<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-text-flowed" style="font-family: -moz-fixed;
font-size: 13px;" lang="x-western">Hi list,
<br>
<br>
I have problem authenticating users against (My)SQL.
<br>
Freeradius is running on a FreeBSD 8.0-STABLE and is on version
2.1.10.
<br>
<br>
It is a fresh install that I made work with the default file
authentication.
<br>
When I connect the SQL backend, it doesn't work.
<br>
I followed the instructions on the FreeRADIUS wiki : <a
class="moz-txt-link-freetext"
href="http://wiki.freeradius.org/SQl_HOWTO">http://wiki.freeradius.org/SQl_HOWTO</a>
<br>
<br>
The SQL module is correctly loaded and it returns an OK during
authentication.
<br>
The queries are well formed and the results should be ok
<br>
<br>
What I don't understand is why sql module returns OK, and the
authentication is rejected. In my mind, an OK from the SQL module
at this step means it has authenticated the user.
<br>
Am I misunderstanding ?
<br>
<br>
The debug output and relevant configuration directives are below.
<br>
<br>
P.S. : 10.1.8.4 is the IP of the server, I'm running radtest
commands from this host (I can't use 127.0.0.1 because of how
network currently works in jails on FreeBSD).
<br>
<br>
<br>
Here is the output of the radtest command :
<br>
<br>
# radtest bsemene test 10.1.8.4 0 "password for jail client"
<br>
Sending Access-Request of id 214 to 10.1.8.4 port 1812
<br>
User-Name = "bsemene"
<br>
User-Password = "test"
<br>
NAS-IP-Address = 10.1.8.4
<br>
NAS-Port = 0
<br>
rad_recv: Access-Reject packet from host 10.1.8.4 port 1812,
id=214, length=20
<br>
<br>
<br>
<br>
<br>
Here is the debug output during authentication :
<br>
<br>
rad_recv: Access-Request packet from host 10.1.8.4 port 44065,
id=138, length=59
<br>
User-Name = "bsemene"
<br>
User-Password = "test"
<br>
NAS-IP-Address = 10.1.8.4
<br>
NAS-Port = 0
<br>
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
<br>
+- entering group authorize {...}
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
++[digest] returns noop
<br>
[suffix] No '@' in User-Name = "bsemene", looking up realm NULL
<br>
[suffix] No such realm "NULL"
<br>
++[suffix] returns noop
<br>
[eap] No EAP-Message, not doing EAP
<br>
++[eap] returns noop
<br>
++[files] returns noop
<br>
[sql] expand: %{Stripped-User-Name} ->
<br>
[sql] ... expanding second conditional
<br>
[sql] expand: %{User-Name} -> bsemene
<br>
[sql] expand: %{%{User-Name}:-DEFAULT} -> bsemene
<br>
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
-> bsemene
<br>
[sql] sql_set_user escaped user --> 'bsemene'
<br>
rlm_sql (sql): Reserving sql socket id: 4
<br>
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = BINARY
'%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, opFROM radcheck WHERE username = BINARY
'bsemene' ORDER BY id
<br>
[sql] expand: SELECT groupname FROM
radusergroup WHERE username = BINARY
'%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHEe = BINARY
'bsemene' ORDER BY priority
<br>
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE
groupname = 'dynamic' ORDER BY id
<br>
[sql] User found in group dynamic
<br>
[sql] expand: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE
groupname = 'dynamic' ORDER BY id
<br>
rlm_sql (sql): Released sql socket id: 4
<br>
++[sql] returns ok
<br>
++[expiration] returns noop
<br>
++[logintime] returns noop
<br>
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
<br>
++[pap] returns noop
<br>
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
<br>
Failed to authenticate the user.
<br>
Using Post-Auth-Type Reject
<br>
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
<br>
+- entering group REJECT {...}
<br>
[attr_filter.access_reject] expand: %{User-Name} -> bsemene
<br>
attr_filter: Matched entry DEFAULT at line 11
<br>
++[attr_filter.access_reject] returns updated
<br>
Delaying reject of request 0 for 1 seconds
<br>
Going to the next request
<br>
Waking up in 0.9 seconds.
