Config FreeRadius (3.0.16) to work with SQL: The Guide is outdated - please helps
james.ngobui at gmail.com
james.ngobui at gmail.com
Sat Sep 29 00:32:38 CEST 2018
Hello there,
Thank you for your helps.
As for the mistype, negative. I have all of them configured as Cleartext-Password
As for the usergroup, since we do not use any group, I do not need to add usergroup so I don't have it in my config. It is optional and only necessary if you decide to use group though
To share what I have done:
1/ create a new (admin) user for the database
2/ add new user by command line --> check and see it populate in the radius server
3/ restart the SQL server
4/ restart the freeradius server
I still have the same thing: access reject and server has no response...
Any helps would be really appreciated.
Thanks
-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+james.ngobui=gmail.com at lists.freeradius.org> On Behalf Of Rafael Labiak Olivastro
Sent: September 28, 2018 1:16 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: RES: Config FreeRadius (3.0.16) to work with SQL: The Guide is outdated - please helps
Example:
MariaDB [mikrotik_erp]> select * from radcheck;
+----+----------+--------------------+----+----------------------------------+------+------------+------------+
| id | UserName | Attribute | op | Value | obs | id_cliente | id_empresa |
+----+----------+--------------------+----+----------------------------------+------+------------+------------+
| 1 | rafael | MD5-Password | := | 81dc9bdb52d04dc20036dbd8313ed055 | | 743 | 1 |
| 2 | rafael | ClearText-Password | := | 1234 | | 743 | 1 |
+----+----------+--------------------+----+----------------------------------+------+------------+------------+
2 rows in set (0.00 sec)
MariaDB [mikrotik_erp]> select * from usergorup; ERROR 1146 (42S02): Table 'mikrotik_erp.usergorup' doesn't exist MariaDB [mikrotik_erp]> select * from radcheck;
+----+----------+--------------------+----+----------------------------------+------+------------+------------+
| id | UserName | Attribute | op | Value | obs | id_cliente | id_empresa |
+----+----------+--------------------+----+----------------------------------+------+------------+------------+
| 1 | rafael | MD5-Password | := | 81dc9bdb52d04dc20036dbd8313ed055 | | 743 | 1 |
| 2 | rafael | ClearText-Password | := | 1234 | | 743 | 1 |
+----+----------+--------------------+----+----------------------------------+------+------------+------------+
2 rows in set (0.00 sec)
MariaDB [mikrotik_erp]> select * from radusergroup;
+----------+------------------------------------+----------+
| UserName | GroupName | priority |
+----------+------------------------------------+----------+
| rafael | (Huawei)Acesso Residencial 2 MEGAS | 1 |
+----------+------------------------------------+----------+
1 row in set (0.00 sec)
MariaDB [mikrotik_erp]> select * from radgroupreply;
+----+------------------------------------+------------------------------+----+-------------+-----------+----------+
| id | GroupName | Attribute | op | Value | idempresa | tipo |
+----+------------------------------------+------------------------------+----+-------------+-----------+----------+
| 1 | Acesso Residencial 2 MEGAS | Mikrotik-Rate-Limit | := | 1024k/2048k | 9999 | MIKROTIK |
| 4 | (Huawei)Acesso Residencial 2 MEGAS | Huawei-Qos-Profile-Name | := | out-1M | 9999 | HUAWEI |
| 5 | (Huawei)Acesso Residencial 2 MEGAS | Huawei-Down-QOS-Profile-Name | := | in-2M | 9999 | HUAWEI |
| 6 | (Huawei)Acesso Residencial 2 MEGAS | Huawei-Policy-Route | := | 192.168.0.1 | 9999 | HUAWEI |
+----+------------------------------------+------------------------------+----+-------------+-----------+----------+
4 rows in set (0.00 sec)
MariaDB [mikrotik_erp]>
Enviado do Email<https://go.microsoft.com/fwlink/?LinkId=550986> para Windows 10
________________________________
De: Rafael Labiak Olivastro <rolivastro at hotmail.com>
Enviado: Friday, September 28, 2018 4:03:27 PM
Para: FreeRadius users mailing list
Assunto: RES: Config FreeRadius (3.0.16) to work with SQL: The Guide is outdated - please helps
Other thing is that RADUSERGROUP is not the same than RADCHECK, you need a row with username in both tables, not just in RADCHECK.
The message is explaining that the user do not exist em RADUSERGROUP. (and you show the user in radcheck)
Enviado do Email<https://go.microsoft.com/fwlink/?LinkId=550986> para Windows 10
________________________________
De: Freeradius-Users <freeradius-users-bounces+rolivastro=hotmail.com at lists.freeradius.org> em nome de Rafael Labiak Olivastro <rolivastro at hotmail.com>
Enviado: Friday, September 28, 2018 3:58:07 PM
Para: FreeRadius users mailing list
Assunto: RES: Config FreeRadius (3.0.16) to work with SQL: The Guide is outdated - please helps
Hello,
Maybe if the MySQL is configured to be case sensitive the correct atribute is ClearText-Password unstead Cleartext-Password.
