<div dir="ltr"><div>Hi </div><div>I wanna use freeradius2 as a radius-server and dhcp-server.</div><div>When I try to connect to radius-server,following errors show up.</div><div>I think authentication is look fine.then message said sqlippool not defined.</div>
<div>but I set up as below.</div><div>What's wrong with my settings?</div><div><br></div><div>------------radiusd -X-----------------</div><div> ... adding new socket proxy address * port 55682</div><div>Listening on authentication address * port 1812</div>
<div>Listening on accounting address * port 1813</div><div>Listening on command file /var/run/radiusd/radiusd.sock</div><div>Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel</div><div>Listening on proxy address * port 1814</div>
<div>Ready to process requests.</div><div>rad_recv: Access-Request packet from host 10.0.5.200 port 50000, id=3, length=205</div><div> User-Password = "test"</div><div> User-Name = "<a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>"</div>
<div> Acct-Session-Id = "erx FastEthernet 1/6:0011534340"</div><div> Service-Type = Framed-User</div><div> Framed-Protocol = PPP</div><div> ERX-Pppoe-Description = "pppoe 00:1d:72:c6:7b:d5"</div>
<div> Calling-Station-Id = "#ERX-40-b0-7a#E16#0"</div><div> NAS-Port-Type = Ethernet</div><div> NAS-Port = 369098752</div><div> NAS-Port-Id = "FastEthernet 1/6"</div><div> NAS-IP-Address = 10.0.5.200</div>
<div> NAS-Identifier = "ERX-40-b0-7a"</div><div># Executing section authorize from file /etc/raddb/sites-enabled/default</div><div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div>
<div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>++[digest] returns noop</div><div>[suffix] Looking up realm "<a href="http://mondomaine.fr">mondomaine.fr</a>" for User-Name = "<a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>"</div>
<div>[suffix] No such realm "<a href="http://mondomaine.fr">mondomaine.fr</a>"</div><div>++[suffix] returns noop</div><div>[eap] No EAP-Message, not doing EAP</div><div>++[eap] returns noop</div><div>[files] users: Matched entry <a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a> at line 6</div>
<div>[files] users: Matched entry DEFAULT at line 183</div><div>++[files] returns ok</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>++[pap] returns updated</div><div>Found Auth-Type = PAP</div>
<div># Executing group from file /etc/raddb/sites-enabled/default</div><div>+- entering group PAP {...}</div><div>[pap] login attempt with password "test"</div><div>[pap] Using clear text password "test"</div>
<div>[pap] User authenticated successfully</div><div>++[pap] returns ok</div><div>Login OK: [<a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>] (from client GGSN1 port 369098752 cli #ERX-40-b0-7a#E16#0)</div><div>
# Executing section post-auth from file /etc/raddb/sites-enabled/default</div><div>+- entering group post-auth {...}</div><div>[sqlippool] No Pool-Name defined.</div><div>[sqlippool] expand: No Pool-Name defined (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> No Pool-Name defined (did cli #ERX-40-b0-7a#E16#0 port 369098752 user <a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>)</div>
<div>No Pool-Name defined (did cli #ERX-40-b0-7a#E16#0 port 369098752 user <a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>)</div><div>++[sqlippool] returns noop</div><div>++[exec] returns noop</div><div>Sending Access-Accept of id 3 to 10.0.5.200 port 50000</div>
<div> NAS-IP-Address == 10.0.5.200</div><div> Framed-Protocol = PPP</div><div> Framed-Compression = Van-Jacobson-TCP-IP</div><div>Finished request 0.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div>
<div>rad_recv: Accounting-Request packet from host 10.0.5.200 port 50016, id=73, length=246</div><div> Acct-Status-Type = Stop</div><div> User-Name = "<a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>"</div>
<div> Event-Timestamp = "Apr 27 2014 14:19:10 PDT"</div><div> Acct-Delay-Time = 0</div><div> NAS-Identifier = "ERX-40-b0-7a"</div><div> Acct-Session-Id = "erx FastEthernet 1/6:0011534340"</div>
<div> NAS-IP-Address = 10.0.5.200</div><div> Service-Type = Framed-User</div><div> Calling-Station-Id = "#ERX-40-b0-7a#E16#0"</div><div> Acct-Input-Gigawords = 0</div><div> Acct-Input-Octets = 0</div>
<div> Acct-Output-Gigawords = 0</div><div> Acct-Output-Octets = 0</div><div> ERX-Input-Gigapkts = 0</div><div> Acct-Input-Packets = 0</div><div> ERX-Output-Gigapkts = 0</div><div> Acct-Output-Packets = 0</div>
<div> NAS-Port-Type = Ethernet</div><div> NAS-Port = 369098752</div><div> NAS-Port-Id = "FastEthernet 1/6"</div><div> Acct-Authentic = RADIUS</div><div> Acct-Session-Time = 0</div>
<div> Acct-Terminate-Cause = NAS-Request</div><div># Executing section preacct from file /etc/raddb/sites-enabled/default</div><div>+- entering group preacct {...}</div><div>++[preprocess] returns ok</div><div>[acct_unique] Hashing 'NAS-Port = 369098752,Client-IP-Address = 10.0.5.200,NAS-IP-Address = 10.0.5.200,Acct-Session-Id = "erx FastEthernet 1/6:0011534340",User-Name = "<a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>"'</div>
