Failed to create pair
Hello, I have a server working perfectly, and now when I try to use Freeradius in ubuntu 14, I get this error: rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Password" rlm_sql (sql): Error parsing user data from database result (0) ERROR: sql : SQL query error Could you please give me a clue? Thanks Freeradius -vxx freeradius: FreeRADIUS Version 3.0.3, for host x86_64-pc-linux-gnu, built on May 20 2014 at 11:59:21 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT BR
On 10 May 2015, at 09:09, escalanterj@gmail.com wrote:
Hello,
I have a server working perfectly, and now when I try to use Freeradius in ubuntu 14, I get this error:
rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Password" rlm_sql (sql): Error parsing user data from database result (0) ERROR: sql : SQL query error
Could you please give me a clue? Thanks
Upgrade to 3.0.8. -Arran
Hello, Updated, it's doing exactly the same... Freundliche Grüsse Javier Escalante 00 41 78 689 85 69 escalanterj@gmail.com -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+escalanterj=gmail.com@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: 10 May 2015 15:36 To: FreeRadius users mailing list Subject: Re: Failed to create pair
On 10 May 2015, at 09:09, escalanterj@gmail.com wrote:
Hello,
I have a server working perfectly, and now when I try to use Freeradius in ubuntu 14, I get this error:
rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Password" rlm_sql (sql): Error parsing user data from database result (0) ERROR: sql : SQL query error
Could you please give me a clue? Thanks
Upgrade to 3.0.8. -Arran
On May 10, 2015, at 9:09 AM, escalanterj@gmail.com wrote:
I have a server working perfectly, and now when I try to use Freeradius in ubuntu 14, I get this error:
rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Password"
"Password" has been the wrong name for about a decade. Fix your database to use Cleartext-Password. Alan DeKok.
Hello Alan, Thanks, but where should I change to cleartext-password? Thanks Freundliche Grüsse Javier Escalante 00 41 78 689 85 69 escalanterj@gmail.com -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+escalanterj=gmail.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 10 May 2015 15:59 To: FreeRadius users mailing list Subject: Re: Failed to create pair On May 10, 2015, at 9:09 AM, escalanterj@gmail.com wrote:
I have a server working perfectly, and now when I try to use Freeradius in ubuntu 14, I get this error:
rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Password"
"Password" has been the wrong name for about a decade. Fix your database to use Cleartext-Password. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On May 10, 2015, at 10:15 AM, <escalanterj@gmail.com> <escalanterj@gmail.com> wrote:
Thanks, but where should I change to cleartext-password?
In the database. The field which contains the string "Password". Probably in the radcheck table. You should understand the contents of your own database... Alan DeKok.
'm sorry but I don’t get it. Attached screenshots from the table which is the working system, and the one not working. Could you tell me what should I change in radcheck? Thanks Freundliche Grüsse Javier Escalante 00 41 78 689 85 69 escalanterj@gmail.com -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+escalanterj=gmail.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 10 May 2015 16:21 To: FreeRadius users mailing list Subject: Re: Failed to create pair On May 10, 2015, at 10:15 AM, <escalanterj@gmail.com> <escalanterj@gmail.com> wrote:
Thanks, but where should I change to cleartext-password?
In the database. The field which contains the string "Password". Probably in the radcheck table. You should understand the contents of your own database... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On May 10, 2015, at 10:40 AM, <escalanterj@gmail.com> <escalanterj@gmail.com> wrote:
'm sorry but I don’t get it.
Attached screenshots from the table which is the working system, and the one not working.
Could you tell me what should I change in radcheck?
This isn't magic. The message is coming from SOMEWHERE. Since you're not posting the full debug output, I had to guess which table it was. Apparently my guess was wrong. It's in another table. In the end, this is really a basic SQL administration question. It's not about FreeRADIUS. Somewhere in your SQL database you have "Password" where you should have something else. Go find out where it is, and fix that. Alan DeKok.
