W dniu 20.04.2014 23:27, Alan DeKok pisze:
Maja Wolniewicz wrote:
The cui module is enabled (I have the link in mods-enabled), sql module isn't cui module instantiates the sql module with name cuisql. When starting radiusd I can see: # Instantiating module "cuisql" from file /opt/FR3.0/etc/raddb/mods-enabled/cui sql cuisql { driver = "rlm_sql_mysql" server = "localhost" port = "" login = "" password = <<< secret >>> radius_db = "radius" ... }
while my mods-enabled/cui settings are different and the shown settings come from mods-available/sql I don't see that at all. Are you sure you're using the right files? The default file raddb/mods-available/cui has:
dialect = "sqlite" driver = "rlm_sql_${dialect}" sqlite { filename = ${radacctdir}/cui.sqlite bootstrap = ${modconfdir}/${..:name}/cui/sqlite/schema.sql } I want to use the mysql driver, so I have there: dialect = "mysql" driver = "rlm_sql_${dialect}" mysql{ server = "localhost" login = "cuiuser" password = "....." radius_db = "eduroam" } and this file is linked in mod-enabled directory. This configuration does not work for me - the cuisql module is configured with a default 'radius' database. I used this configuration in my tests of the CUI some time ago and then it worked (it was FR3.0 git version). Is such a configuration good now? Is the sub-module model still working? Another thing that worries me is that when I'm trying to authenticate the server returns Access-Reject, in spite of PEAP success: (10) eap_peap : Success (10) eap_peap : Using saved attributes from the original Access-Accept Stripped-User-Name = 'mgw' Chargeable-User-Identity := '0e4114dc9ad1ac345c09e54c5e0fa4a1d04eb9da' (10) eap_peap : Saving session 4b43ce6e71f5ad08815e7a467eaa5e382e615376601e74388686c0748838c91c vps 0x1131ea0 in the cache (10) eap : Freeing handler (10) [eap] = ok (10) } # authenticate = ok (10) # Executing section post-auth from file /opt/FR3.0/etc/raddb/sites-enabled/default (10) post-auth { (10) cui.post-auth cui.post-auth { (10) if (!control:Proxy-To-Realm && Chargeable-User-Identity && !reply:Chargeable-User-Identity && (Operator-Name || ('no' != 'yes')) ) (10) if (!control:Proxy-To-Realm && Chargeable-User-Identity && !reply:Chargeable-User-Identity && (Operator-Name || ('no' != 'yes')) ) -> FALSE (10) update reply { (10) EXPAND %{reply:User-Name} (10) --> (10) User-Name -= '""' (10) } # update reply = noop (10) if (reply:Chargeable-User-Identity) (10) if (reply:Chargeable-User-Identity) -> TRUE (10) if (reply:Chargeable-User-Identity) { (10) cuisql : EXPAND .query (10) cuisql : --> .query (10) cuisql : Using query template 'query' rlm_sql (cuisql): Opening additional connection (0) rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Couldn't connect socket to MySQL server @localhost:radius rlm_sql_mysql: Mysql error 'Access denied for user 'root'@'localhost' (using password: NO)' rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (cuisql): Opening connection failed (0) (10) [cuisql] = fail (10) } # if (reply:Chargeable-User-Identity) = fail (10) } # cui.post-auth cui.post-auth = fail (10) } # post-auth = fail (10) Using Post-Auth-Type Reject (10) # Executing group from file /opt/FR3.0/etc/raddb/sites-enabled/default (10) Post-Auth-Type REJECT { .. } Sending Access-Reject of id 10 from 158.75.1.116 port 1812 to 158.75.1.40 port 41997 When the cuisql module is commented out authentication goes smoothly. Maja
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Maja Gorecka-Wolniewicz mgw@umk.pl Uczelniane Centrum Information & Communication Informatyczne Technology Centre Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574