<div>[acct_unique] Acct-Unique-Session-ID = "fbbf6a6fb6bf3d32".</div><div>++[acct_unique] returns ok</div><div>[suffix] Looking up realm "<a href="http://mondomaine.fr">mondomaine.fr</a>" for User-Name = "<a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>"</div>
<div>[suffix] No such realm "<a href="http://mondomaine.fr">mondomaine.fr</a>"</div><div>++[suffix] returns noop</div><div>++[files] returns noop</div><div># Executing section accounting from file /etc/raddb/sites-enabled/default</div>
<div>+- entering group accounting {...}</div><div>[detail] expand: %{Packet-Src-IP-Address} -> 10.0.5.200</div><div>[detail] expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.0.5.200/detail-20140427">10.0.5.200/detail-20140427</a></div>
<div>[detail] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.0.5.200/detail-20140427">10.0.5.200/detail-20140427</a></div>
<div>[detail] expand: %t -> Sun Apr 27 22:49:32 2014</div><div>++[detail] returns ok</div><div>++[unix] returns ok</div><div>[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp</div><div>
[radutmp] expand: %{User-Name} -> <a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a></div><div>rlm_radutmp: Logout for NAS GGSN1 port 369098752, but no Login record</div><div>++[radutmp] returns ok</div><div>
rlm_sql (sql): Reserving sql socket id: 13</div><div>[sqlippool] expand: %{User-Name} -> <a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a></div><div>[sqlippool] sql_set_user escaped user --> '<a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>'</div>
<div>[sqlippool] expand: START TRANSACTION -> START TRANSACTION</div><div>[sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE nasipaddress = '10.0.5.200' AND pool_key = '369098752' AND username = '<a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>' AND callingstationid = '=23ERX-40-b0-7a=23E16=230' AND framedipaddress = ''</div>
<div>[sqlippool] expand: COMMIT -> COMMIT</div><div>[sqlippool] expand: Released IP %{Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name}) -> Released IP (did cli #ERX-40-b0-7a#E16#0 user <a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>)</div>
<div>Released IP (did cli #ERX-40-b0-7a#E16#0 user <a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a>)</div><div>rlm_sql (sql): Released sql socket id: 13</div><div>++[sqlippool] returns ok</div><div>++[exec] returns noop</div>
<div>[attr_filter.accounting_response] expand: %{User-Name} -> <a href="mailto:user@mondomaine.fr">user@mondomaine.fr</a></div><div>attr_filter: Matched entry DEFAULT at line 12</div><div>++[attr_filter.accounting_response] returns updated</div>
<div>Sending Accounting-Response of id 73 to 10.0.5.200 port 50016</div><div>Finished request 1.</div><div>Cleaning up request 1 ID 73 with timestamp +10</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div>
<div>Cleaning up request 0 ID 3 with timestamp +10</div><div>Ready to process requests.</div><div>------------------------------------------------------------</div><div><br></div><div><br></div><div><br></div><div><br></div>
<div><br></div><div>---------------------sqlippool.conf------------------------------</div><div><div>## Configuration for the SQL based IP Pool module (rlm_sqlippool)</div><div>##</div><div>## The database schemas are available at:</div>
<div>##</div><div>## raddb/sql/DB/ippool.sql</div><div>##</div><div>## $Id$</div><div><br></div><div>sqlippool {</div><div><br></div><div> #########################################</div><div> ## SQL instance to use (from sql.conf) ##</div>
<div> ##</div><div> ## If you have multiple sql instances, such as "sql sql1 {...}",</div><div> ## use the *instance* name here: sql1.</div><div> #########################################</div><div> sql-instance-name = "sql"</div>
<div><br></div><div> ## SQL table to use for ippool range and lease info</div><div> ippool_table = "radippool"</div><div><br></div><div> ## IP lease duration. (Leases expire even if Acct Stop packet is lost)</div>
<div> lease-duration = 3600</div><div><br></div><div> ## Attribute which should be considered unique per NAS</div><div> ## Using NAS-Port gives behaviour similar to rlm_ippool. (And ACS)</div><div> ## Using Calling-Station-Id works for NAS that send fixed NAS-Port</div>
<div> ## ONLY change this if you know what you are doing!</div><div> pool-key = "%{NAS-Port}"</div><div> # pool-key = "%{Calling-Station-Id}"</div><div><br></div><div> ################################################################</div>
<div> #</div><div> # WARNING: MySQL has certain limitations that means it can</div><div> # hand out the same IP address to 2 different users.</div><div> #</div><div> # We suggest using an SQL DB with proper transaction</div>