Hwllo, Below the whole dubug. It might be a very simple question, but if I don’t know what to change, I cannot change. You mean that in my radcheck table, instead of password in attribute I should save cleartext-password? Thanks in advance root@dev3-64:~# freeradius -X freeradius: FreeRADIUS Version 3.0.3, for host x86_64-pc-linux-gnu, built on May 20 2014 at 11:59:21 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/unpack including configuration file /etc/freeradius/mods-enabled/utf8 including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/dhcp including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/cache_eap including configuration file /etc/freeradius/mods-enabled/eap including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/accounting including configuration file /etc/freeradius/policy.d/filter including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/eap including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } security { max_attributes = 200 reject_delay = 1 status_server = yes allow_vulnerable_openssl = "yes" } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 0.0.0.0/0 { require_message_authenticator = no secret = <<< secret >>> shortname = "global" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /etc/freeradius/mods-enabled/sradu tmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_logintime # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logi ntime logintime { minimum_timeout = 60 } # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods -enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods- enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/m ods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/freeradiu s/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freera dius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_respons e # Loaded module rlm_replicate # Instantiating module "replicate" from file /etc/freeradius/mods-enabled/repl icate # Instantiating module "radutmp" from file /etc/freeradius/mods-enabled/radutm p radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/pre process preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/pas swd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Loaded module rlm_detail # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Loaded module rlm_digest # Instantiating module "digest" from file /etc/freeradius/mods-enabled/digest # Loaded module rlm_files # Instantiating module "files" from file /etc/freeradius/mods-enabled/files files { filename = "/etc/freeradius/mods-config/files/authorize" usersfile = "/etc/freeradius/mods-config/files/authorize" acctusersfile = "/etc/freeradius/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy" compat = "cistron" } reading pairlist file /etc/freeradius/mods-config/files/authorize [/etc/freeradius/mods-config/files/authorize]:181 Cistron compatibility checks f or entry DEFAULT ... [/etc/freeradius/mods-config/files/authorize]:188 Cistron compatibility checks f or entry DEFAULT ... [/etc/freeradius/mods-config/files/authorize]:195 Cistron compatibility checks f or entry DEFAULT ... reading pairlist file /etc/freeradius/mods-config/files/authorize [/etc/freeradius/mods-config/files/authorize]:181 Cistron compatibility checks f or entry DEFAULT ... [/etc/freeradius/mods-config/files/authorize]:188 Cistron compatibility checks f or entry DEFAULT ... [/etc/freeradius/mods-config/files/authorize]:195 Cistron compatibility checks f or entry DEFAULT ... reading pairlist file /etc/freeradius/mods-config/files/accounting reading pairlist file /etc/freeradius/mods-config/files/pre-proxy # Loaded module rlm_unix # Instantiating module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } # Loaded module rlm_mschap # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loaded module rlm_exec # Instantiating module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_chap # Instantiating module "chap" from file /etc/freeradius/mods-enabled/chap # Loaded module rlm_unpack # Instantiating module "unpack" from file /etc/freeradius/mods-enabled/unpack # Loaded module rlm_utf8 # Instantiating module "utf8" from file /etc/freeradius/mods-enabled/utf8 # Loaded module rlm_realm # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/r ealm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_expr # Instantiating module "expr" from file /etc/freeradius/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789.-_: /" } # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /etc/freeradius/mods-enable d/dynamic_clients # Instantiating module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm _auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --usern ame=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /etc/freeradius/mods-enabled/dhcp # Loaded module rlm_pap # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_always # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/alway s always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/alway s always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_expiration # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/exp iration # Instantiating module "echo" from file /etc/freeradius/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detai l.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail out put # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/deta il.