Hi all,

it is solved now, everything was OK except some configuration mistakes, during configuration i followed freeradius.org HOWTO here: http://wiki.freeradius.org/SQL_HOWTO and this HOWTO is for versions before 2 i guess, because it says:

Edit /etc/raddb/radiusd.conf and add a line saying 'sql' to the authorize{} section (which is towards the end of the file). The best place to put it is just after the 'files' entry. Indeed, if you'll just be using SQL, and not falling back to text files, you could comment out or delete the 'files' entry altogether.

i did this in radiusd.conf, so there were duplicate authrize{}, session{}, one in radiusd.conf and other one in the include file /etc/freeradius/sql/mysql/sites-enabled/default.

just removing lines of authorize{} and session{} from radiusd.conf and configuring properly at /etc/freeradiusd/sql/mysql/sites-enabled/default everything works fine now.

thank you for your support Leigh Martell.
and thanks to freeradius.org team.

update http://wiki.freeradius.org/SQL_HOWTO so new users can follow.

On Fri, Jan 16, 2009 at 5:14 PM, <freeradius-users-request@lists.freeradius.org> wrote:
Send Freeradius-Users mailing list submissions to
       freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
       http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
       freeradius-users-request@lists.freeradius.org

You can reach the person managing the list at
       freeradius-users-owner@lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

  1. Freeradius + MySQL problem (obaid ghaznawi)
  2. Re: Freeradius + MySQL problem (Leigh Martell)


----------------------------------------------------------------------

Message: 1
Date: Fri, 16 Jan 2009 16:49:11 +0300
From: obaid ghaznawi <onaogh@gmail.com>
Subject: Freeradius + MySQL problem
To: freeradius-users@lists.freeradius.org
Message-ID:
       <b8f8e85f0901160549y545cb350ucbf11e3af785a103@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

hi, first of all, i thank all people who are giving thier time to help.

before i subscribe here and post my email,  i am searching around in
internet since a week
and trying my best to solve it, i have learned many things,but there is one
problem i cannot get it solved.
i am trying to make hotspot for some building, i choosed:
Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
server
and CoovaAP on WRT54GL sending user credentials to backend server for
authentication
my configs (default settings not showed, lines i changed showed)

freeradius radiusd.conf
================================================
   .
   .     all default
   .
log {
   .
   .
       #at the end of log{
       auth = yes
       auth_badpass = yes
       auth_goodpass = yes
}

modules {
   .
   .
   .
   $INCLUDE sql.conf #already there
   $INCLUDE sql/mysql/counter.conf #already there
   .
   .
   .
}

authorize{
       preprocess
       chap
       mschap
       suffix
       eap
       sql #if i comment out sql and use file, it works, i recive
Packet-Accept, with SQL see the pap warning in debug text
       pap
}

accounting{
       detail
       sql
}

session{
       sql
}
==================================================
clients.conf

client localhost {
       ipaddr = 127.0.0.1
       secret          = clientradsec36365
       require_message_authenticator = no
       nastype     = other

}
==================================================
sql.conf
sql {
       database = "mysql"
       driver = "rlm_sql_${database}"
       server = "localhost"
       login = "radius"
       password = "frsqldblogin36365"
       radius_db = "radius"
              .
              .
              .
       sqltrace = yes
       sqltracefile = ${logdir}/sqltrace.sql
.
.
}

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

/etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
mysql "radius" database, radius@localhost user granted all on radius.*

dummy data in tables:

mysql> SELECT * FROM radcheck;
+----+----------+--------------------+----+-------+
| id | username | attribute          | op | value |
+----+----------+--------------------+----+-------+
|  1 | obaid    | Cleartext-Password | := | 36365 |
+----+----------+--------------------+----+-------+
1 row in set (0.00 sec)

mysql> SELECT * FROM radusergroup;
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| obaid    | hotspot   |        0 |
+----------+-----------+----------+
1 row in set (0.01 sec)

