User authentication using Mysql table - radacct
I have the radacct table populated with a few users. But the radius is not checking this table for user info. The only users being allowed/authenticated are those that are in the users.conf file.How do I make the radius look for the user info in the mysql database. Thanks. _________________________________________________________________ Type your favorite song. Get a customized station. Try MSN Radio powered by Pandora. http://radio.msn.com/?icid=T002MSN03A07001
I have the radacct table populated with a few users. But the radius is not checking this table for user info. The only users being allowed/authenticated are those that are in the users.conf file.How do I make the radius look for the user info in the mysql database. The freeradius version is 1.0.5. I have uncommented the sql in authorize, accounting and post-auth sections. Thanks. Naeem _________________________________________________________________ _________________________________________________________________ Get free, personalized online radio with MSN Radio powered by Pandora http://radio.msn.com/?icid=T002MSN03A07001
Run the radius in debug mode Radius -X and see if creates sql coonections, if not the the sql include line is still commented out. Refer back to the link i previously included and again make sure the sql.conf and radius.conf are edited correctly. $INCLUDE ${confdir}/sql.conf needs to be uncommented -----Original Message----- From: freeradius-users-bounces+cory=cmi.net.au@lists.freeradius.org [mailto:freeradius-users-bounces+cory=cmi.net.au@lists.freeradius.org] On Behalf Of N S Sent: Wednesday, 20 December 2006 1:29 AM To: freeradius-users@lists.freeradius.org Subject: RE: User authentication using Mysql table - radacct I have the radacct table populated with a few users. But the radius is not checking this table for user info. The only users being allowed/authenticated are those that are in the users.conf file.How do I make the radius look for the user info in the mysql database. The freeradius version is 1.0.5. I have uncommented the sql in authorize, accounting and post-auth sections. Thanks. Naeem _________________________________________________________________ _________________________________________________________________ Get free, personalized online radio with MSN Radio powered by Pandora http://radio.msn.com/?icid=T002MSN03A07001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ NOD32 1928 (20061219) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
Hi All, Here is the radiusd -X log. The user authentication from the radius.radcheck table is working in the debug mode but it is not authenticating from the radius.radcheck table in the regular run mode. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "root" sql: password = "bzpwdl" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id" sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id" sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')" sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')" sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'" sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" sql: postauth_table = "radpostauth" sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to root@localhost:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Accounting-Request packet from host 127.0.0.1:32773, id=9, length=178 Acct-Status-Type = Stop User-Name = "betty" Calling-Station-Id = "00-14-A4-38-60-D3" Called-Station-Id = "00-10-18-0C-35-50" NAS-Port-Type = Wireless-802.11 NAS-Port = 2 NAS-Port-Id = "00000002" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.6 Acct-Session-Id = "45883e4800000002" Acct-Input-Octets = 79624 Acct-Output-Octets = 408508 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 597 Acct-Output-Packets = 534 Acct-Session-Time = 3437 Acct-Terminate-Cause = User-Request Processing the preacct section of radiusd.conf modcall: entering group preacct for request 0 modcall[preacct]: module "preprocess" returns noop for request 0 rlm_acct_unique: Hashing 'NAS-Port = 2,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "45883e4800000002",User-Name = "betty"' rlm_acct_unique: Acct-Unique-Session-ID = "7275a42739a8984c". modcall[preacct]: module "acct_unique" returns ok for request 0 rlm_realm: No '@' in User-Name = "betty", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 0 modcall[preacct]: module "files" returns noop for request 0 modcall: group