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/ detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled /detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Pa cket-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Loaded module rlm_soh # Instantiating module "soh" from file /etc/freeradius/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_cache # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cach e_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_eap # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 1024 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.pem" certificate_file = "/etc/freeradius/certs/server.pem" ca_file = "/etc/freeradius/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/etc/freeradius/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelo g linelog { filename = "/var/log/freeradius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{Packet-Type}:-default}" } # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled /linelog linelog log_accounting { filename = "/var/log/freeradius/linelog-accounting" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_sql # Instantiating module "sql" from file /etc/freeradius/sql.conf sql { driver = "rlm_sql_mysql" server = "localhost" port = "" login = "root" password = <<< secret >>> radius_db = "radius" read_groups = yes read_clients = no delete_stale_sessions = yes sql_user_name = "%{User-Name}" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Grou p}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Grou p}' ORDER BY id" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789.-_: /" } rlm_sql (sql): Couldn't find configuration for accounting, will return NOOP for calls from this section rlm_sql (sql): Couldn't find configuration for post-auth, will return NOOP for c alls from this section mysql { tls { } } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to database "radius" rlm_sql (sql): Initialising connection pool rlm_sql (sql): Opening additional connection (0) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Opening additional connection (1) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Opening additional connection (2) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Opening additional connection (3) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Opening additional connection (4) rlm_sql_mysql: Starting connect to MySQL server } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server default { # from file /etc/freeradius/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 35142 Ready to process requests. Received Access-Request Id 16 from 217.162.186.120:36435 to 87.98.225.176:1812 l ength 223 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 'D0:59:E4:08:F3:82' Called-Station-Id = 'Zurich-tests' NAS-Port-Id = 'ether5' User-Name = '10153350973434668@facebook' NAS-Port = 2150629388 Acct-Session-Id = '8030000c' Framed-IP-Address = 192.168.10.61 Mikrotik-Host-IP = 192.168.10.61 User-Password = '1b10f7b12fefa28f6eb1e6333d9d7cf7' Service-Type = Login-User WISPr-Logoff-URL = 'http://192.168.10.1/logout' NAS-Identifier = 'Zurich-tests' NAS-IP-Address = 192.168.0.119 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/defaul t (0) authorize { (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix : Looking up realm "facebook" for User-Name = "10153350973434668@face book" (0) suffix : No such realm "facebook" (0) [suffix] = noop (0) eap : No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql : EXPAND %{User-Name} (0) sql : --> 10153350973434668@facebook (0) sql : SQL-User-Name set to '10153350973434668@facebook' rlm_sql (sql): Reserved connection (4) (0) sql : EXPAND SELECT id, username, attribute, value, op FROM radche ck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql : --> SELECT id, username, attribute, value, op FROM radche ck WHERE username = '10153350973434668@facebook' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '10153350973434668@facebook' ORDER BY id' rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Passw ord" rlm_sql (sql): Error parsing user data from database result (0) ERROR: sql : SQL query error rlm_sql (sql): Released connection (4) (0) [sql] = fail (0) } # authorize = fail (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Post-Auth-Type REJECT { (0) [sql] = noop (0) attr_filter.access_reject : EXPAND %{User-Name} (0) attr_filter.access_reject : --> 10153350973434668@facebook (0) attr_filter.access_reject : Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure (0) [eap] = noop (0) remove_reply_message_if_eap remove_reply_message_if_eap { (0) if (reply:EAP-Message && reply:Reply-Message) (0) if (reply:EAP-Message && reply:Reply-Message) -> FALSE (0) else else { (0) [noop] = noop (0) } # else else = noop (0) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Delaying response for 1 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response Sending Access-Reject Id 16 from 87.98.225.176:1812 to 217.162.186.120:36435 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 16 with timestamp +19 Ready to process requests. Freundliche Grüsse Javier Escalante 00 41 78 689 85 69 escalanterj@gmail.com -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+escalanterj=gmail.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 10 May 2015 16:48 To: FreeRadius users mailing list Subject: Re: Failed to create pair On May 10, 2015, at 10:40 AM, <escalanterj@gmail.com> <escalanterj@gmail.com> wrote:
'm sorry but I don’t get it.
Attached screenshots from the table which is the working system, and the one not working.
Could you tell me what should I change in radcheck?