<br>
Sending delayed reject for request 0
<br>
Sending Access-Reject of id 138 to 10.1.8.4 port 44065
<br>
Waking up in 4.9 seconds.
<br>
Cleaning up request 0 ID 138 with timestamp +4
<br>
Ready to process requests.
<br>
<br>
<br>
<br>
<br>
Here are the (test) DB datas (sorry for the layout) :
<br>
<br>
mysql> SELECT * FROM radusergroup;
<br>
+----------+-----------+----------+
<br>
| username | groupname | priority |
<br>
+----------+-----------+----------+
<br>
| bsemene | dynamic | 1 |
<br>
+----------+-----------+----------+
<br>
1 row in set (0.02 sec)
<br>
<br>
mysql> SELECT * FROM radcheck;
<br>
+----+----------+--------------------+----+-------+
<br>
| id | username | attribute | op | value |
<br>
+----+----------+--------------------+----+-------+
<br>
| 1 | bsemene | Cleartext-Password | == | test |
<br>
+----+----------+--------------------+----+-------+
<br>
1 row in set (0.00 sec)
<br>
<br>
mysql> SELECT * FROM radreply;
<br>
Empty set (0.00 sec)
<br>
<br>
mysql> SELECT * FROM radgroupreply;
<br>
+----+-----------+------------+----+-------+
<br>
| id | groupname | attribute | op | value |
<br>
+----+-----------+------------+----+-------+
<br>
| 1 | dynamic | Framed-MTU | := | 1500 |
<br>
+----+-----------+------------+----+-------+
<br>
1 row in set (0.02 sec)
<br>
<br>
<br>
<br>
<br>
Here is the default site config :
<br>
<br>
# cat sites-available/default | grep -v "^[[:space:]]*#" | grep -v
"^$"
[root@radius]
<br>
authorize {
<br>
preprocess
<br>
chap
<br>
mschap
<br>
digest
<br>
suffix
<br>
eap {
<br>
ok = return
<br>
}
<br>
files
<br>
sql
<br>
expiration
<br>
logintime
<br>
pap
<br>
}
<br>
authenticate {
<br>
Auth-Type PAP {
<br>
pap
<br>
}
<br>
Auth-Type CHAP {
<br>
chap
<br>
}
<br>
Auth-Type MS-CHAP {
<br>
mschap
<br>
}
<br>
digest
<br>
unix
<br>
eap
<br>
}
<br>
preacct {
<br>
preprocess
<br>
acct_unique
<br>
suffix
<br>
files
<br>
}
<br>
accounting {
<br>
detail
<br>
unix
<br>
radutmp
<br>
sql
<br>
exec
<br>
attr_filter.accounting_response
<br>
}
<br>
session {
<br>
radutmp
<br>
}
<br>
post-auth {
<br>
exec
<br>
Post-Auth-Type REJECT {
<br>
attr_filter.access_reject
<br>
}
<br>
}
<br>
pre-proxy {
<br>
}
<br>
post-proxy {
<br>
eap
<br>
}
<br>
<br>
<br>
<br>
And finally the service loading output :
<br>
<br>
Starting radiusd.
<br>
FreeRADIUS Version 2.1.10, for host i386-portbld-freebsd8.0, built
on Jun 28 2011 at 16:08:13
<br>
Copyright (C) 1999-2009 The FreeRADIUS server project and
contributors.
<br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR
A
<br>
PARTICULAR PURPOSE.
<br>
You may redistribute copies of FreeRADIUS under the terms of the
<br>
GNU General Public License v2.
<br>
Starting - reading configuration files ...
