Hi there list,

 

I’ve been trying to get my client list from a MySql table. For this I’ve edited radius.conf to include sql.conf and edited sql.conf to reflect my database configuration and set readclients = yes.

There is a table “nas” which has several records for the NAPs I have.

 

When I restart radiusd I see no traffic on the mysql server coming from the freeradius server. And client are not loaded. Just the ones in clients.conf are loaded. I’ve excluded clients.conf from the configuration, which results in no clients at all.

 

I would verry much like to have my clients in a database, which would simplify management a lot. But am at a loss what to do.

 

I’m using:

FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct  3 2012 at 01:22:51

 

On a CentOS release 6.3 (Final)

 

Packages installed:

[root@hades raddb]# yum list installed|grep radius

freeradius.x86_64                   2.1.12-4.el6_3                     @updates

freeradius-mysql.x86_64             2.1.12-4.el6_3                     @updates

freeradius-perl.x86_64              2.1.12-4.el6_3                     @updates

freeradius-utils.x86_64             2.1.12-4.el6_3                     @updates

 

The radiusd –X output included has clients.conf included

 

 

Met vriendelijke groet,

 

Peter Kaagman / Atlas College / Systeembeheer

 

FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct  3 2012 at 01:22:51

Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License v2.

Starting - reading configuration files ...

including configuration file /etc/raddb/radiusd.conf

including configuration file /etc/raddb/proxy.conf

including configuration file /etc/raddb/clients.conf

including files in directory /etc/raddb/modules-enabled/

including configuration file /etc/raddb/modules-enabled/attr_filter

including configuration file /etc/raddb/modules-enabled/perl

including configuration file /etc/raddb/modules-enabled/files

including configuration file /etc/raddb/modules-enabled/chap

including configuration file /etc/raddb/modules-enabled/pap

including configuration file /etc/raddb/modules-enabled/digest

including configuration file /etc/raddb/modules-enabled/preprocess

including configuration file /etc/raddb/modules-enabled/detail

including configuration file /etc/raddb/modules-enabled/unix

including configuration file /etc/raddb/modules-enabled/exec

including configuration file /etc/raddb/modules-enabled/expiration

including configuration file /etc/raddb/modules-enabled/radutmp

including configuration file /etc/raddb/modules-enabled/acct_unique

including configuration file /etc/raddb/modules-enabled/expr

including configuration file /etc/raddb/modules-enabled/mschap

including configuration file /etc/raddb/modules-enabled/logintime

including configuration file /etc/raddb/eap.conf

including configuration file /etc/raddb/sql.conf

including configuration file /etc/raddb/sql/mysql/dialup.conf

including configuration file /etc/raddb/policy.conf

including files in directory /etc/raddb/sites-enabled/

including configuration file /etc/raddb/sites-enabled/inner-tunnel

including configuration file /etc/raddb/sites-enabled/control-socket

including configuration file /etc/raddb/sites-enabled/default

main {

                user = "radiusd"

                group = "radiusd"

                allow_core_dumps = no

}

including dictionary file /etc/raddb/dictionary

main {

                name = "radiusd"

                prefix = "/usr"

                localstatedir = "/var"

                sbindir = "/usr/sbin"

                logdir = "/var/log/radius"

                run_dir = "/var/run/radiusd"

                libdir = "/usr/lib64/freeradius"

                radacctdir = "/var/log/radius/radacct"

                hostname_lookups = no

                max_request_time = 30

                cleanup_delay = 5

                max_requests = 1024

                pidfile = "/var/run/radiusd/radiusd.pid"

                checkrad = "/usr/sbin/checkrad"

                debug_level = 0

                proxy_requests = yes

log {

                stripped_names = no

                auth = no

                auth_badpass = no

                auth_goodpass = no

}

security {

                max_attributes = 200

                reject_delay = 1

                status_server = yes

}

}

radiusd: #### Loading Realms and Home Servers ####

proxy server {

                retry_delay = 5

                retry_count = 3

                default_fallback = no

                dead_time = 120

                wake_all_if_all_dead = no

}

home_server localhost {

                ipaddr = 127.0.0.1

                port = 1812

                type = "auth"

                secret = "testing123"

                response_window = 20

                max_outstanding = 65536

                require_message_authenticator = yes

                zombie_period = 40

                status_check = "status-server"

                ping_interval = 30

                check_interval = 30

                num_answers_to_alive = 3

                num_pings_to_alive = 3

                revive_interval = 120

                status_check_timeout = 4

  coa {

                irt = 2

                mrt = 16

                mrc = 5

                mrd = 30

  }

}

home_server_pool my_auth_failover {

                type = fail-over

                home_server = localhost

}

realm example.com {

                auth_pool = my_auth_failover

}

realm LOCAL {

}

radiusd: #### Loading Clients ####

client localhost {

                ipaddr = 127.0.0.1

                require_message_authenticator = no

                secret = "testing123"

                nastype = "other"

