AW: how to transfer from "users file to sql"

Bornemann, Hans hans.bornemann at tu-dortmund.de
Fri Sep 13 09:52:23 CEST 2019


Thanks, but after fixing the sql module, it is the same: Auth-Type not fournd


(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "3c15c2e840fe", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0)     [eap] = noop
(0) sql: EXPAND %{User-Name}
(0) sql:    --> 3c15c2e840fe
(0) sql: SQL-User-Name set to '3c15c2e840fe'
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '3c15c2e840fe' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '3c15c2e840fe' ORDER BY id
(0) sql: User found in radcheck table
rlm_sql (sql): Reserved connection (1)
rlm_sql (sql): Released connection (1)
Need 6 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.1.41-MariaDB-0ubuntu0.18.04.1, protocol version 10
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(0) sql:    --> SELECT groupname FROM radusergroup WHERE username = '3c15c2e840fe' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '3c15c2e840fe' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (0)
(0)     [sql] = noop
(0)     [expiration] = noop
(0)     [logintime] = noop
(0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0)     [pap] = noop
(0)   } # authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(0) Failed to authenticate the user




-----Urspr√ľngliche Nachricht-----
Von: Freeradius-Users <freeradius-users-bounces+hans.bornemann=tu-dortmund.de at lists.freeradius.org> Im Auftrag von Alan DeKok
Gesendet: Donnerstag, 12. September 2019 13:08
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Betreff: Re: how to transfer from "users file to sql" 

On Sep 12, 2019, at 4:43 AM, Bornemann, Hans <hans.bornemann at tu-dortmund.de> wrote
> 
> we are testing a wlan with "private preshared keys". In the cisco 
> wlancontroller world
> 
> it works with the AAA override feature and some entries in the radius 
> database.
> 
> If I transfer this entries to the mysql database, the aut-type was not set.
> 
> What is missing?

  Read the debug output.

  And use "radiusd -X", not "radiusd -Xx".  And don't post the debug output double-spaced.

> I tested it with the default configuration, the sql module was enabled.

  You didn't configure the SQL module correctly.

  I've edited the debug output below to look like it was done with "radiusd -X":

> (9) sql: Executing select query: SELECT id, username, attribute, 
> value, op FROM radcheck WHERE username = '3c15c2e840fe' ORDER BY id 
> The 'rlm_sql_null' driver CANNOT be used for SELECTS.
> Please update the 'sql' module configuration to use a real database.
> Set 'driver = ...' to the database you want to use.

  This is why we tell everyone to READ the debug output.  It tells you EXACTLY what is going wrong, and how to fix it.

  Please READ the documentation, and follow the instructions.  It's MUCH more efficient than doing random things, and wondering why the server doesn't work.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6337 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20190913/fb831931/attachment.bin>


More information about the Freeradius-Users mailing list