FreeRadius2.0.2+ mysql +dailupadmin help!
Lance Buttars
lbuttars at tenxnetworks.com
Thu Mar 13 23:43:27 CET 2008
Ivan Kalik wrote:
>> thank you for your help I was able to find where to enable the sql but
>> now I get this error.
>>
>> rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so:
>> cannot open shared object file: No such file or directory
>> rlm_sql (sql): Make sure it (and all its dependent libraries!) are in
>> the search path of your system's ld.
>> /usr/local/etc/raddb/sql.conf[21]: Instantiation failed for module "sql"
>> /usr/local/etc/raddb/sites-enabled/default[124]: Failed to find module
>> "sql".
>> /usr/local/etc/raddb/sites-enabled/default[34]: Errors parsing authorize
>> section.
>>
>
> This is in the FAQ:
>
> http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F
>
> Number 2) (you have the library but linker can't find it) is the problem
> in most cases.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
I looked at the ./configure warnings and I was missing the mysql-devel
package.
along with a lot of other packages.
I installed all of those.
now i've got configuration issues.
if I setup the client in client.conf radius accepts the nas connection.
if I use dialupadmin to define the NAS client it doesnt allow
connections from my nas client.
this is what I get with client.conf when I define the NAS in client.conf
rad_recv: Access-Request packet from host 192.168.0.76 port 1030, id=24,
length=198
NAS-Port-Type = Ethernet
Calling-Station-Id = "00:13:E8:CD:E5:53"
Called-Station-Id = "hotspot1"
NAS-Port-Id = "wlan1"
User-Name = "radiustest"
NAS-Port = 2149580824
Acct-Session-Id = "80200018"
Framed-IP-Address = 10.5.50.252
Mikrotik-Host-IP = 10.5.50.252
CHAP-Challenge = 0x0bed27589fa8f959ea6d4b6560dedff9
CHAP-Password = 0x112fa41a1c851ea19d378c120de246d86f
Service-Type = Login-User
WISPr-Logoff-URL = "http://10.5.50.1/logout"
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.0.76
+- entering group authorize
++[preprocess] returns ok
rlm_chap: Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "radiustest", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> radiustest
rlm_sql (sql): sql_set_user escaped user --> 'radiustest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, op FROM radcheck WHERE username = 'radiustest' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'radiustest' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE
username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, op FROM radreply WHERE username = 'radiustest' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'radiustest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'radiustest' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username
= 'radiustest' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck
WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname = 'testme' ORDER
BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'testme' ORDER BY id
rlm_sql (sql): User found in group testme
expand: SELECT id, groupname, attribute, value, op FROM radgroupreply
WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE groupname = 'testme' ORDER
BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'testme' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "CHAP"
+- entering group CHAP
rlm_chap: login attempt by "radiustest" with CHAP password
rlm_chap: Using clear text password "$1$fj5Vw2PC$saaupvvPwVxAyIJaY9Em6."
for user radiustest authentication.
rlm_chap: Password check failed
++[chap] returns reject
auth: Failed to validate the user.
Login incorrect (rlm_chap: Wrong user password):
[radiustest/<CHAP-Password>] (from client private-network-1 port
2149580824 cli 00:13:E8:CD:E5:53)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> radiustest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.76 port 1030, id=24,
length=198
Waiting to send Access-Reject to client private-network-1 port 1030 - ID: 24
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.76 port 1030, id=24,
length=198
Waiting to send Access-Reject to client private-network-1 port 1030 - ID: 24
Waking up in 0.3 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 24 to 192.168.0.76 port 1030
Waking up in 4.9 seconds.
Cleaning up request 0 ID 24 with timestamp +1
Ready to process requests.
this is what I get with out defining the client in client.conf
Ignoring request to authentication address * port 1812 from unknown
client 192.168.0.76 port 1030
Ready to process requests.
+----+------------+---------------+----+------------------------------------+
| id | username | attribute | op | value |
+----+------------+---------------+----+------------------------------------+
| 1 | radiustest | User-Password | := |
$1$fj5Vw2PC$saaupvvPwVxAyIJaY9Em6. |
+----+------------+---------------+----+------------------------------------+
1 row in set (0.00 sec)
mysql> select * from nas;
+----+--------------+-----------+-------+-------+--------+-----------+-------------+
| id | nasname | shortname | type | ports | secret | community |
description |
+----+--------------+-----------+-------+-------+--------+-----------+-------------+
| 1 | 192.168.0.76 | mikro | other | 100 | testme | | |
+----+--------------+-----------+-------+-------+--------+-----------+-------------+
1 row in set (0.00 sec)
mysql> clear
mysql> ;
ERROR:
No query specified
mysql> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| badusers |
| mtotacct |
| nas |
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radippool |
| radpostauth |
| radreply |
| radusergroup |
| totacct |
| userinfo
mysql> select * from nas;
+----+--------------+-----------+-------+-------+--------+-----------+-------------+
| id | nasname | shortname | type | ports | secret | community |
description |
+----+--------------+-----------+-------+-------+--------+-----------+-------------+
| 1 | 192.168.0.76 | mikrotik | other | 100 | testme | | |
+----+--------------+-----------+-------+-------+--------+-----------+-------------+
1 row in set (0.00 sec)
Ignoring request to authentication address * port 1812 from unknown
client 192.168.0.76 port 1030
Ready to process requests.
More information about the Freeradius-Users
mailing list