I would assume that it is, otherwise it would not start with the INCLUDE uncommented and sql set in authorize.<br><br><div class="gmail_quote">On Fri, Jan 16, 2009 at 9:18 AM, Luciano Afranllie <span dir="ltr"><<a href="mailto:listas.luafran@gmail.com">listas.luafran@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Just a stupid question.<br>
<br>
Is your freeradius compiled with mysql support?<br>
<br>
Do you have rlm_sql_mysql in your module dir?<br>
<br>
Regards<br>
<font color="#888888">Luciano<br>
</font><div><div></div><div class="Wj3C7c"><br>
On Fri, Jan 16, 2009 at 11:49 AM, obaid ghaznawi <<a href="mailto:onaogh@gmail.com">onaogh@gmail.com</a>> wrote:<br>
> hi, first of all, i thank all people who are giving thier time to help.<br>
><br>
> before i subscribe here and post my email, i am searching around in<br>
> internet since a week<br>
> and trying my best to solve it, i have learned many things,but there is one<br>
> problem i cannot get it solved.<br>
> i am trying to make hotspot for some building, i choosed:<br>
> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend<br>
> server<br>
> and CoovaAP on WRT54GL sending user credentials to backend server for<br>
> authentication<br>
> my configs (default settings not showed, lines i changed showed)<br>
><br>
> freeradius radiusd.conf<br>
> ================================================<br>
> .<br>
> . all default<br>
> .<br>
> log {<br>
> .<br>
> .<br>
> #at the end of log{<br>
> auth = yes<br>
> auth_badpass = yes<br>
> auth_goodpass = yes<br>
> }<br>
><br>
> modules {<br>
> .<br>
> .<br>
> .<br>
> $INCLUDE sql.conf #already there<br>
> $INCLUDE sql/mysql/counter.conf #already there<br>
> .<br>
> .<br>
> .<br>
> }<br>
><br>
> authorize{<br>
> preprocess<br>
> chap<br>
> mschap<br>
> suffix<br>
> eap<br>
> sql #if i comment out sql and use file, it works, i recive<br>
> Packet-Accept, with SQL see the pap warning in debug text<br>
> pap<br>
> }<br>
><br>
> accounting{<br>
> detail<br>
> sql<br>
> }<br>
><br>
> session{<br>
> sql<br>
> }<br>
> ==================================================<br>
> clients.conf<br>
><br>
> client localhost {<br>
> ipaddr = 127.0.0.1<br>
> secret = clientradsec36365<br>
> require_message_authenticator = no<br>
> nastype = other<br>
><br>
> }<br>
> ==================================================<br>
> sql.conf<br>
> sql {<br>
> database = "mysql"<br>
> driver = "rlm_sql_${database}"<br>
> server = "localhost"<br>
> login = "radius"<br>
> password = "frsqldblogin36365"<br>
> radius_db = "radius"<br>
> .<br>
> .<br>
> .<br>
> sqltrace = yes<br>
> sqltracefile = ${logdir}/sqltrace.sql<br>
> .<br>
> .<br>
> }<br>
><br>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<br>
><br>
> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into<br>
> mysql "radius" database, radius@localhost user granted all on radius.*<br>
><br>
> dummy data in tables:<br>
><br>
> mysql> SELECT * FROM radcheck;<br>
> +----+----------+--------------------+----+-------+<br>
> | id | username | attribute | op | value |<br>
> +----+----------+--------------------+----+-------+<br>
> | 1 | obaid | Cleartext-Password | := | 36365 |<br>
> +----+----------+--------------------+----+-------+<br>
> 1 row in set (0.00 sec)<br>
><br>
> mysql> SELECT * FROM radusergroup;<br>
> +----------+-----------+----------+<br>
> | username | groupname | priority |<br>
> +----------+-----------+----------+<br>
> | obaid | hotspot | 0 |<br>
> +----------+-----------+----------+<br>
> 1 row in set (0.01 sec)<br>
><br>
> mysql> SELECT * FROM radgroupcheck;<br>
> +----+-----------+-----------+----+-------+<br>
> | id | groupname | attribute | op | value |<br>
> +----+-----------+-----------+----+-------+<br>
> | 2 | hotspot | Auth-Type | := | Local |<br>
> +----+-----------+-----------+----+-------+<br>
> 1 row in set (0.00 sec)<br>
><br>
><br>
> mysql> SELECT * FROM radreply;<br>
