 
| radacct          | 
| radcheck         | 
| radgroupcheck    | 
| radgroupreply    | 
| radpostauth      | 
| radreply         | 
| usergroup        | 
+------------------+
8 rows in set (0.00 sec)

i also tested to set "read_groups = no" instead of yes, but no luck.

any suggestions?

cu denny





More information about the Freeradius-Users mailing list