mysql> SELECT * FROM radgroupcheck;
+----+-----------+-----------+----+-------+
| id | groupname | attribute | op | value |
+----+-----------+-----------+----+-------+
|  2 | hotspot   | Auth-Type | := | Local |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)


mysql> SELECT * FROM radreply;
+----+----------+---------------+----+-------+
| id | username | attribute     | op | value |
+----+----------+---------------+----+-------+
|  1 | obaid    | Reply-Message | := | Hello |
+----+----------+---------------+----+-------+
1 row in set (0.00 sec)

mysql> SELECT * FROM radgroupreply;
+----+-----------+-----------------+----+-------------+
| id | groupname | attribute       | op | value       |
+----+-----------+-----------------+----+-------------+
|  1 | hotspot   | Framed-Protocol | := | PPP         |
|  2 | hotspot   | Service-Type    | := | Framed-User |
+----+-----------+-----------------+----+-------------+
2 rows in set (0.00 sec)

@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$

now when running /usr/sbin/freeradius -X and send auth request with radtest
i get
radtest obaid 36365 localhost 1812 clientradsec36365

Sending Access-Request of id 96 to 127.0.0.1 port 1812
       User-Name = "obaid"
       User-Password = "36365"
       NAS-IP-Address = 192.168.1.100
       NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
length=20

freeradius -X:

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
length=57
       User-Name = "obaid"
       User-Password = "36365"
       NAS-IP-Address = 192.168.1.100
       NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "obaid", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [obaid/36365] (from client server port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
       expand: %{User-Name} -> obaid
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 96 to 127.0.0.1 port 40386
Waking up in 4.9 seconds.
Cleaning up request 0 ID 96 with timestamp +17
Ready to process requests.

-=========================================================
have you noticed that debug output doesnt talk about sql queries ???, and
nothing about sql queries in log files.

i have used ntradping to send authentication request with CHAP ticked/not
ticked, and i get the same rad+recv:Access-Reject.

but with all same config (except commenting sql and uncomment file in
radius.conf) and radtesting it works fine.

it is probably radius cant query mysql, but i used mtop (mysql monitoring
tool) and it showes that radius queried mysql

or it might be wrong dummy data...
-----

i will appreciate it very much if some one will guide me through this.

thanks for reading.

Obaid Ghaznawi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/ea93dfa4/attachment.html>

------------------------------

Message: 2
Date: Fri, 16 Jan 2009 09:13:56 -0500
From: Leigh Martell <leigh.martell@gmail.com>
Subject: Re: Freeradius + MySQL problem
To: FreeRadius users mailing list
       <freeradius-users@lists.freeradius.org>
Message-ID:
       <ab1a43830901160613i7919e76fp1cca31846bd6295c@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Post the entire debug from start to finish and as well as some tests. The
first whack of debug tells you how freeradius is parsing your config.

Once you have that done we should be able to figure where the issue lie.

Take Care,
Leigh

On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi <onaogh@gmail.com> wrote:

> hi, first of all, i thank all people who are giving thier time to help.
>
> before i subscribe here and post my email,  i am searching around in
> internet since a week
> and trying my best to solve it, i have learned many things,but there is one
> problem i cannot get it solved.
> i am trying to make hotspot for some building, i choosed:
> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
> server
> and CoovaAP on WRT54GL sending user credentials to backend server for
> authentication
> my configs (default settings not showed, lines i changed showed)
>
> freeradius radiusd.conf
> ================================================
>     .
>     .     all default
>     .
> log {
>     .
>     .
>         #at the end of log{
>         auth = yes
>         auth_badpass = yes
>         auth_goodpass = yes
> }
>
> modules {
>     .
>     .
>     .
>     $INCLUDE sql.conf #already there
>     $INCLUDE sql/mysql/counter.conf #already there
>     .
>     .
>     .
> }
>
> authorize{
>         preprocess
>         chap
>         mschap
>         suffix
>         eap
>         sql #if i comment out sql and use file, it works, i recive
> Packet-Accept, with SQL see the pap warning in debug text
>         pap
> }
>
> accounting{
>         detail
>         sql
> }
>
> session{
>         sql
> }
> ==================================================
> clients.conf
>
> client localhost {
>         ipaddr = 127.0.0.1
>         secret          = clientradsec36365
>         require_message_authenticator = no
>         nastype     = other
>
> }
> ==================================================
> sql.conf
> sql {
>         database = "mysql"
>         driver = "rlm_sql_${database}"
>         server = "localhost"
>         login = "radius"
>         password = "frsqldblogin36365"
>         radius_db = "radius"
>                .
>                .
>                .
>         sqltrace = yes
>         sqltracefile = ${logdir}/sqltrace.sql
> .
> .
> }
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>
> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
> mysql "radius" database, radius@localhost user granted all on radius.*
>
> dummy data in tables:
>
> mysql> SELECT * FROM radcheck;
> +----+----------+--------------------+----+-------+
> | id | username | attribute          | op | value |
> +----+----------+--------------------+----+-------+
> |  1 | obaid    | Cleartext-Password | := | 36365 |
> +----+----------+--------------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radusergroup;
> +----------+-----------+----------+
> | username | groupname | priority |
> +----------+-----------+----------+
> | obaid    | hotspot   |        0 |
> +----------+-----------+----------+
> 1 row in set (0.01 sec)
>
> mysql> SELECT * FROM radgroupcheck;
> +----+-----------+-----------+----+-------+
> | id | groupname | attribute | op | value |
> +----+-----------+-----------+----+-------+
> |  2 | hotspot   | Auth-Type | := | Local |
> +----+-----------+-----------+----+-------+
> 1 row in set (0.00 sec)
>
>
> mysql> SELECT * FROM radreply;
> +----+----------+---------------+----+-------+
> | id | username | attribute     | op | value |
> +----+----------+---------------+----+-------+
> |  1 | obaid    | Reply-Message | := | Hello |
> +----+----------+---------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radgroupreply;
> +----+-----------+-----------------+----+-------------+
> | id | groupname | attribute       | op | value       |
> +----+-----------+-----------------+----+-------------+
> |  1 | hotspot   | Framed-Protocol | := | PPP         |
> |  2 | hotspot   | Service-Type    | := | Framed-User |
> +----+-----------+-----------------+----+-------------+
> 2 rows in set (0.00 sec)
>
> @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
>
> now when running /usr/sbin/freeradius -X and send auth request with radtest
> i get
> radtest obaid 36365 localhost 1812 clientradsec36365
>
> Sending Access-Request of id 96 to 127.0.0.1 port 1812
>         User-Name = "obaid"
>         User-Password = "36365"
>         NAS-IP-Address = 192.168.1.100
>         NAS-Port = 1812
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
> length=20
>
> freeradius -X:
>
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
> length=57
>         User-Name = "obaid"
>         User-Password = "36365"
>         NAS-IP-Address = 192.168.1.100
>         NAS-Port = 1812
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "obaid", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.  Authentication
> may fail because of this.
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [obaid/36365] (from client server port 1812)
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
>         expand: %{User-Name} -> obaid
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 96 to 127.0.0.1 port 40386
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 96 with timestamp +17
> Ready to process requests.
>
> -=========================================================
> have you noticed that debug output doesnt talk about sql queries ???, and
> nothing about sql queries in log files.
>
> i have used ntradping to send authentication request with CHAP ticked/not
> ticked, and i get the same rad+recv:Access-Reject.
>
> but with all same config (except commenting sql and uncomment file in
> radius.conf) and radtesting it works fine.
>
> it is probably radius cant query mysql, but i used mtop (mysql monitoring
> tool) and it showes that radius queried mysql
>
> or it might be wrong dummy data...
> -----
>
> i will appreciate it very much if some one will guide me through this.
>
> thanks for reading.
>
> Obaid Ghaznawi
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/2c9cfa4e/attachment.html>

------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


End of Freeradius-Users Digest, Vol 45, Issue 60
************************************************