> +----+----------+---------------+----+-------+<br>
> | id | username | attribute | op | value |<br>
> +----+----------+---------------+----+-------+<br>
> | 1 | obaid | Reply-Message | := | Hello |<br>
> +----+----------+---------------+----+-------+<br>
> 1 row in set (0.00 sec)<br>
><br>
> mysql> SELECT * FROM radgroupreply;<br>
> +----+-----------+-----------------+----+-------------+<br>
> | id | groupname | attribute | op | value |<br>
> +----+-----------+-----------------+----+-------------+<br>
> | 1 | hotspot | Framed-Protocol | := | PPP |<br>
> | 2 | hotspot | Service-Type | := | Framed-User |<br>
> +----+-----------+-----------------+----+-------------+<br>
> 2 rows in set (0.00 sec)<br>
><br>
> @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$<br>
><br>
> now when running /usr/sbin/freeradius -X and send auth request with radtest<br>
> i get<br>
> radtest obaid 36365 localhost 1812 clientradsec36365<br>
><br>
> Sending Access-Request of id 96 to 127.0.0.1 port 1812<br>
> User-Name = "obaid"<br>
> User-Password = "36365"<br>
> NAS-IP-Address = 192.168.1.100<br>
> NAS-Port = 1812<br>
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,<br>
> length=20<br>
><br>
> freeradius -X:<br>
><br>
> Listening on authentication address * port 1812<br>
> Listening on accounting address * port 1813<br>
> Listening on proxy address * port 1814<br>
> Ready to process requests.<br>
> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,<br>
> length=57<br>
> User-Name = "obaid"<br>
> User-Password = "36365"<br>
> NAS-IP-Address = 192.168.1.100<br>
> NAS-Port = 1812<br>
> +- entering group authorize {...}<br>
> ++[preprocess] returns ok<br>
> ++[chap] returns noop<br>
> ++[mschap] returns noop<br>
> [suffix] No '@' in User-Name = "obaid", looking up realm NULL<br>
> [suffix] No such realm "NULL"<br>
> ++[suffix] returns noop<br>
> [eap] No EAP-Message, not doing EAP<br>
> ++[eap] returns noop<br>
> ++[unix] returns notfound<br>
> ++[files] returns noop<br>
> ++[expiration] returns noop<br>
> ++[logintime] returns noop<br>
> [pap] WARNING! No "known good" password found for the user. Authentication<br>
> may fail because of this.<br>
> ++[pap] returns noop<br>
> No authenticate method (Auth-Type) configuration found for the request:<br>
> Rejecting the user<br>
> Failed to authenticate the user.<br>
> Login incorrect: [obaid/36365] (from client server port 1812)<br>
> Using Post-Auth-Type Reject<br>
> +- entering group REJECT {...}<br>
> expand: %{User-Name} -> obaid<br>
> attr_filter: Matched entry DEFAULT at line 11<br>
> ++[attr_filter.access_reject] returns updated<br>
> Delaying reject of request 0 for 1 seconds<br>
> Going to the next request<br>
> Waking up in 0.9 seconds.<br>
> Sending delayed reject for request 0<br>
> Sending Access-Reject of id 96 to 127.0.0.1 port 40386<br>
> Waking up in 4.9 seconds.<br>
> Cleaning up request 0 ID 96 with timestamp +17<br>
> Ready to process requests.<br>
><br>
> -=========================================================<br>
> have you noticed that debug output doesnt talk about sql queries ???, and<br>
> nothing about sql queries in log files.<br>
><br>
> i have used ntradping to send authentication request with CHAP ticked/not<br>
> ticked, and i get the same rad+recv:Access-Reject.<br>
><br>
> but with all same config (except commenting sql and uncomment file in<br>
> radius.conf) and radtesting it works fine.<br>
><br>
> it is probably radius cant query mysql, but i used mtop (mysql monitoring<br>
> tool) and it showes that radius queried mysql<br>
><br>
> or it might be wrong dummy data...<br>
> -----<br>
><br>
> i will appreciate it very much if some one will guide me through this.<br>
><br>
> thanks for reading.<br>
><br>
> Obaid Ghaznawi<br>
><br>
><br>
</div></div><div><div></div><div class="Wj3C7c">> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>