Edit /etc/raddb/radiusd.conf and add a line saying 'sql' to the authorize{} section (which is towards the end of the file). The best place to put it is just after the 'files' entry. Indeed, if you'll just be using SQL, and not falling back to text files, you could comment out or delete the 'files' entry altogether.
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Freeradius + MySQL problem (obaid ghaznawi)
2. Re: Freeradius + MySQL problem (Leigh Martell)
----------------------------------------------------------------------
Message: 1
Date: Fri, 16 Jan 2009 16:49:11 +0300
From: obaid ghaznawi <onaogh@gmail.com>
Subject: Freeradius + MySQL problem
To: freeradius-users@lists.freeradius.org
Message-ID:
<b8f8e85f0901160549y545cb350ucbf11e3af785a103@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
hi, first of all, i thank all people who are giving thier time to help.
before i subscribe here and post my email, i am searching around in
internet since a week
and trying my best to solve it, i have learned many things,but there is one
problem i cannot get it solved.
i am trying to make hotspot for some building, i choosed:
Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
server
and CoovaAP on WRT54GL sending user credentials to backend server for
authentication
my configs (default settings not showed, lines i changed showed)
freeradius radiusd.conf
================================================
.
. all default
.
log {
.
.
#at the end of log{
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
modules {
.
.
.
$INCLUDE sql.conf #already there
$INCLUDE sql/mysql/counter.conf #already there
.
.
.
}
authorize{
preprocess
chap
mschap
suffix
eap
sql #if i comment out sql and use file, it works, i recive
Packet-Accept, with SQL see the pap warning in debug text
pap
}
accounting{
detail
sql
}
session{
sql
}
==================================================
clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = clientradsec36365
require_message_authenticator = no
nastype = other
}
==================================================
sql.conf
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "radius"
password = "frsqldblogin36365"
radius_db = "radius"
.
.
.
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
.
.
}
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
/etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
mysql "radius" database, radius@localhost user granted all on radius.*
dummy data in tables:
mysql> SELECT * FROM radcheck;
+----+----------+--------------------+----+-------+
| id | username | attribute | op | value |
+----+----------+--------------------+----+-------+
| 1 | obaid | Cleartext-Password | := | 36365 |
+----+----------+--------------------+----+-------+
1 row in set (0.00 sec)
mysql> SELECT * FROM radusergroup;
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| obaid | hotspot | 0 |
+----------+-----------+----------+
1 row in set (0.01 sec)
mysql> SELECT * FROM radgroupcheck;
+----+-----------+-----------+----+-------+
| id | groupname | attribute | op | value |
+----+-----------+-----------+----+-------+
| 2 | hotspot | Auth-Type | := | Local |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)
mysql> SELECT * FROM radreply;
+----+----------+---------------+----+-------+
| id | username | attribute | op | value |
+----+----------+---------------+----+-------+
| 1 | obaid | Reply-Message | := | Hello |
+----+----------+---------------+----+-------+
1 row in set (0.00 sec)
mysql> SELECT * FROM radgroupreply;
+----+-----------+-----------------+----+-------------+
| id | groupname | attribute | op | value |
+----+-----------+-----------------+----+-------------+
| 1 | hotspot | Framed-Protocol | := | PPP |
| 2 | hotspot | Service-Type | := | Framed-User |
+----+-----------+-----------------+----+-------------+
2 rows in set (0.00 sec)
@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
now when running /usr/sbin/freeradius -X and send auth request with radtest
i get
radtest obaid 36365 localhost 1812 clientradsec36365
Sending Access-Request of id 96 to 127.0.0.1 port 1812
User-Name = "obaid"
User-Password = "36365"
NAS-IP-Address = 192.168.1.100
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
length=20
freeradius -X:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
length=57
User-Name = "obaid"
User-Password = "36365"
NAS-IP-Address = 192.168.1.100
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "obaid", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [obaid/36365] (from client server port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} -> obaid
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 96 to 127.0.0.1 port 40386
Waking up in 4.9 seconds.
Cleaning up request 0 ID 96 with timestamp +17
Ready to process requests.
-=========================================================
have you noticed that debug output doesnt talk about sql queries ???, and
nothing about sql queries in log files.
i have used ntradping to send authentication request with CHAP ticked/not
ticked, and i get the same rad+recv:Access-Reject.
but with all same config (except commenting sql and uncomment file in
radius.conf) and radtesting it works fine.
it is probably radius cant query mysql, but i used mtop (mysql monitoring
tool) and it showes that radius queried mysql
or it might be wrong dummy data...
-----
i will appreciate it very much if some one will guide me through this.
thanks for reading.
Obaid Ghaznawi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/ea93dfa4/attachment.html>
------------------------------
Message: 2
Date: Fri, 16 Jan 2009 09:13:56 -0500
From: Leigh Martell <leigh.martell@gmail.com>
Subject: Re: Freeradius + MySQL problem
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID:
<ab1a43830901160613i7919e76fp1cca31846bd6295c@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Post the entire debug from start to finish and as well as some tests. The
first whack of debug tells you how freeradius is parsing your config.