}

client ap {

                ipaddr = 10.0.9.151

                require_message_authenticator = no

                secret = "secret"

                nastype = "cisco"

}

client ap {

                ipaddr = 10.0.9.152

                require_message_authenticator = no

                secret = "secret"

                nastype = "cisco"

}

client ap {

                ipaddr = 10.0.9.153

                require_message_authenticator = no

                secret = "secret"

                nastype = "cisco"

}

client ap {

                ipaddr = 10.0.9.154

                require_message_authenticator = no

                secret = "secret"

                nastype = "cisco"

}

client ap {

                ipaddr = 10.0.9.155

                require_message_authenticator = no

                secret = "secret"

                nastype = "cisco"

}

client switch {

                ipaddr = 10.0.9.47

                require_message_authenticator = no

                secret = "testing123"

                nastype = "other"

}

client switch {

                ipaddr = 10.0.9.12

                require_message_authenticator = no

                secret = "secret"

                nastype = "other"

}

radiusd: #### Instantiating modules ####

instantiate {

Module: Linked to module rlm_exec

Module: Instantiating module "exec" from file /etc/raddb/modules-enabled/exec

  exec {

                wait = no

                input_pairs = "request"

                shell_escape = yes

  }

Module: Linked to module rlm_expr

Module: Instantiating module "expr" from file /etc/raddb/modules-enabled/expr

Module: Linked to module rlm_expiration

Module: Instantiating module "expiration" from file /etc/raddb/modules-enabled/expiration

  expiration {

                reply-message = "Password Has Expired  "

  }

Module: Linked to module rlm_logintime

Module: Instantiating module "logintime" from file /etc/raddb/modules-enabled/logintime

  logintime {

                reply-message = "You are calling outside your allowed timespan  "

                minimum-timeout = 60

  }

}

radiusd: #### Loading Virtual Servers ####

server { # from file /etc/raddb/radiusd.conf

modules {

  Module: Creating Auth-Type = digest

  Module: Creating Auth-Type = Perl

  Module: Creating Post-Auth-Type = REJECT

Module: Checking authenticate {...} for more modules to load

Module: Linked to module rlm_pap

Module: Instantiating module "pap" from file /etc/raddb/modules-enabled/pap

  pap {

                encryption_scheme = "auto"

                auto_header = no

  }

Module: Linked to module rlm_chap

Module: Instantiating module "chap" from file /etc/raddb/modules-enabled/chap

Module: Linked to module rlm_mschap

Module: Instantiating module "mschap" from file /etc/raddb/modules-enabled/mschap

  mschap {

                use_mppe = yes

                require_encryption = no

                require_strong = no

                with_ntdomain_hack = no

                ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=ATLAS --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

                allow_retry = yes

  }

Module: Linked to module rlm_digest

Module: Instantiating module "digest" from file /etc/raddb/modules-enabled/digest

Module: Linked to module rlm_unix

Module: Instantiating module "unix" from file /etc/raddb/modules-enabled/unix

  unix {

                radwtmp = "/var/log/radius/radwtmp"

  }

Module: Linked to module rlm_eap

Module: Instantiating module "eap" from file /etc/raddb/eap.conf

  eap {

                default_eap_type = "md5"

                timer_expire = 60

                ignore_unknown_eap_types = no

                cisco_accounting_username_bug = no

                max_sessions = 4096

  }

Module: Linked to sub-module rlm_eap_md5

Module: Instantiating eap-md5

Module: Linked to sub-module rlm_eap_leap

Module: Instantiating eap-leap

Module: Linked to sub-module rlm_eap_gtc

Module: Instantiating eap-gtc

   gtc {

                challenge = "Password: "

                auth_type = "PAP"

   }

Module: Linked to sub-module rlm_eap_tls

Module: Instantiating eap-tls

   tls {

                rsa_key_exchange = no

                dh_key_exchange = yes

                rsa_key_length = 512

                dh_key_length = 512

                verify_depth = 0

                CA_path = "/etc/raddb/certs"

                pem_file_type = yes

                private_key_file = "/etc/raddb/certs/server.pem"

                certificate_file = "/etc/raddb/certs/server.pem"