<div> # support, such as PostgreSQL, or using MySQL</div><div> #<span class="" style="white-space:pre"> </span> with InnoDB.</div><div> #</div><div> ################################################################</div>
<div><br></div><div> #</div><div> # Use the same database as configured in the "sql" module, "database"</div><div> # configuration item. Change the "postgresql" name below to be the</div><div>
# same as the "database" field of the SQL module referred to in the</div><div> # "sql-instance-name", above.</div><div> #</div><div>#$INCLUDE sql/postgresql/ippool.conf</div><div>$INCLUDE sql/mysql/ippool.conf</div>
<div> </div><div> ## Logging configuration. (Comment out to disable logging)</div><div> sqlippool_log_exists = "Existing IP: %{reply:Framed-IP-Address} \</div><div> (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"</div>
<div><br></div><div> sqlippool_log_success = "Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} \</div><div> (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"</div>
<div><br></div><div> sqlippool_log_clear = "Released IP %{Framed-IP-Address}\</div><div> (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name})"</div><div><br></div><div> sqlippool_log_failed = "IP Allocation FAILED from %{control:Pool-Name} \</div>
<div> (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"</div><div><br></div><div> sqlippool_log_nopool = "No Pool-Name defined \</div><div> (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"</div>
<div><br></div><div>}</div></div><div>-------------------------------------------------------------------</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>------------------------------sql.conf---------------------------------</div>
<div><div># -*- text -*-</div><div>##</div><div>## sql.conf -- SQL modules</div><div>##</div><div>##<span class="" style="white-space:pre"> </span>$Id$</div><div><br></div><div>######################################################################</div>
<div>#</div><div># Configuration for the SQL module</div><div>#</div><div># The database schemas and queries are located in subdirectories:</div><div>#</div><div>#<span class="" style="white-space:pre"> </span>sql/DB/schema.sql<span class="" style="white-space:pre"> </span>Schema</div>
<div>#<span class="" style="white-space:pre"> </span>sql/DB/dialup.conf<span class="" style="white-space:pre"> </span>Basic dialup (including policy) queries</div><div>#<span class="" style="white-space:pre"> </span>sql/DB/counter.conf<span class="" style="white-space:pre"> </span>counter</div>
<div>#<span class="" style="white-space:pre"> </span>sql/DB/ippool.conf<span class="" style="white-space:pre"> </span>IP Pools in SQL</div><div>#<span class="" style="white-space:pre"> </span>sql/DB/ippool.sql<span class="" style="white-space:pre"> </span>schema for IP pools.</div>
<div>#</div><div># Where "DB" is mysql, mssql, oracle, or postgresql.</div><div>#</div><div><br></div><div>sql {</div><div><span class="" style="white-space:pre"> </span>#</div><div><span class="" style="white-space:pre"> </span># Set the database to one of:</div>
<div><span class="" style="white-space:pre"> </span>#</div><div><span class="" style="white-space:pre"> </span>#<span class="" style="white-space:pre"> </span>mysql, mssql, oracle, postgresql</div><div><span class="" style="white-space:pre"> </span>#</div>
<div><span class="" style="white-space:pre"> </span>database = "mysql"</div><div><br></div><div><span class="" style="white-space:pre"> </span>#</div><div><span class="" style="white-space:pre"> </span># Which FreeRADIUS driver to use.</div>
<div><span class="" style="white-space:pre"> </span>#</div><div><span class="" style="white-space:pre"> </span>driver = "rlm_sql_${database}"</div><div><br></div><div><span class="" style="white-space:pre"> </span># Connection info:</div>
<div><span class="" style="white-space:pre"> </span>server = "localhost"</div><div><span class="" style="white-space:pre"> </span>#port = 3306</div><div><span class="" style="white-space:pre"> </span>login = "userfreeradius"</div>
<div><span class="" style="white-space:pre"> </span>password = "pwdfreeradius"</div><div><br></div><div><span class="" style="white-space:pre"> </span># Database table configuration for everything except Oracle</div>
<div><span class="" style="white-space:pre"> </span>radius_db = "freeradius"</div><div><span class="" style="white-space:pre"> </span># If you are using Oracle then use this instead</div><div> # radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))"</div>
<div><br></div><div><span class="" style="white-space:pre"> </span># If you want both stop and start records logged to the</div><div><span class="" style="white-space:pre"> </span># same SQL table, leave this as is. If you want them in</div>