preacct returns ok for request 0 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 0 radius_xlat: '/var/log/radius/radacct/127.0.0.1/detail-20061219' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/detail-20061219 modcall[accounting]: module "detail" returns ok for request 0 modcall[accounting]: module "unix" returns ok for request 0 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'betty' modcall[accounting]: module "radutmp" returns ok for request 0 radius_xlat: 'betty' rlm_sql (sql): sql_set_user escaped user --> 'betty' radius_xlat: 'UPDATE radacct SET AcctStopTime = '2006-12-19 15:30:01', AcctSessionTime = '3437', AcctInputOctets = '79624', AcctOutputOctets = '408508', AcctTerminateCause = 'User-Request', AcctStopDelay = '', ConnectInfo_stop = '' WHERE AcctSessionId = '45883e4800000002' AND UserName = 'betty' AND NASIPAddress = '0.0.0.0'' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 modcall[accounting]: module "sql" returns ok for request 0 modcall: group accounting returns ok for request 0 Sending Accounting-Response of id 9 to 127.0.0.1:32773 Finished request 0 Going to the next request --- Walking the entire request list --- Cleaning up request 0 ID 9 with timestamp 45884bc9 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 127.0.0.1:32796, id=0, length=215 User-Name = "naeem" CHAP-Challenge = 0x78d19cf06eec5590eb285db491f0dd6e CHAP-Password = 0x0090ab65cd9d52cdb6d699e10d7cf9b116 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.6 Calling-Station-Id = "00-14-A4-38-60-D3" Called-Station-Id = "00-10-18-0C-35-50" NAS-Identifier = "nas01" Acct-Session-Id = "45884bc900000002" NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Message-Authenticator = 0xee0c9933e102f3b2365e323e447124e4 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20061219' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20061219 modcall[authorize]: module "auth_log" returns ok for request 1 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "naeem", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 users: Matched entry DEFAULT at line 156 modcall[authorize]: module "files" returns ok for request 1 radius_xlat: 'naeem' rlm_sql (sql): sql_set_user escaped user --> 'naeem' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'naeem' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'naeem' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'naeem' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'naeem' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 1 rlm_chap: login attempt by "naeem" with CHAP password rlm_chap: Using clear text password naeem123 for user naeem authentication. rlm_chap: chap user naeem authenticated succesfully modcall[authenticate]: module "chap" returns ok for request 1 modcall: group Auth-Type returns ok for request 1 Login OK: [naeem/<CHAP-Password>] (from client localhost port 2 cli 00-14-A4-38-60-D3) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 1 rlm_sql (sql): Processing sql_postauth radius_xlat: 'naeem' rlm_sql (sql): sql_set_user escaped user --> 'naeem' radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'naeem', 'Chap-Password', 'Access-Accept', NOW())' rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'naeem', 'Chap-Password', 'Access-Accept', NOW()) rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 modcall[post-auth]: module "sql" returns ok for request 1 modcall: group post-auth returns ok for request 1 Sending Access-Accept of id 0 to 127.0.0.1:32796 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:32773, id=10, length=130 Acct-Status-Type = Start User-Name = "naeem" Calling-Station-Id = "00-14-A4-38-60-D3" Called-Station-Id = "00-10-18-0C-35-50" NAS-Port-Type = Wireless-802.11 NAS-Port = 2 NAS-Port-Id = "00000002" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.6 Acct-Session-Id = "45884bc900000002" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 2 modcall[preacct]: module "preprocess" returns noop for request 2 rlm_acct_unique: Hashing 'NAS-Port = 2,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "45884bc900000002",User-Name = "naeem"' rlm_acct_unique: Acct-Unique-Session-ID = "8ea85a78544d0edd". modcall[preacct]: module "acct_unique" returns ok for request 2 rlm_realm: No '@' in User-Name = "naeem", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 2 modcall[preacct]: module "files" returns noop for request 2 modcall: group preacct returns ok for request 2 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 