It is just a guess. (note CT in ClearText)
Rafael
Enviado do Email<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986&data=02%7C01%7C%7C3b7f9e7137f84c285e5408d6257cc667%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636737615161542787&sdata=f56eWLAAr9nJm%2FdLSSZ44rDh6vBIjhmHkzmr9TCCRlA%3D&reserved=0> para Windows 10
________________________________
De: Freeradius-Users <freeradius-users-bounces+rolivastro=hotmail.com at lists.freeradius.org> em nome de James Ngo <james.ngobui at gmail.com>
Enviado: Friday, September 28, 2018 2:54:48 PM
Para: freeradius-users at lists.freeradius.org
Assunto: Re: Config FreeRadius (3.0.16) to work with SQL: The Guide is outdated - please helps
This is very strange then...
when I query manually using mysql, it shows per below What could have gone wrong?
mysql> select * from radcheck;
+----+-----------+--------------------+----+-----------+
| id | username | attribute | op | value |
+----+-----------+--------------------+----+-----------+
| 2 | testuser1 | Cleartext-Password | := | testuser1 |
+----+-----------+--------------------+----+-----------+
1 row in set (0.01 sec)
mysql>
On Fri, Sep 28, 2018 at 11:27 AM Alan DeKok <aland at deployingradius.com>
wrote:
> On Sep 28, 2018, at 2:12 PM, James Ngo <james.ngobui at gmail.com> wrote:
> >
> > Hi Alan,
> > You are absolutely right about the log file and I am sorry to be
> bothering
> > you again. I copy the content of my system log file of the issue
> > below
> for
> > your reference (My other test user which use the "user" file works OK).
>
>
> ...
>
> > (7) eap_peap: Got tunneled request
> > (7) eap_peap: EAP-Message =
> >
> 0x022300411a0223003c31cc0432c71245051a187bd13655a9e34a0000000000000000
> 721615e15d5ae620467f9822441958a6f7be55128b39b716006a616d65736e
> > (7) eap_peap: Setting User-Name to jamesn
> > (7) eap_peap: Sending tunneled request to inner-tunnel
>
> That's the MS-CHAP stuff from PEAP, inside of the TLS tunnel.
>
> > (7) sql: EXPAND %{User-Name}
> > (7) sql: --> testuser1
> > (7) sql: SQL-User-Name set to 'testuser1'
> > rlm_sql (sql): Reserved connection (1)
> > (7) sql: EXPAND SELECT id, username, attribute, value, op FROM
> > radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
> > (7) sql: --> SELECT id, username, attribute, value, op FROM radcheck
> > WHERE username = 'testuser1' ORDER BY id
> > (7) sql: Executing select query: SELECT id, username, attribute,
> > value,
> op
> > FROM radcheck WHERE username = 'testuser1' ORDER BY id
> > (7) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
> > '%{SQL-User-Name}' ORDER BY priority
> > (7) sql: --> SELECT groupname FROM radusergroup WHERE username =
> > 'testuser1' ORDER BY priority
> > (7) sql: Executing select query: SELECT groupname FROM radusergroup
> > WHERE username = 'testuser1' ORDER BY priority
> > (7) sql: User not found in any groups rlm_sql (sql): Released
> > connection (1) Need 4 more connections to reach 10 spares rlm_sql
> > (sql): Opening additional connection (6), 1 of 26 pending slots
> used
> > (7) [sql] = notfound
>
> That's definitive.
>
> The "testuser1" isn't in SQL.
>
> Run the queries manually to see what they return.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.f
> reeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C3b7f9e7137f84c
> 285e5408d6257cc667%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636737
> 615161542787&sdata=vhXLdNI79MiBC7DmtofLRgx3Rc6kcRvmE%2BiS2O8zm3c%3
> D&reserved=0
-
List info/subscribe/unsubscribe? See https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C3b7f9e7137f84c285e5408d6257cc667%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636737615161542787&sdata=vhXLdNI79MiBC7DmtofLRgx3Rc6kcRvmE%2BiS2O8zm3c%3D&reserved=0
-
List info/subscribe/unsubscribe? See https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C3b7f9e7137f84c285e5408d6257cc667%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636737615161542787&sdata=vhXLdNI79MiBC7DmtofLRgx3Rc6kcRvmE%2BiS2O8zm3c%3D&reserved=0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---
This email has been checked for viruses by AVG.
https://www.avg.com
More information about the Freeradius-Users
mailing list