<div><span class="" style="white-space:pre"> </span># different tables, put the start table in acct_table1</div><div><span class="" style="white-space:pre"> </span># and stop table in acct_table2</div><div><span class="" style="white-space:pre"> </span>acct_table1 = "radacct"</div>
<div><span class="" style="white-space:pre"> </span>acct_table2 = "radacct"</div><div><br></div><div><span class="" style="white-space:pre"> </span># Allow for storing data after authentication</div><div><span class="" style="white-space:pre"> </span>postauth_table = "radpostauth"</div>
<div><br></div><div><span class="" style="white-space:pre"> </span>authcheck_table = "radcheck"</div><div><span class="" style="white-space:pre"> </span>authreply_table = "radreply"</div><div><br></div>
<div><span class="" style="white-space:pre"> </span>groupcheck_table = "radgroupcheck"</div><div><span class="" style="white-space:pre"> </span>groupreply_table = "radgroupreply"</div><div><br></div><div>
<span class="" style="white-space:pre"> </span># Table to keep group info</div><div><span class="" style="white-space:pre"> </span>usergroup_table = "radusergroup"</div><div><br></div><div><span class="" style="white-space:pre"> </span># If set to 'yes' (default) we read the group tables</div>
<div><span class="" style="white-space:pre"> </span># If set to 'no' the user MUST have Fall-Through = Yes in the radreply table</div><div><span class="" style="white-space:pre"> </span>read_groups = yes</div><div>
<br></div><div><span class="" style="white-space:pre"> </span># Remove stale session if checkrad does not see a double login</div><div><span class="" style="white-space:pre"> </span>deletestalesessions = yes</div><div><br>
</div><div><span class="" style="white-space:pre"> </span># Print all SQL statements when in debug mode (-x)</div><div><span class="" style="white-space:pre"> </span>sqltrace = no</div><div><span class="" style="white-space:pre"> </span>sqltracefile = ${logdir}/sqltrace.sql</div>
<div><br></div><div><span class="" style="white-space:pre"> </span># number of sql connections to make to server</div><div><span class="" style="white-space:pre"> </span>num_sql_socks = 15</div><div><br></div><div><span class="" style="white-space:pre"> </span># number of seconds to dely retrying on a failed database</div>
<div><span class="" style="white-space:pre"> </span># connection (per_socket)</div><div><span class="" style="white-space:pre"> </span>connect_failure_retry_delay = 60</div><div><br></div><div><span class="" style="white-space:pre"> </span># lifetime of an SQL socket. If you are having network issues</div>
<div><span class="" style="white-space:pre"> </span># such as TCP sessions expiring, you may need to set the socket</div><div><span class="" style="white-space:pre"> </span># lifetime. If set to non-zero, any open connections will be</div>
<div><span class="" style="white-space:pre"> </span># closed "lifetime" seconds after they were first opened.</div><div><span class="" style="white-space:pre"> </span>lifetime = 0</div><div><br></div><div><span class="" style="white-space:pre"> </span># Maximum number of queries used by an SQL socket. If you are</div>
<div><span class="" style="white-space:pre"> </span># having issues with SQL sockets lasting "too long", you can</div><div><span class="" style="white-space:pre"> </span># limit the number of queries performed over one socket. After</div>
<div><span class="" style="white-space:pre"> </span># "max_qeuries", the socket will be closed. Use 0 for "no limit".</div><div><span class="" style="white-space:pre"> </span>max_queries = 0</div><div>
<br></div><div><span class="" style="white-space:pre"> </span># Set to 'yes' to read radius clients from the database ('nas' table)</div><div><span class="" style="white-space:pre"> </span># Clients will ONLY be read on server startup. For performance</div>
<div><span class="" style="white-space:pre"> </span># and security reasons, finding clients via SQL queries CANNOT</div><div><span class="" style="white-space:pre"> </span># be done "live" while the server is running.</div>
<div><span class="" style="white-space:pre"> </span># </div><div><span class="" style="white-space:pre"> </span>readclients = yes</div><div><br></div><div><span class="" style="white-space:pre"> </span># Table to keep radius client info</div>
<div><span class="" style="white-space:pre"> </span>nas_table = "nas"</div><div><br></div><div><span class="" style="white-space:pre"> </span># Read driver-specific configuration</div><div><span class="" style="white-space:pre"> </span>$INCLUDE sql/${database}/dialup.conf</div>
<div>}</div></div><div>---------------------------------------------------------------------------</div><div><br></div><div>If these information is not enough please let me know.</div><div><br></div><div>Thanks,</div><div>
<br></div><div><br></div><div><br></div></div>