2 radius_xlat: '/var/log/radius/radacct/127.0.0.1/detail-20061219' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/detail-20061219 modcall[accounting]: module "detail" returns ok for request 2 modcall[accounting]: module "unix" returns ok for request 2 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'naeem' modcall[accounting]: module "radutmp" returns ok for request 2 radius_xlat: 'naeem' rlm_sql (sql): sql_set_user escaped user --> 'naeem' radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('45884bc900000002', '8ea85a78544d0edd', 'naeem', '', '0.0.0.0', '2', 'Wireless-802.11', '2006-12-19 15:30:15', '0', '0', '', '', '', '0', '0', '00-10-18-0C-35-50', '00-14-A4-38-60-D3', '', '', '', '192.168.182.6', '', '0')' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 modcall[accounting]: module "sql" returns ok for request 2 modcall: group accounting returns ok for request 2 Sending Accounting-Response of id 10 to 127.0.0.1:32773 Finished request 2 Going to the next request Cleaning up request 2 ID 10 with timestamp 45884bd7 Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 0 with timestamp 45884bd7 Nothing to do. Sleeping until we see a request. ----Original Message Follows---- From: "Cory Robson" <cory@cmi.net.au> Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> To: "'FreeRadius users mailing list'" <freeradius-users@lists.freeradius.org> Subject: RE: User authentication using Mysql table - radacct Date: Wed, 20 Dec 2006 02:01:55 +0900 Run the radius in debug mode Radius -X and see if creates sql coonections, if not the the sql include line is still commented out. Refer back to the link i previously included and again make sure the sql.conf and radius.conf are edited correctly. $INCLUDE ${confdir}/sql.conf needs to be uncommented -----Original Message----- From: freeradius-users-bounces+cory=cmi.net.au@lists.freeradius.org [mailto:freeradius-users-bounces+cory=cmi.net.au@lists.freeradius.org] On Behalf Of N S Sent: Wednesday, 20 December 2006 1:29 AM To: freeradius-users@lists.freeradius.org Subject: RE: User authentication using Mysql table - radacct I have the radacct table populated with a few users. But the radius is not checking this table for user info. The only users being allowed/authenticated are those that are in the users.conf file.How do I make the radius look for the user info in the mysql database. The freeradius version is 1.0.5. I have uncommented the sql in authorize, accounting and post-auth sections. Thanks. Naeem _________________________________________________________________ _________________________________________________________________ Get free, personalized online radio with MSN Radio powered by Pandora http://radio.msn.com/?icid=T002MSN03A07001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ NOD32 1928 (20061219) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _________________________________________________________________ Visit MSN Holiday Challenge for your chance to win up to $50,000 in Holiday cash from MSN today! http://www.msnholidaychallenge.com/index.aspx?ocid=tagline&locale=en-us
Hi All, The authentication works in the debug mode but it does not work in the regular mode. Here is the debug output. Thanks Naeem Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: user = "radiusd" main: group = "radiusd" main: checkrad = "/usr/sbin/checkrad" proxy: default_fallback = yes Module: Library search path is /usr/lib Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "root" sql: password = "bzpwdl" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id" sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id" sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')" sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')" sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'" sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" sql: postauth_table = "radpostauth" sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to root@localhost:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Initializing the thread pool... thread: start_servers = 5 thread: max_servers = 32 thread: min_spare_servers = 3 thread: max_spare_servers = 10 thread: max_requests_per_server = 0 thread: cleanup_delay = 5 Thread spawned new child 1. Total threads in pool: 1 Thread spawned new child 2. Total threads in pool: 2 Thread spawned new child 3. Total threads in pool: 3 Thread spawned new child 4. Total threads in pool: 4 Thread spawned new