<br>
including configuration file /usr/local/etc/raddb/radiusd.conf
<br>
including configuration file /usr/local/etc/raddb/proxy.conf
<br>
including configuration file /usr/local/etc/raddb/clients.conf
<br>
including files in directory <i class="moz-txt-slash"><span
class="moz-txt-tag">/</span>usr/local/etc/raddb/modules<span
class="moz-txt-tag">/</span></i>
<br>
including configuration file /usr/local/etc/raddb/modules/wimax
<br>
including configuration file /usr/local/etc/raddb/modules/always
<br>
including configuration file
/usr/local/etc/raddb/modules/attr_filter
<br>
including configuration file
/usr/local/etc/raddb/modules/attr_rewrite
<br>
including configuration file /usr/local/etc/raddb/modules/chap
<br>
including configuration file /usr/local/etc/raddb/modules/checkval
<br>
including configuration file /usr/local/etc/raddb/modules/counter
<br>
including configuration file /usr/local/etc/raddb/modules/cui
<br>
including configuration file /usr/local/etc/raddb/modules/detail
<br>
including configuration file
/usr/local/etc/raddb/modules/detail.example.com
<br>
including configuration file
/usr/local/etc/raddb/modules/detail.log
<br>
including configuration file /usr/local/etc/raddb/modules/digest
<br>
including configuration file
/usr/local/etc/raddb/modules/dynamic_clients
<br>
including configuration file /usr/local/etc/raddb/modules/echo
<br>
including configuration file
/usr/local/etc/raddb/modules/etc_group
<br>
including configuration file /usr/local/etc/raddb/modules/exec
<br>
including configuration file
/usr/local/etc/raddb/modules/expiration
<br>
including configuration file /usr/local/etc/raddb/modules/expr
<br>
including configuration file /usr/local/etc/raddb/modules/files
<br>
including configuration file
/usr/local/etc/raddb/modules/inner-eap
<br>
including configuration file /usr/local/etc/raddb/modules/ippool
<br>
including configuration file /usr/local/etc/raddb/modules/krb5
<br>
including configuration file /usr/local/etc/raddb/modules/ldap
<br>
including configuration file /usr/local/etc/raddb/modules/linelog
<br>
including configuration file
/usr/local/etc/raddb/modules/logintime
<br>
including configuration file /usr/local/etc/raddb/modules/mac2ip
<br>
including configuration file /usr/local/etc/raddb/modules/mschap
<br>
including configuration file /usr/local/etc/raddb/modules/mac2vlan
<br>
including configuration file
/usr/local/etc/raddb/modules/ntlm_auth
<br>
including configuration file
/usr/local/etc/raddb/modules/opendirectory
<br>
including configuration file /usr/local/etc/raddb/modules/otp
<br>
including configuration file /usr/local/etc/raddb/modules/pam
<br>
including configuration file /usr/local/etc/raddb/modules/pap
<br>
including configuration file /usr/local/etc/raddb/modules/passwd
<br>
including configuration file /usr/local/etc/raddb/modules/perl
<br>
including configuration file /usr/local/etc/raddb/modules/policy
<br>
including configuration file
/usr/local/etc/raddb/modules/preprocess
<br>
including configuration file /usr/local/etc/raddb/modules/radutmp
<br>
including configuration file /usr/local/etc/raddb/modules/realm
<br>
including configuration file
/usr/local/etc/raddb/modules/smbpasswd
<br>
including configuration file /usr/local/etc/raddb/modules/smsotp
<br>
including configuration file /usr/local/etc/raddb/modules/sql_log
<br>
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
<br>
including configuration file /usr/local/etc/raddb/modules/sradutmp
<br>
including configuration file /usr/local/etc/raddb/modules/unix
<br>
including configuration file
/usr/local/etc/raddb/modules/acct_unique
<br>
including configuration file /usr/local/etc/raddb/eap.conf
<br>
including configuration file /usr/local/etc/raddb/sql.conf