                CA_file = "/etc/raddb/certs/ca.pem"

                private_key_password = "whatever"

                dh_file = "/etc/raddb/certs/dh"

                random_file = "/etc/raddb/certs/random"

                fragment_size = 1024

                include_length = yes

                check_crl = no

                cipher_list = "DEFAULT"

    cache {

                enable = no

                lifetime = 24

                max_entries = 255

    }

    verify {

    }

    ocsp {

                enable = no

                override_cert_url = yes

                url = "http://127.0.0.1/ocsp/"

    }

   }

Module: Linked to sub-module rlm_eap_ttls

Module: Instantiating eap-ttls

   ttls {

                default_eap_type = "md5"

                copy_request_to_tunnel = no

                use_tunneled_reply = no

                virtual_server = "inner-tunnel"

                include_length = yes

   }

Module: Linked to sub-module rlm_eap_peap

Module: Instantiating eap-peap

   peap {

                default_eap_type = "mschapv2"

                copy_request_to_tunnel = no

                use_tunneled_reply = no

                proxy_tunneled_request_as_eap = yes

                virtual_server = "inner-tunnel"

                soh = no

   }

Module: Linked to sub-module rlm_eap_mschapv2

Module: Instantiating eap-mschapv2

   mschapv2 {

                with_ntdomain_hack = no

                send_error = no

   }

Module: Linked to module rlm_perl

Module: Instantiating module "perl" from file /etc/raddb/modules-enabled/perl

  perl {

                module = "/home/pkn/perl/radius/radius.pl"

                func_authorize = "authorize"

                func_authenticate = "authenticate"

                func_accounting = "accounting"

                func_preacct = "preacct"

                func_checksimul = "checksimul"

                func_detach = "detach"

                func_xlat = "xlat"

                func_pre_proxy = "pre_proxy"

                func_post_proxy = "post_proxy"

                func_post_auth = "post_auth"

                func_recv_coa = "recv_coa"

                func_send_coa = "send_coa"

  }

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_preprocess

Module: Instantiating module "preprocess" from file /etc/raddb/modules-enabled/preprocess

  preprocess {

                huntgroups = "/etc/raddb/huntgroups"

                hints = "/etc/raddb/hints"

                with_ascend_hack = no

                ascend_channels_per_line = 23

                with_ntdomain_hack = no

                with_specialix_jetstream_hack = no

                with_cisco_vsa_hack = no

                with_alvarion_vsa_hack = no

  }

Module: Linked to module rlm_files

Module: Instantiating module "files" from file /etc/raddb/modules-enabled/files

  files {

                usersfile = "/etc/raddb/users"

                acctusersfile = "/etc/raddb/acct_users"

                preproxy_usersfile = "/etc/raddb/preproxy_users"

                compat = "no"

  }

Module: Checking preacct {...} for more modules to load

Module: Linked to module rlm_acct_unique

Module: Instantiating module "acct_unique" from file /etc/raddb/modules-enabled/acct_unique

  acct_unique {

                key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"

  }

Module: Checking accounting {...} for more modules to load

Module: Linked to module rlm_detail

Module: Instantiating module "detail" from file /etc/raddb/modules-enabled/detail

  detail {

                detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"

                header = "%t"

                detailperm = 384

                dirperm = 493

                locking = no

                log_packet_header = no

  }

Module: Linked to module rlm_radutmp

Module: Instantiating module "radutmp" from file /etc/raddb/modules-enabled/radutmp

  radutmp {

                filename = "/var/log/radius/radutmp"

                username = "%{User-Name}"

                case_sensitive = yes

                check_with_nas = yes

                perm = 384

                callerid = yes

  }

Module: Linked to module rlm_attr_filter

Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules-enabled/attr_filter

  attr_filter attr_filter.accounting_response {

                attrsfile = "/etc/raddb/attrs.accounting_response"

                key = "%{User-Name}"

                relaxed = no

  }

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules-enabled/attr_filter

  attr_filter attr_filter.access_reject {

                attrsfile = "/etc/raddb/attrs.access_reject"

                key = "%{User-Name}"

                relaxed = no

  }

} # modules

} # server

server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel

modules {

Module: Checking authenticate {...} for more modules to load

Module: Checking authorize {...} for more modules to load

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

} # modules

} # server

radiusd: #### Opening IP addresses and Ports ####

listen {

                type = "auth"

                ipaddr = *

                port = 0

}

listen {

                type = "acct"

                ipaddr = *

                port = 0

}

listen {

                type = "control"

listen {

                socket = "/var/run/radiusd/radiusd.sock"

}

}

listen {

                type = "auth"

                ipaddr = 127.0.0.1

                port = 18120

}

... adding new socket proxy address * port 47230

Listening on authentication address * port 1812

Listening on accounting address * port 1813

Listening on command file /var/run/radiusd/radiusd.sock

Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel

Listening on proxy address * port 1814

Ready to process requests.