This isn't magic. The message is coming from SOMEWHERE. Since you're not posting the full debug output, I had to guess which table it was. Apparently my guess was wrong. It's in another table. In the end, this is really a basic SQL administration question. It's not about FreeRADIUS. Somewhere in your SQL database you have "Password" where you should have something else. Go find out where it is, and fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2015-05-10 17:00 GMT+02:00 <escalanterj@gmail.com>:
Hwllo,
Below the whole dubug. It might be a very simple question, but if I don’t know what to change, I cannot change. You mean that in my radcheck table, instead of password in attribute I should save cleartext-password?
(0) sql : EXPAND %{User-Name} (0) sql : --> 10153350973434668@facebook (0) sql : SQL-User-Name set to '10153350973434668@facebook' rlm_sql (sql): Reserved connection (4) (0) sql : EXPAND SELECT id, username, attribute, value, op FROM radche ck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql : --> SELECT id, username, attribute, value, op FROM radche ck WHERE username = '10153350973434668@facebook' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '10153350973434668@facebook' ORDER BY id' rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Passw ord" rlm_sql (sql): Error parsing user data from database result
in that table (radcheck) you have the fields id, username, attribute, value, op and Password. Rename the field "Password" to "Cleartext-Password"
Hello Ben I could more or less figure it out, but thanks for clarification. BR Freundliche Grüsse Javier Escalante 00 41 78 689 85 69 escalanterj@gmail.com -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+escalanterj=gmail.com@lists.freeradius.org] On Behalf Of Ben Humpert Sent: 10 May 2015 17:13 To: FreeRadius users mailing list Subject: Re: Failed to create pair 2015-05-10 17:00 GMT+02:00 <escalanterj@gmail.com>:
Hwllo,
Below the whole dubug. It might be a very simple question, but if I don’t know what to change, I cannot change. You mean that in my radcheck table, instead of password in attribute I should save cleartext-password?
(0) sql : EXPAND %{User-Name} (0) sql : --> 10153350973434668@facebook (0) sql : SQL-User-Name set to '10153350973434668@facebook' rlm_sql (sql): Reserved connection (4) (0) sql : EXPAND SELECT id, username, attribute, value, op FROM radche ck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql : --> SELECT id, username, attribute, value, op FROM radche ck WHERE username = '10153350973434668@facebook' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '10153350973434668@facebook' ORDER BY id' rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Passw ord" rlm_sql (sql): Error parsing user data from database result
in that table (radcheck) you have the fields id, username, attribute, value, op and Password. Rename the field "Password" to "Cleartext-Password" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On May 10, 2015, at 11:00 AM, <escalanterj@gmail.com> <escalanterj@gmail.com> wrote:
Below the whole dubug. It might be a very simple question, but if I don’t know what to change, I cannot change.
Then find out. This is what you MUST be doing as a RADIUS / SQL administrator. Right now, you're giving up as soon as you run into a problem. This is a problem.
You mean that in my radcheck table, instead of password in attribute I should save cleartext-password?
<sigh> If you want repeated reassurance, go back and read my messages again.
(0) sql : EXPAND %{User-Name} (0) sql : --> 10153350973434668@facebook (0) sql : SQL-User-Name set to '10153350973434668@facebook' rlm_sql (sql): Reserved connection (4) (0) sql : EXPAND SELECT id, username, attribute, value, op FROM radche ck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql : --> SELECT id, username, attribute, value, op FROM radche ck WHERE username = '10153350973434668@facebook' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '10153350973434668@facebook' ORDER BY id' rlm_sql: Failed to create the pair: Invalid vendor name in attribute name "Passw ord" rlm_sql (sql): Error parsing user data from database result
The server prints out the SQL SELECT statement for a reason. If you are unable to figure out what it means, go learn more about your SQL database. Then, look in your database, and fix the problem. That process requires knowledge about SQL, not FreeRADIUS. This is no longer an appropriate topic for the FreeRADIUS list. And I personally will not be answering any more questions about it. Alan DeKok.
participants (4)
-
Alan DeKok -
Arran Cudbard-Bell -
Ben Humpert -
escalanterj@gmail.com