Once you have that done we should be able to figure where the issue lie.
Take Care,
Leigh
On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi <onaogh@gmail.com> wrote:
> hi, first of all, i thank all people who are giving thier time to help.
>
> before i subscribe here and post my email, i am searching around in
> internet since a week
> and trying my best to solve it, i have learned many things,but there is one
> problem i cannot get it solved.
> i am trying to make hotspot for some building, i choosed:
> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
> server
> and CoovaAP on WRT54GL sending user credentials to backend server for
> authentication
> my configs (default settings not showed, lines i changed showed)
>
> freeradius radiusd.conf
> ================================================
> .
> . all default
> .
> log {
> .
> .
> #at the end of log{
> auth = yes
> auth_badpass = yes
> auth_goodpass = yes
> }
>
> modules {
> .
> .
> .
> $INCLUDE sql.conf #already there
> $INCLUDE sql/mysql/counter.conf #already there
> .
> .
> .
> }
>
> authorize{
> preprocess
> chap
> mschap
> suffix
> eap
> sql #if i comment out sql and use file, it works, i recive
> Packet-Accept, with SQL see the pap warning in debug text
> pap
> }
>
> accounting{
> detail
> sql
> }
>
> session{
> sql
> }
> ==================================================
> clients.conf
>
> client localhost {
> ipaddr = 127.0.0.1
> secret = clientradsec36365
> require_message_authenticator = no
> nastype = other
>
> }
> ==================================================
> sql.conf
> sql {
> database = "mysql"
> driver = "rlm_sql_${database}"
> server = "localhost"
> login = "radius"
> password = "frsqldblogin36365"
> radius_db = "radius"
> .
> .
> .
> sqltrace = yes
> sqltracefile = ${logdir}/sqltrace.sql
> .
> .
> }
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>
> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
> mysql "radius" database, radius@localhost user granted all on radius.*
>
> dummy data in tables:
>
> mysql> SELECT * FROM radcheck;
> +----+----------+--------------------+----+-------+
> | id | username | attribute | op | value |
> +----+----------+--------------------+----+-------+
> | 1 | obaid | Cleartext-Password | := | 36365 |
> +----+----------+--------------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radusergroup;
> +----------+-----------+----------+
> | username | groupname | priority |
> +----------+-----------+----------+
> | obaid | hotspot | 0 |
> +----------+-----------+----------+
> 1 row in set (0.01 sec)
>
> mysql> SELECT * FROM radgroupcheck;
> +----+-----------+-----------+----+-------+
> | id | groupname | attribute | op | value |
> +----+-----------+-----------+----+-------+
> | 2 | hotspot | Auth-Type | := | Local |
> +----+-----------+-----------+----+-------+
> 1 row in set (0.00 sec)
>
>
> mysql> SELECT * FROM radreply;
> +----+----------+---------------+----+-------+
> | id | username | attribute | op | value |
> +----+----------+---------------+----+-------+
> | 1 | obaid | Reply-Message | := | Hello |
> +----+----------+---------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radgroupreply;
> +----+-----------+-----------------+----+-------------+
> | id | groupname | attribute | op | value |
> +----+-----------+-----------------+----+-------------+
> | 1 | hotspot | Framed-Protocol | := | PPP |
> | 2 | hotspot | Service-Type | := | Framed-User |
> +----+-----------+-----------------+----+-------------+
> 2 rows in set (0.00 sec)
>
> @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
>
> now when running /usr/sbin/freeradius -X and send auth request with radtest
> i get
> radtest obaid 36365 localhost 1812 clientradsec36365
>
> Sending Access-Request of id 96 to 127.0.0.1 port 1812
> User-Name = "obaid"
> User-Password = "36365"
> NAS-IP-Address = 192.168.1.100
> NAS-Port = 1812
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
> length=20
>
> freeradius -X:
>
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
> length=57
> User-Name = "obaid"
> User-Password = "36365"
> NAS-IP-Address = 192.168.1.100
> NAS-Port = 1812
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "obaid", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user. Authentication
> may fail because of this.
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [obaid/36365] (from client server port 1812)
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> expand: %{User-Name} -> obaid
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 96 to 127.0.0.1 port 40386
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 96 with timestamp +17
> Ready to process requests.
>
> -=========================================================
> have you noticed that debug output doesnt talk about sql queries ???, and
> nothing about sql queries in log files.
>
> i have used ntradping to send authentication request with CHAP ticked/not
> ticked, and i get the same rad+recv:Access-Reject.
>
> but with all same config (except commenting sql and uncomment file in
> radius.conf) and radtesting it works fine.
>
> it is probably radius cant query mysql, but i used mtop (mysql monitoring
> tool) and it showes that radius queried mysql
>
> or it might be wrong dummy data...
> -----
>
> i will appreciate it very much if some one will guide me through this.
>
> thanks for reading.
>
> Obaid Ghaznawi
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/2c9cfa4e/attachment.html>
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 45, Issue 60
************************************************