<br>
including configuration file
/usr/local/etc/raddb/sql/mysql/dialup.conf
<br>
including configuration file /usr/local/etc/raddb/policy.conf
<br>
including files in directory <i class="moz-txt-slash"><span
class="moz-txt-tag">/</span>usr/local/etc/raddb/sites-enabled<span
class="moz-txt-tag">/</span></i>
<br>
including configuration file
/usr/local/etc/raddb/sites-enabled/default
<br>
including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
<br>
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
<br>
main {
<br>
user = "freeradius"
<br>
group = "freeradius"
<br>
allow_core_dumps = no
<br>
}
<br>
including dictionary file /usr/local/etc/raddb/dictionary
<br>
main {
<br>
prefix = "/usr/local"
<br>
localstatedir = "/var"
<br>
logdir = "/var/log"
<br>
libdir = "/usr/local/lib/freeradius-2.1.10"
<br>
radacctdir = "/var/log/radacct"
<br>
hostname_lookups = no
<br>
max_request_time = 30
<br>
cleanup_delay = 5
<br>
max_requests = 1024
<br>
pidfile = "/var/run/radiusd/radiusd.pid"
<br>
checkrad = "/usr/local/sbin/checkrad"
<br>
debug_level = 0
<br>
proxy_requests = yes
<br>
log {
<br>
stripped_names = no
<br>
auth = no
<br>
auth_badpass = no
<br>
auth_goodpass = no
<br>
}
<br>
security {
<br>
max_attributes = 200
<br>
reject_delay = 1
<br>
status_server = yes
<br>
}
<br>
}
<br>
radiusd: #### Loading Realms and Home Servers ####
<br>
proxy server {
<br>
retry_delay = 5
<br>
retry_count = 3
<br>
default_fallback = no
<br>
dead_time = 120
<br>
wake_all_if_all_dead = no
<br>
}
<br>
home_server localhost {
<br>
ipaddr = 127.0.0.1
<br>
port = 1812
<br>
type = "auth"
<br>
secret = "testing123"
<br>
response_window = 20
<br>
max_outstanding = 65536
<br>
require_message_authenticator = yes
<br>
zombie_period = 40
<br>
status_check = "status-server"
<br>
ping_interval = 30
<br>
check_interval = 30
<br>
num_answers_to_alive = 3
<br>
num_pings_to_alive = 3
<br>
revive_interval = 120
<br>
status_check_timeout = 4
<br>
irt = 2
<br>
mrt = 16
<br>
mrc = 5
<br>
mrd = 30
<br>
}
<br>
home_server_pool my_auth_failover {
<br>
type = fail-over
<br>
home_server = localhost
<br>
}
<br>
realm example.com {
<br>
auth_pool = my_auth_failover
<br>
}
<br>
realm LOCAL {
<br>
}
<br>
radiusd: #### Loading Clients ####
<br>
client localhost {
<br>
ipaddr = 127.0.0.1
<br>
require_message_authenticator = no
<br>
secret = "testing123"
<br>
nastype = "other"
<br>
}
<br>
client jail {
<br>
ipaddr = 10.1.8.4
<br>
require_message_authenticator = no
<br>
secret = "password for jail client"
<br>
nastype = "other"
<br>
}
<br>
client WAP1 {
<br>
ipaddr = 10.1.8.127
<br>
require_message_authenticator = no
<br>
secret = "password for remote client"
<br>
nastype = "other"
<br>
}
<br>
radiusd: #### Instantiating modules ####
<br>
instantiate {
<br>
Module: Linked to module rlm_exec
<br>
Module: Instantiating module "exec" from file
/usr/local/etc/raddb/modules/exec
<br>
exec {
<br>
wait = no
<br>
input_pairs = "request"
<br>
shell_escape = yes
<br>
}
<br>
Module: Linked to module rlm_expr
<br>
Module: Instantiating module "expr" from file
/usr/local/etc/raddb/modules/expr
<br>
Module: Linked to module rlm_expiration
<br>
Module: Instantiating module "expiration" from file
/usr/local/etc/raddb/modules/expiration
<br>
expiration {
<br>
reply-message = "Password Has Expired "
<br>
}
<br>
Module: Linked to module rlm_logintime
<br>
Module: Instantiating module "logintime" from file
/usr/local/etc/raddb/modules/logintime
<br>
logintime {
<br>
reply-message = "You are calling outside your allowed
timespan "
<br>
minimum-timeout = 60
<br>
}
<br>
}
<br>
radiusd: #### Loading Virtual Servers ####
<br>
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
<br>
modules {
<br>
