FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN

James Taylor jtaylor at fcip.net
Mon Aug 18 23:15:28 CEST 2008


Found the error and resolved the issues.  Thanks.  Turns out that I had a typo and the follow WAS required:

Cleartext-Password was changed to User-Password
Auth-Type (Had to be included)

Once these items were changed back to match my Users file from my other system (this test box is NOT using a users file) everything worked perfectly.

James Taylor
FCIP Networks LLC
Tel: 415.385.4692
Fax: 415.358.9612
jtaylor at fcip.net


-----Original Message-----
From: freeradius-users-bounces+jtaylor=fcip.net at lists.freeradius.org [mailto:freeradius-users-bounces+jtaylor=fcip.net at lists.freeradius.org] On Behalf Of James Taylor
Sent: Monday, August 18, 2008 10:19 AM
To: FreeRadius users mailing list
Subject: RE: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN

Attached is a debug from a recent authorization request for mySQL DB to replace a working users.conf file.  I've been playing with this for sometime now and as everything is starting to blur wanted to see if anyone had an idea on what I could try to resolve this issue of my users not gaining access to the network via RADIUS/MySQL.  Thank you all!

rad_recv: Access-Request packet from host 10.0.0.100:32768, id=71, length=158
        User-Name = "00904b727f03"
        Called-Station-Id = "00-22-90-5e-38-10:NCIS-WiFi"
        Calling-Station-Id = "00-90-4b-72-7f-03"
        NAS-Port = 1
        NAS-IP-Address = 10.0.0.100
        NAS-Identifier = "NCIS-WLAN-4402"
        Airespace-Wlan-Id = 1
        User-Password = "00904b727f03"
        Service-Type = Call-Check
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  '00904b727f03'
rlm_sql (sql): sql_set_user escaped user --> '00904b727f03'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = '00904b727f03'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password"
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns fail for request 0
modcall: leaving group authorize (returns fail) for request 0
Finished request 0
Going to the next request

As you can see there are the rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password" - is this correct?
Rlm_sql (sql): Error getting data from database

I will continue debugs and I look forward to a possible solution or guiding answer! thanks!

James Taylor
FCIP Networks LLC
Tel: 415.385.4692
Fax: 415.358.9612
jtaylor at fcip.net

-----Original Message-----
From: freeradius-users-bounces+jtaylor=fcip.net at lists.freeradius.org [mailto:freeradius-users-bounces+jtaylor=fcip.net at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Thursday, August 14, 2008 1:35 AM
To: FreeRadius users mailing list
Subject: Re: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN

James Taylor wrote:
> I am currently tasked with a new project where I have been asked to move
> our currently working ‘users’ file into a manageable MySQL DB (we have
> over 500 user entries so it’s understandable). Below you will find a
> currently working entry from the ‘users’ file.
>
> /Mac-addresss/ Auth-Type := local, User-Password == "/password/"

  Don't set Auth-Type.  Use:

Mac-address     Cleartext-Password := "password"

>         Calling-Station-ID == "/mac-address/",

  You should use '=', not '==' here.

> As you can tell this is a wireless user and of course I have the
> dictionary attributes added (like I said it is currently a working users
> file) but my question is how to take this information and add it to the
> MySQL radius.radcheck database?  From what I am seeing the ID is a
> primary key and must be unique and there is only one attribute field.  I
> may be asking this incorrectly but, does the DB read the rows starting
> with the ID 1 being the first user and continue down until the next user
> entry and return all the rows into Radius for authentication?

  It looks for matching entries.  See doc/rlm_sql.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list