child 5. Total threads in pool: 5 Thread pool initialized Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. Thread 1 waiting to be assigned a request Thread 2 waiting to be assigned a request Thread 3 waiting to be assigned a request Thread 4 waiting to be assigned a request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 127.0.0.1:32868, id=0, length=213 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = "tim" CHAP-Challenge = 0x93d9d53c8258845c4f175cde68ada2ca CHAP-Password = 0x004e7172ff7fa6634c135ecc8a33e250d3 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.4 Calling-Station-Id = "00-30-18-A1-F5-D7" Called-Station-Id = "00-10-18-0C-35-50" NAS-Identifier = "nas01" Acct-Session-Id = "45897ef200000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x1ddfe353172d7021b9b5bcb014438e7d WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20061220' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20061220 modcall[authorize]: module "auth_log" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "tim", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry tim at line 81 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'tim' rlm_sql (sql): sql_set_user escaped user --> 'tim' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'tim' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User tim not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'tim' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'tim' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User tim not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied CHAP-Password matches local User-Password Login OK: [tim/<CHAP-Password>] (from client localhost port 0 cli 00-30-18-A1-F5-D7) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_sql (sql): Processing sql_postauth radius_xlat: 'tim' rlm_sql (sql): sql_set_user escaped user --> 'tim' radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'tim', 'Chap-Password', 'Access-Accept', NOW())' rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'tim', 'Chap-Password', 'Access-Accept', NOW()) rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 modcall[post-auth]: module "sql" returns ok for request 0 modcall: group post-auth returns ok for request 0 Sending Access-Accept of id 0 to 127.0.0.1:32868 rad_recv: Accounting-Request packet from host 127.0.0.1:32866, id=0, length=128 Waking up in 31 seconds... Threads: total/active/spare threads = 5/1/4 Thread 2 got semaphore Thread 2 handling request 1, (1 handled so far) Acct-Status-Type = Start User-Name = "tim" Calling-Station-Id = "00-30-18-A1-F5-D7" Called-Station-Id = "00-10-18-0C-35-50" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "00000000" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.4 Acct-Session-Id = "45897ef200000000" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module "preprocess" returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "45897ef200000000",User-Name = "tim"' rlm_acct_unique: Acct-Unique-Session-ID = "9708e04977a6078d". modcall[preacct]: module "acct_unique" returns ok for request 1 rlm_realm: No '@' in User-Name = "tim", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 1 modcall[preacct]: module "files" returns noop for request 1 modcall: group preacct returns ok for request 1 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 1 radius_xlat: '/var/log/radius/radacct/127.0.0.1/detail-20061220' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/detail-20061220 modcall[accounting]: module "detail" returns ok for request 1 modcall[accounting]: module "unix" returns ok for request 1 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'tim' modcall[accounting]: module "radutmp" returns ok for request 1 radius_xlat: 'tim' rlm_sql (sql): sql_set_user escaped user --> 'tim' radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('45897ef200000000', '9708e04977a6078d', 'tim', '', '0.0.0.0', '0', 'Wireless-802.11', '2006-12-20 13:27:45', '0', '0', '', '', '', '0', '0', '00-10-18-0C-35-50', '00-30-18-A1-F5-D7', '', '', '', '192.168.182.4', '', '0')' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 modcall[accounting]: module "sql" returns ok for request 1 modcall: group accounting returns ok for request 1 Sending Accounting-Response of id 0 to 127.0.0.1:32866 Finished request 1 Going to the next request Thread 2 waiting to be assigned a request Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Accounting-Request packet from host 127.0.0.1:32866, id=1, length=176 --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 458980a1 Cleaning up request 1 ID 0 with timestamp 458980a1 Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 3 got semaphore Thread 3 handling request 2, (1 handled so far) Acct-Status-Type = Stop User-Name = "tim" Calling-Station-Id = "00-30-18-A1-F5-D7" Called-Station-Id = "00-10-18-0C-35-50" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "00000000" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.4 Acct-Session-Id = "45897ef200000000" Acct-Input-Octets = 31569 Acct-Output-Octets = 15912 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 614 Acct-Output-Packets = 67 Acct-Session-Time = 8 Acct-Terminate-Cause = User-Request Processing the preacct section of radiusd.conf modcall: entering group preacct for request 2 modcall[preacct]: module "preprocess" returns noop for request 2 rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "45897ef200000000",User-Name = "tim"' rlm_acct_unique: Acct-Unique-Session-ID = "9708e04977a6078d". modcall[preacct]: module "acct_unique" returns ok for request 2 rlm_realm: No '@' in User-Name = "tim", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 2 modcall[preacct]: module "files" returns noop for request 2 modcall: group preacct returns ok for request 2 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 2 radius_xlat: '/var/log/radius/radacct/127.0.0.1/detail-20061220' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/detail-20061220 modcall[accounting]: module "detail" returns ok for request 2 modcall[accounting]: module "unix" returns ok for request 2 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'tim' modcall[accounting]: module "radutmp" returns ok for request 2 radius_xlat: 'tim' rlm_sql (sql): sql_set_user escaped user --> 'tim' radius_xlat: 'UPDATE radacct SET AcctStopTime = '2006-12-20 13:27:53', AcctSessionTime = '8', AcctInputOctets = '31569', AcctOutputOctets = '15912', AcctTerminateCause = 'User-Request', AcctStopDelay = '', ConnectInfo_stop = '' WHERE AcctSessionId = '45897ef200000000' AND UserName = 'tim' AND NASIPAddress = '0.0.0.0'' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 modcall[accounting]: module "sql" returns ok for request 2 modcall: group accounting returns ok for request 2 Sending Accounting-Response of id 1 to 127.0.0.1:32866 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Cleaning up request 2 ID 1 with timestamp 458980a9 Nothing to do. Sleeping until we see a request. ----Original Message Follows---- From: "Cory Robson" <cory@cmi.net.au> Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> To: "'FreeRadius users mailing list'" <freeradius-users@lists.freeradius.org> Subject: RE: User authentication using Mysql table - radacct Date: Wed, 20 Dec 2006 02:01:55 +0900 Run the radius in debug mode Radius -X and see if creates sql coonections, if not the the sql include line is still commented out. Refer back to the link i previously included and again make sure the sql.conf and radius.conf are edited correctly. $INCLUDE ${confdir}/sql.conf needs to be uncommented -----Original Message----- From: freeradius-users-bounces+cory=cmi.net.au@lists.freeradius.org [mailto:freeradius-users-bounces+cory=cmi.net.au@lists.freeradius.org] On Behalf Of N S Sent: Wednesday, 20 December 2006 1:29 AM To: freeradius-users@lists.freeradius.org Subject: RE: User authentication using Mysql table - radacct I have the radacct table populated with a few users. But the radius is not checking this table for user info. The only users being allowed/authenticated are those that are in the users.conf file.How do I make the radius look for the user info in the mysql database. The freeradius version is 1.0.5. I have uncommented the sql in authorize, accounting and post-auth sections. Thanks. Naeem _________________________________________________________________ _________________________________________________________________ Get free, personalized online radio with MSN Radio powered by Pandora http://radio.msn.com/?icid=T002MSN03A07001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ NOD32 1928 (20061219) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _________________________________________________________________ Get FREE Web site and company branded e-mail from Microsoft Office Live http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
N S wrote:
Hi All, The authentication works in the debug mode but it does not work in the regular mode.