Module: Checking authenticate {...} for more modules to load
<br>
Module: Linked to module rlm_pap
<br>
Module: Instantiating module "pap" from file
/usr/local/etc/raddb/modules/pap
<br>
pap {
<br>
encryption_scheme = "auto"
<br>
auto_header = no
<br>
}
<br>
Module: Linked to module rlm_chap
<br>
Module: Instantiating module "chap" from file
/usr/local/etc/raddb/modules/chap
<br>
Module: Linked to module rlm_mschap
<br>
Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/modules/mschap
<br>
mschap {
<br>
use_mppe = yes
<br>
require_encryption = no
<br>
require_strong = no
<br>
with_ntdomain_hack = no
<br>
}
<br>
Module: Linked to module rlm_unix
<br>
Module: Instantiating module "unix" from file
/usr/local/etc/raddb/modules/unix
<br>
unix {
<br>
radwtmp = "/var/log/radwtmp"
<br>
}
<br>
Module: Linked to module rlm_eap
<br>
Module: Instantiating module "eap" from file
/usr/local/etc/raddb/eap.conf
<br>
eap {
<br>
default_eap_type = "md5"
<br>
timer_expire = 60
<br>
ignore_unknown_eap_types = no
<br>
cisco_accounting_username_bug = no
<br>
max_sessions = 4096
<br>
}
<br>
Module: Linked to sub-module rlm_eap_md5
<br>
Module: Instantiating eap-md5
<br>
Module: Linked to sub-module rlm_eap_leap
<br>
Module: Instantiating eap-leap
<br>
Module: Linked to sub-module rlm_eap_gtc
<br>
Module: Instantiating eap-gtc
<br>
gtc {
<br>
challenge = "Password: "
<br>
auth_type = "PAP"
<br>
}
<br>
Module: Linked to sub-module rlm_eap_tls
<br>
Module: Instantiating eap-tls
<br>
tls {
<br>
rsa_key_exchange = no
<br>
dh_key_exchange = yes
<br>
rsa_key_length = 512
<br>
dh_key_length = 512
<br>
verify_depth = 0
<br>
CA_path = "/etc/ssl/certs"
<br>
pem_file_type = yes
<br>
private_key_file = "/etc/ssl/certs/server.pem"
<br>
certificate_file = "/etc/ssl/certs/server.pem"
<br>
CA_file = "/etc/ssl/certs/ca.pem"
<br>
private_key_password = "password"
<br>
dh_file = "/etc/ssl/certs/dh"
<br>
random_file = "/etc/ssl/certs/random"
<br>
fragment_size = 1024
<br>
include_length = yes
<br>
check_crl = no
<br>
cipher_list = "DEFAULT"
<br>
make_cert_command = "/etc/ssl/certs/bootstrap"
<br>
cache {
<br>
enable = no
<br>
lifetime = 24
<br>
max_entries = 255
<br>
}
<br>
verify {
<br>
}
<br>
}
<br>
Module: Linked to sub-module rlm_eap_ttls
<br>
Module: Instantiating eap-ttls
<br>
ttls {
<br>
default_eap_type = "md5"
<br>
copy_request_to_tunnel = no
<br>
use_tunneled_reply = no
<br>
virtual_server = "inner-tunnel"
<br>
include_length = yes
<br>
}
<br>
Module: Linked to sub-module rlm_eap_peap
<br>
Module: Instantiating eap-peap
<br>
peap {
<br>
default_eap_type = "mschapv2"
<br>
copy_request_to_tunnel = no
<br>
use_tunneled_reply = no
<br>
proxy_tunneled_request_as_eap = yes
<br>
virtual_server = "inner-tunnel"
<br>
}
<br>
Module: Linked to sub-module rlm_eap_mschapv2
<br>
Module: Instantiating eap-mschapv2
<br>
mschapv2 {
<br>
with_ntdomain_hack = no
<br>
}
<br>
Module: Checking authorize {...} for more modules to load
<br>
Module: Linked to module rlm_realm
<br>
Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
<br>
realm suffix {
<br>
format = "suffix"
<br>
delimiter = "@"
<br>
ignore_default = no
<br>
ignore_null = no
<br>
}
<br>
Module: Linked to module rlm_files
<br>
Module: Instantiating module "files" from file
/usr/local/etc/raddb/modules/files
<br>
files {
<br>
usersfile = "/usr/local/etc/raddb/users"
<br>
acctusersfile = "/usr/local/etc/raddb/acct_users"
<br>
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
<br>
compat = "no"
<br>
}
<br>
Module: Checking session {...} for more modules to load
<br>
Module: Linked to module rlm_radutmp
<br>
Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
<br>
radutmp {
<br>
filename = "/var/log/radutmp"
<br>
username = "%{User-Name}"
<br>
