Imminent release of 2.2.5 and 3.0.3

Maja Wolniewicz mgw at umk.pl
Tue Apr 22 10:15:08 CEST 2014 

W dniu 20.04.2014 23:27, Alan DeKok pisze:
> Maja Wolniewicz wrote:
>> The cui module is enabled (I have the link in mods-enabled), sql module
>> isn't
>> cui module instantiates the sql module with name cuisql.
>> When starting radiusd I can see:
>>   # Instantiating module "cuisql" from file
>> /opt/FR3.0/etc/raddb/mods-enabled/cui
>>   sql cuisql {
>>         driver = "rlm_sql_mysql"
>>         server = "localhost"
>>         port = ""
>>         login = ""
>>         password = <<< secret >>>
>>         radius_db = "radius"
>>  ...
>>  }
>>
>> while my mods-enabled/cui settings are different and the shown settings
>> come from mods-available/sql
>   I don't see that at all.  Are you sure you're using the right files?
The default file raddb/mods-available/cui has:

dialect = "sqlite"
driver = "rlm_sql_${dialect}"
sqlite {
                filename = ${radacctdir}/cui.sqlite
                bootstrap = ${modconfdir}/${..:name}/cui/sqlite/schema.sql
}

I want to use the mysql driver,  so I have there:
dialect = "mysql"
driver = "rlm_sql_${dialect}"
mysql{
        server = "localhost"
        login = "cuiuser"
        password = "....."
        radius_db = "eduroam"
}

and this file is linked in mod-enabled directory.
This configuration does not work for  me - the cuisql module is
configured with a default 'radius' database.
 
I used  this configuration in my tests of the CUI some time ago and then
it worked (it was FR3.0 git version).
Is such a configuration good now? Is the sub-module model still working?

Another thing that worries me is that when I'm trying to authenticate
the server returns Access-Reject, in spite of PEAP success:

(10) eap_peap : Success
(10) eap_peap : Using saved attributes from the original Access-Accept
        Stripped-User-Name = 'mgw'
        Chargeable-User-Identity :=
'0e4114dc9ad1ac345c09e54c5e0fa4a1d04eb9da'
(10) eap_peap : Saving session
4b43ce6e71f5ad08815e7a467eaa5e382e615376601e74388686c0748838c91c vps
0x1131ea0 in the cache
(10) eap : Freeing handler
(10)   [eap] = ok
(10)  } #  authenticate = ok
(10) # Executing section post-auth from file
/opt/FR3.0/etc/raddb/sites-enabled/default
(10)   post-auth {
(10)   cui.post-auth cui.post-auth {
(10)     if (!control:Proxy-To-Realm && Chargeable-User-Identity &&
!reply:Chargeable-User-Identity &&      (Operator-Name || ('no' !=
'yes')) )
(10)     if (!control:Proxy-To-Realm && Chargeable-User-Identity &&
!reply:Chargeable-User-Identity &&      (Operator-Name || ('no' !=
'yes')) )  -> FALSE
(10)    update reply {
(10) EXPAND %{reply:User-Name}
(10)    -->
(10)    User-Name -= '""'
(10)    } # update reply = noop
(10)     if (reply:Chargeable-User-Identity)
(10)     if (reply:Chargeable-User-Identity)  -> TRUE
(10)    if (reply:Chargeable-User-Identity)  {
(10) cuisql : EXPAND .query
(10) cuisql :    --> .query
(10) cuisql : Using query template 'query'
rlm_sql (cuisql): Opening additional connection (0)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Couldn't connect socket to MySQL server @localhost:radius
rlm_sql_mysql: Mysql error 'Access denied for user 'root'@'localhost'
(using password: NO)'
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (cuisql): Opening connection failed (0)
(10)     [cuisql] = fail
(10)    } # if (reply:Chargeable-User-Identity)  = fail
(10)   } # cui.post-auth cui.post-auth = fail
(10)  } #  post-auth = fail
(10) Using Post-Auth-Type Reject
(10) # Executing group from file /opt/FR3.0/etc/raddb/sites-enabled/default
(10)  Post-Auth-Type REJECT {
..
}
Sending Access-Reject of id 10 from 158.75.1.116 port 1812 to
158.75.1.40 port 41997

When the cuisql module is commented out  authentication goes smoothly.

Maja

>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Maja Gorecka-Wolniewicz          mgw at umk.pl
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3395 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140422/99ee80ae/attachment.bin>

More information about the Freeradius-Users mailing list