That doesn't sound right. Are you sending the exact same auth requests to the server when in regular and debug modes? From the same source? How are you starting the daemon when running it in regular mode? Give us the commandline you are using to start it in both modes. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com
N S wrote:
Hi All, The authentication works in the debug mode but it does not work in the regular mode. ... main: user = "radiusd" main: group = "radiusd"
Does that user have permissions to read/write the files the server needs? Try using "su" to become user "radiusd", and THEN run the server in debugging mode. It will tell you what's going wrong. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Hi All, I was running radius both the daemon and the debug mode as the root user. And this is the log from radius.log Thu Dec 21 20:06:00 2006 : Error: rlm_sql (sql): Failed to connect DB handle #0 Thu Dec 21 20:06:00 2006 : Info: Ready to process requests. Thu Dec 21 20:06:16 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 10, tried to connect 0 Thu Dec 21 20:06:23 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 10, tried to connect 0 Thu Dec 21 20:09:00 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Thu Dec 21 20:09:00 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Thu Dec 21 20:09:00 2006 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Thu Dec 21 20:09:00 2006 : Info: rlm_sql (sql): Attempting to connect to root@localhost:/radius Thu Dec 21 20:09:00 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Thu Dec 21 20:09:00 2006 : Error: rlm_sql_mysql: Couldn't connect socket to MySQL server root@localhost:radius Thu Dec 21 20:09:00 2006 : Error: rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)' Thu Dec 21 20:09:00 2006 : Error: rlm_sql (sql): Failed to connect DB handle #0 Thu Dec 21 20:09:00 2006 : Info: Ready to process requests. Thu Dec 21 20:09:16 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 50, tried to connect 0 Thu Dec 21 20:09:23 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 50, tried to connect 0 N S wrote:
Hi All, The authentication works in the debug mode but it does not work in the regular mode. .... main: user = "radiusd" main: group = "radiusd"
Does that user have permissions to read/write the files the server needs? Try using "su" to become user "radiusd", and THEN run the server in debugging mode. It will tell you what's going wrong. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _________________________________________________________________ Get live scores and news about your team: Add the Live.com Football Page www.live.com/?addtemplate=football&icid=T001MSN30A0701
N S wrote:
Hi All, I was running radius both the daemon and the debug mode as the root user. And this is the log from radius.log
Is it while running the server as user "radiusd"? ...
Thu Dec 21 20:09:00 2006 : Error: rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'
Does user "radius" have permissions to read/write that file? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Configure the sql.conf file with the appropriate information for your sql backend, make sure you have the sql include statement uncommented and set your auth section to use sql. Refer to the sql help section at http://www.frontios.com/freeradius.html for a more detailed blurb. -----Original Message----- From: freeradius-users-bounces+cory=cmi.net.au@lists.freeradius.org [mailto:freeradius-users-bounces+cory=cmi.net.au@lists.freeradius.org] On Behalf Of N S Sent: Wednesday, 20 December 2006 1:14 AM To: freeradius-users@lists.freeradius.org Subject: User authentication using Mysql table - radacct I have the radacct table populated with a few users. But the radius is not checking this table for user info. The only users being allowed/authenticated are those that are in the users.conf file.How do I make the radius look for the user info in the mysql database. Thanks. _________________________________________________________________ Type your favorite song. Get a customized station. Try MSN Radio powered by Pandora. http://radio.msn.com/?icid=T002MSN03A07001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ NOD32 1928 (20061219) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
N S wrote:
I have the radacct table populated with a few users. But the radius is not checking this table for user info. The only users being allowed/authenticated are those that are in the users.conf file.How do I make the radius look for the user info in the mysql database.
For starters, radacct is for accounting data, not auth credentials. You want the radcheck table. You need to configure the sql module (probably in sql.conf) and then call that in the authorize section. 1.0.5 is old. Since this is a new setup, you should be using 1.1.4. Send debug output so we can see what is happening when you try to auth. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com
Hi. Check your radiusd.conf to include sql.conf You can check my How To at http://turing.udp.cl/~dromero/freeradius May the source be with you. ----- Original Message ----- From: "N S" <naeem59@hotmail.com> To: <freeradius-users@lists.freeradius.org> Sent: Tuesday, December 19, 2006 1:13 PM Subject: User authentication using Mysql table - radacct
I have the radacct table populated with a few users. But the radius is not checking this table for user info. The only users being allowed/authenticated are those that are in the users.conf file.How do I make the radius look for the user info in the mysql database. Thanks.
_________________________________________________________________ Type your favorite song. Get a customized station. Try MSN Radio powered by Pandora. http://radio.msn.com/?icid=T002MSN03A07001
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (5)
-
Alan DeKok -
Cory Robson -
Dennis Skinner -
N S -
romero.cl@gmail.com