case_sensitive = yes
<br>
check_with_nas = yes
<br>
perm = 384
<br>
callerid = yes
<br>
}
<br>
Module: Checking post-proxy {...} for more modules to load
<br>
Module: Checking post-auth {...} for more modules to load
<br>
Module: Linked to module rlm_attr_filter
<br>
Module: Instantiating module "attr_filter.access_reject" from
file /usr/local/etc/raddb/modules/attr_filter
<br>
attr_filter attr_filter.access_reject {
<br>
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
<br>
key = "%{User-Name}"
<br>
}
<br>
} # modules
<br>
} # server
<br>
server { # from file /usr/local/etc/raddb/radiusd.conf
<br>
modules {
<br>
Module: Checking authenticate {...} for more modules to load
<br>
Module: Linked to module rlm_digest
<br>
Module: Instantiating module "digest" from file
/usr/local/etc/raddb/modules/digest
<br>
Module: Checking authorize {...} for more modules to load
<br>
Module: Linked to module rlm_preprocess
<br>
Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
<br>
preprocess {
<br>
huntgroups = "/usr/local/etc/raddb/huntgroups"
<br>
hints = "/usr/local/etc/raddb/hints"
<br>
with_ascend_hack = no
<br>
ascend_channels_per_line = 23
<br>
with_ntdomain_hack = no
<br>
with_specialix_jetstream_hack = no
<br>
with_cisco_vsa_hack = no
<br>
with_alvarion_vsa_hack = no
<br>
}
<br>
Module: Linked to module rlm_sql
<br>
Module: Instantiating module "sql" from file
/usr/local/etc/raddb/sql.conf
<br>
sql {
<br>
driver = "rlm_sql_mysql"
<br>
server = "ip.of.SQL.server"
<br>
port = ""
<br>
login = "username"
<br>
password = "password"
<br>
radius_db = "dbname"
<br>
read_groups = yes
<br>
sqltrace = no
<br>
sqltracefile = "/var/log/sqltrace.sql"
<br>
readclients = no
<br>
deletestalesessions = yes
<br>
num_sql_socks = 5
<br>
lifetime = 0
<br>
max_queries = 0
<br>
sql_user_name =
"%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
<br>
default_user_profile = ""
<br>
nas_query = "SELECT id, nasname, shortname, type, secret,
server FROM nas"
<br>
authorize_check_query = "SELECT id, username, attribute,
value, op FROM radcheck WHERE username = BINARY
'%{SQL-User-Name}' ORDER BY id"
<br>
authorize_reply_query = "SELECT id, username, attribute,
value, op FROM radreply WHERE username = BINARY
'%{SQL-User-Name}' ORDER BY id"
<br>
authorize_group_check_query = "SELECT id, groupname,
attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id"
<br>
authorize_group_reply_query = "SELECT id, groupname,
attribute, value, op FROM
radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id"
<br>
accounting_onoff_query = " UPDATE
radacct SET acctstoptime =
'%S', acctsessiontime = unix_timestamp('%S') -
<br>
accounting_update_query = " UPDATE
radacct SET framedipaddress =
'%{Framed-IP-Address}', acctsessiontime =
'%{Acct-Session-Time}',
<br>
accounting_update_query_alt = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress,
nasportid,
<br>
accounting_start_query = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress,
nasportid, n
<br>
accounting_start_query_alt = " UPDATE radacct
SET acctstarttime = '%S',
acctstartdelay = '%{%{Acct-Delay-Time}:-0}',
connectinfo_start
<br>
accounting_stop_query = " UPDATE radacct
SET acctstoptime = '%S',
acctsessiontime = '%{Acct-Session-Time}',
acctinputoctets = '%{
<br>
accounting_stop_query_alt = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress,
nasportid, nasporttype, acctsta
<br>
group_membership_query = "SELECT groupname FROM
radusergroup WHERE username = BINARY
'%{SQL-User-Name}' ORDER BY priority"
<br>
connect_failure_retry_delay = 60
<br>
simul_count_query = ""
<br>
simul_verify_query = "SELECT radacctid, acctsessionid,
username, nasipaddress, nasportid,
framedipaddress, callingstationid,
fra
<br>
