sql read_clients not binding/working properly with multiple virtual servers.

Alan DeKok aland at deployingradius.com
Fri Mar 6 15:39:20 CET 2020 

On Mar 6, 2020, at 8:25 AM, Enrico Zanolin <enrico at coherence.co.za> wrote:
> 
> I'm running Freeradius 3.0.17 on Debian. With 3 virtual servers 2 of which
> reference the sql module. Everything works perfectly fine if I leave the
> server field in the nas table NULL. This however seems to mean that the
> clients/nas config is shared among all the servers.

  Yes.

> When I try to specify a server name in the server field the config seems to
> load fine and match the configured virtual server
> 
> *rlm_sql (sql-vpn): Adding client 10.0.0.0/24
> (hosted-range) to test clients list*

  So it should be adding the client to the "test" virtual server.

> But when I try to send RADIUS requests to the server it does not work
> 
> *Ignoring request to auth address * port 2012 bound to server spcenter-vpn
> from unknown client 10.0.0.126 port 54022 proto udp*

  Ok.

> /etc/freeradius/3.0/mods-enabled/sql-vpn
>  sql sql-vpn {
>  driver = "rlm_sql_mysql"
>  server = "localhost"
>  port = 0
>  login = "spcenter"
>  password = <<< secret >>>
>  radius_db = "spcenter"
>  read_groups = yes
>  read_profiles = yes
>  read_clients = yes

  That's good.

> rlm_sql (sql-vpn): Executing select query: SELECT id, nasname, shortname,
> type, secret, server FROM rad_nas
> rlm_sql (sql-vpn): Adding client 10.0.0.0/24 (hosted-range) to spcenter-vpn
> clients list
> rlm_sql (10.0.0.0): Client "hosted-range" (sql-vpn) added

  That's good.

> Listening on command file /var/run/freeradius/freeradius.sock
> Listening on auth address * port 1812 bound to server spcenter-ppp
> Listening on acct address * port 1813 bound to server spcenter-ppp
> Listening on auth address * port 2012 bound to server spcenter-vpn

  OK...

> Ready to process requests
> Ignoring request to auth address * port 2012 bound to server spcenter-vpn
> from unknown client 10.0.0.126 port 54022 proto udp
> Ready to process requests

  That's bad.  :(

  IIRC, there were issues that were in 3.0.17 which were fixed in later released.  I suggest trying the 3.0.20 packages from http://packages.networkradius.com.  Or, grab the code from GitHub, where I've added a debug message.  That should make it clearer what's going on.

  Alan DeKok.

More information about the Freeradius-Users mailing list