Tying radius to mysql...
rktechie
rthornt at yahoo.com
Thu Oct 14 19:02:29 CEST 2010
I'm sure I am missing something simple and probably obvious. Now that I have
installed freeradius (2.1.9-1.fc13.i686) and imported the mysql schema and
populated it with a test user, I would like to know if there are some basic
config instructions for telling freeradius to actually use the users from
the db rather than the /etc/raddb/users file?
radtest testing1 guest 127.0.0.1 0 testing123
results in
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=27,
length=20
but if I put my "testing1" user in /etc/raddb/users it accepts the login ok.
I'm not real clear on what data I need in the db. What is the minimum to
create a valid test? NAS info? I tried following
http://wiki.freeradius.org/SQL_HOWTO but the radius server doesn't seem to
be talking to mysql.
In my troubleshooting, I added "sql" at the bottom of the "instantiate"
section in the /etc/raddb/radiusd.conf file (Is this the proper way to get
them talking?), and now radiusd does seem to communicate with mysql, but
although it successfully logs in it doesn't seem to interact with the user
data to authorize anything. It seems there is something else I need to add
to the config files to make radius look to mysql rather than a users file
for the data. (I would like to have freeradius log all the authorization
info to mysql as well, but first things first...)
My `radcheck` table contains:
INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES
(1, 'testing1', 'Cleartext-Password', ':=', 'guest');
Some of the output from radiusd -X
...
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf
...
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
Module: Linked to module rlm_sql
Module: Instantiating sql
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = ""
login = "rad1"
password = "rad1"
radius_db = "rad1"
read_groups = yes
sqltrace = no
sqltracefile = "/var/log/radius/sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret, server
FROM nas"
...
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to rad1 at localhost:/rad1
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
}
radiusd: #### Loading Virtual Servers ####
...
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Ready to process requests.
...
Running radtest from the terminal:
radtest testing1 guest 127.0.0.1 0 testing123
Sending Access-Request of id 66 to 127.0.0.1 port 1812
User-Name = "testing1"
User-Password = "guest"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=66,
length=20
...
rad_recv: Access-Request packet from host 127.0.0.1 port 41218, id=66,
length=60
User-Name = "testing1"
User-Password = "guest"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testing1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> testing1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 66 to 127.0.0.1 port 41218
Waking up in 4.9 seconds.
Cleaning up request 1 ID 66 with timestamp +360
Ready to process requests.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Tying-radius-to-mysql-tp3212438p3212438.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list