postauth_query = "INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES
( '%{User-Name}',
<br>
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"
<br>
}
<br>
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded
and linked
<br>
rlm_sql (sql): Attempting to connect to <a
class="moz-txt-link-abbreviated"
href="mailto:radius@mysql.it.cyanide-studio.com:/radius">radius@mysql.it.cyanide-studio.com:/radius</a>
<br>
rlm_sql (sql): starting 0
<br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
<br>
rlm_sql_mysql: Starting connect to MySQL server for #0
<br>
rlm_sql (sql): Connected new DB handle, #0
<br>
rlm_sql (sql): starting 1
<br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
<br>
rlm_sql_mysql: Starting connect to MySQL server for #1
<br>
rlm_sql (sql): Connected new DB handle, #1
<br>
rlm_sql (sql): starting 2
<br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
<br>
rlm_sql_mysql: Starting connect to MySQL server for #2
<br>
rlm_sql (sql): Connected new DB handle, #2
<br>
rlm_sql (sql): starting 3
<br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
<br>
rlm_sql_mysql: Starting connect to MySQL server for #3
<br>
rlm_sql (sql): Connected new DB handle, #3
<br>
rlm_sql (sql): starting 4
<br>
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
<br>
rlm_sql_mysql: Starting connect to MySQL server for #4
<br>
rlm_sql (sql): Connected new DB handle, #4
<br>
Module: Checking preacct {...} for more modules to load
<br>
Module: Linked to module rlm_acct_unique
<br>
Module: Instantiating module "acct_unique" from file
/usr/local/etc/raddb/modules/acct_unique
<br>
acct_unique {
<br>
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
<br>
}
<br>
Module: Checking accounting {...} for more modules to load
<br>
Module: Linked to module rlm_detail
<br>
Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
<br>
detail {
<br>
detailfile = "<i class="moz-txt-slash"><span
class="moz-txt-tag">/</span>var/log/radacct<span
class="moz-txt-tag">/</span></i>%{Client-IP-Address}/detail-%Y%m%d"
<br>
header = "%t"
<br>
detailperm = 384
<br>
dirperm = 493
<br>
locking = no
<br>
log_packet_header = no
<br>
}
<br>
Module: Instantiating module "attr_filter.accounting_response"
from file /usr/local/etc/raddb/modules/attr_filter
<br>
attr_filter attr_filter.accounting_response {
<br>
attrsfile =
"/usr/local/etc/raddb/attrs.accounting_response"
<br>
key = "%{User-Name}"
<br>
}
<br>
Module: Checking session {...} for more modules to load
<br>
Module: Checking post-proxy {...} for more modules to load
<br>
Module: Checking post-auth {...} for more modules to load
<br>
} # modules
<br>
} # server
<br>
radiusd: #### Opening IP addresses and Ports ####
<br>
listen {
<br>
type = "auth"
<br>
ipaddr = *
<br>
port = 0
<br>
}
<br>
listen {
<br>
type = "acct"
<br>
ipaddr = *
<br>
port = 0
<br>
}
<br>
listen {
<br>
type = "control"
<br>
listen {
<br>
socket = "/var/run/radiusd/radiusd.sock"
<br>
}
<br>
}
<br>
listen {
<br>
type = "auth"
<br>
ipaddr = 127.0.0.1
<br>
port = 18120
<br>
}
<br>
Listening on authentication address * port 1812
<br>
Listening on accounting address * port 1813
<br>
Listening on command file /var/run/radiusd/radiusd.sock
<br>
Listening on authentication address 10.1.8.4 port 18120 as server
inner-tunnel
<br>
Listening on proxy address * port 1814
<br>
Ready to process requests.
<br>
<br>
<br>
<div class="moz-txt-sig"><span class="moz-txt-tag">-- <br>
</span>
<br>
Bastien Semene
<br>
Administrateur Réseau& Système
<br>
<br>
Cyanide Studio - FRANCE
<br>
<br>
</div>
</div>
<pre class="moz-signature" cols="72">--
If you think experts are expensive,
wait to see what amateurs will cost you
--
Bastien Semene
Administrateur Réseau & Système
Cyanide Studio - FRANCE
</pre>
</body>
</html>