FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN
James Taylor
jtaylor at fcip.net
Mon Aug 18 19:19:13 CEST 2008
Attached is a debug from a recent authorization request for mySQL DB to replace a working users.conf file. I've been playing with this for sometime now and as everything is starting to blur wanted to see if anyone had an idea on what I could try to resolve this issue of my users not gaining access to the network via RADIUS/MySQL. Thank you all!
rad_recv: Access-Request packet from host 10.0.0.100:32768, id=71, length=158
User-Name = "00904b727f03"
Called-Station-Id = "00-22-90-5e-38-10:NCIS-WiFi"
Calling-Station-Id = "00-90-4b-72-7f-03"
NAS-Port = 1
NAS-IP-Address = 10.0.0.100
NAS-Identifier = "NCIS-WLAN-4402"
Airespace-Wlan-Id = 1
User-Password = "00904b727f03"
Service-Type = Call-Check
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '00904b727f03'
rlm_sql (sql): sql_set_user escaped user --> '00904b727f03'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '00904b727f03' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password"
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns fail for request 0
modcall: leaving group authorize (returns fail) for request 0
Finished request 0
Going to the next request
As you can see there are the rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password" - is this correct?
Rlm_sql (sql): Error getting data from database
I will continue debugs and I look forward to a possible solution or guiding answer! thanks!
James Taylor
FCIP Networks LLC
Tel: 415.385.4692
Fax: 415.358.9612
jtaylor at fcip.net
-----Original Message-----
From: freeradius-users-bounces+jtaylor=fcip.net at lists.freeradius.org [mailto:freeradius-users-bounces+jtaylor=fcip.net at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Thursday, August 14, 2008 1:35 AM
To: FreeRadius users mailing list
Subject: Re: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN
James Taylor wrote:
> I am currently tasked with a new project where I have been asked to move
> our currently working ‘users’ file into a manageable MySQL DB (we have
> over 500 user entries so it’s understandable). Below you will find a
> currently working entry from the ‘users’ file.
>
> /Mac-addresss/ Auth-Type := local, User-Password == "/password/"
Don't set Auth-Type. Use:
Mac-address Cleartext-Password := "password"
> Calling-Station-ID == "/mac-address/",
You should use '=', not '==' here.
> As you can tell this is a wireless user and of course I have the
> dictionary attributes added (like I said it is currently a working users
> file) but my question is how to take this information and add it to the
> MySQL radius.radcheck database? From what I am seeing the ID is a
> primary key and must be unique and there is only one attribute field. I
> may be asking this incorrectly but, does the DB read the rows starting
> with the ID 1 being the first user and continue down until the next user
> entry and return all the rows into Radius for authentication?
It looks for matching entries. See doc/rlm_sql.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list