Hi everyone I'm using Oracle Enterprise Linux (Red Hat EL clone) and the packaged version of FreeRADIUS (1.1.3) to ultimately authenticate some Linux machines centrally. I've been following the HOWTO at http://wiki.freeradius.org/SQL_HOWTO but some of it does appear to be out of date. I've managed to successfully authenticate using the users file, but when I try to authenticate against the test data I've put in the database I'm getting the following in the logs; rad_recv: Access-Request packet from host 127.0.0.1:38929, id=223, length=64 User-Name = "john.gardner" User-Password = "xxxxxxxxxx" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "john.gardner", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 2 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 2 radius_xlat: 'john.gardner' rlm_sql (sql): sql_set_user escaped user --> 'john.gardner' radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'john.gardner' ??ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'john.gardner' ??ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password" rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns fail for request 2 modcall: leaving group authorize (returns fail) for request 2 Finished request 2 Going to the next request Now, it appears that the problem is to do with 'Cleartext-Password' I've stored in the database, but this seems to be correct according to the HOWTO. Can anyone see the problem just from the log? Is there a list of all the correct data that could entered into the database? Thanks in advance John This email and any files transmitted with it are intended solely for the named recipient and may contain sensitive, confidential or protectively marked material up to the central government classification of ?RESTRICTED" which must be handled accordingly. If you have received this e-mail in error, please immediately notify the sender by e-mail and delete from your system, unless you are the named recipient (or authorised to receive it for the recipient) you are not permitted to copy, use, store, publish, disseminate or disclose it to anyone else. E-mail transmission cannot be guaranteed to be secure or error-free as it could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses and therefore the Council accept no liability for any such errors or omissions. Unless explicitly stated otherwise views or opinions expressed in this email are solely those of the author and do not necessarily represent those of the Council and are not intended to be legally binding. All Council network traffic and GCSX traffic may be subject to recording and/or monitoring in accordance with relevant legislation. South Tyneside Council, Town Hall & Civic Offices, Westoe Road, South Shields, Tyne & Wear, NE33 2RL, Tel: 0191 427 1717, Website: www.southtyneside.info
Hi,
I've been following the HOWTO at http://wiki.freeradius.org/SQL_HOWTO but some of it does appear to be out of date.
It's not the HOWTO that's out of date, it's your server version being ancient. I can only strongly urge you to use the 2.x releases, they are so much more convenient and feature-rich. Especially if you are setting up a brand new instance, it's a very bad idea to start with this outdated version 1.1.3.
rlm_sql_postgresql: affected rows = rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password" rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user
And that's where the misery of ancientness kicks in: 1.1.3 did not know about "Cleartext-Password" yet. If you really want to stick with this old version, you could use "User-Password" instead. But again: please don't. Use 2.x.
Now, it appears that the problem is to do with 'Cleartext-Password' I've stored in the database, but this seems to be correct according to the HOWTO. Can anyone see the problem just from the log? Is there a list of all the correct data that could entered into the database?
All attributes are defined in the dictionary (and all the files which are included by raddb/dictionary). These are hundreds. But it's not usually necessary to read them - the HOWTOs get you through the config, so long as the versions they refer to are halfways in sync. Greetings, Stefan Winter
Thanks in advance
John
This email and any files transmitted with it are intended solely for the named recipient and may contain sensitive, confidential or protectively marked material up to the central government classification of ?RESTRICTED" which must be handled accordingly. If you have received this e-mail in error, please immediately notify the sender by e-mail and delete from your system, unless you are the named recipient (or authorised to receive it for the recipient) you are not permitted to copy, use, store, publish, disseminate or disclose it to anyone else.
E-mail transmission cannot be guaranteed to be secure or error-free as it could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses and therefore the Council accept no liability for any such errors or omissions.
Unless explicitly stated otherwise views or opinions expressed in this email are solely those of the author and do not necessarily represent those of the Council and are not intended to be legally binding.
All Council network traffic and GCSX traffic may be subject to recording and/or monitoring in accordance with relevant legislation.
South Tyneside Council, Town Hall & Civic Offices, Westoe Road, South Shields, Tyne & Wear, NE33 2RL, Tel: 0191 427 1717, Website: www.southtyneside.info
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
participants (2)
-
John Gardner -
Stefan Winter