freeradius-2.0.3 not talking to mysql-5.1

NPY npy at pdog-vpn.com
Wed May 14 17:25:36 CEST 2008


Hi,

I am struggling to get freeradius-2.0.3 to work with mysql-5.1.24 on a FreeBSD-7.0 machine.

Basic PAP auth is working so radiusd is running fine.

Below is the 'radiusd -X' output when I did a 'radtest joy happy localhost 1812 testing123'

I notice when running 'radiusd -X' that no module rlm_sql_mysql was loaded. Is that a problem?
How do I resolve it?

Thanks,
-Marcus

-------------------------------------

FreeRADIUS Version 2.0.3, for host amd64-portbld-freebsd7.0, built on May 13 2008 at 14:48:48
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License. 
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including dictionary file /usr/local/etc/raddb/dictionary
main {
 prefix = "/usr/local"
 localstatedir = "/var"
 logdir = "/var/log"
 libdir = "/usr/local/lib"
 radacctdir = "/var/log/radacct"
 hostname_lookups = no
 max_request_time = 30
 cleanup_delay = 5
 max_requests = 1024
 allow_core_dumps = no
 pidfile = "/var/run/radiusd/radiusd.pid"
 user = "freeradius"
 group = "freeradius"
 checkrad = "/usr/local/sbin/checkrad"
 debug_level = 0
 proxy_requests = yes
 security {
 max_attributes = 200
 reject_delay = 1
 status_server = yes
 }
}
 client localhost {
 ipaddr = 127.0.0.1
 require_message_authenticator = no
 secret = "testing123"
 nastype = "other"
 }
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
 retry_delay = 5
 retry_count = 3
 default_fallback = no
 dead_time = 120
 wake_all_if_all_dead = no
 }
 home_server localhost {
 ipaddr = 127.0.0.1
 port = 1812
 type = "auth"
 secret = "testing123"
 response_window = 20
 max_outstanding = 65536
     zombie_period = 40
 status_check = "status-server"
 ping_check = "none"
 ping_interval = 30
 check_interval = 30
 num_answers_to_alive = 3
 num_pings_to_alive = 3
 revive_interval = 120
 status_check_timeout = 4
 }
 home_server_pool my_auth_failover {
 type = fail-over
 home_server = localhost
 }
 realm example.com {
 auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
 wait = yes
 input_pairs = "request"
 shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
 reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
 reply-message = "You are calling outside your allowed timespan  "
 minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
 encryption_scheme = "auto"
 auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
 use_mppe = yes
 require_encryption = no
 require_strong = no
 with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
 radwtmp = "/var/log/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
 default_eap_type = "md5"
 timer_expire = 60
 ignore_unknown_eap_types = no
 cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
 challenge = "Password: "
 auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
 rsa_key_exchange = no
 dh_key_exchange = yes
 rsa_key_length = 512
 dh_key_length = 512
 verify_depth = 0
 pem_file_type = yes
 private_key_file = "/usr/local/etc/raddb/certs/server.pem"
 certificate_file = "/usr/local/etc/raddb/certs/server.pem"
 CA_file = "/usr/local/etc/raddb/certs/ca.pem"
 private_key_password = "whatever"
 dh_file = "/usr/local/etc/raddb/certs/dh"
 random_file = "/usr/local/etc/raddb/certs/random"
 fragment_size = 1024
 include_length = yes
 check_crl = no
 cipher_list = "DEFAULT"
 make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
 default_eap_type = "md5"
 copy_request_to_tunnel = no
 use_tunneled_reply = no
 virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
 default_eap_type = "mschapv2"
 copy_request_to_tunnel = no
 use_tunneled_reply = no
 proxy_tunneled_request_as_eap = yes
 virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
 with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
 format = "suffix"
 delimiter = "@"
 ignore_default = no
 ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
 usersfile = "/usr/local/etc/raddb/users"
 acctusersfile = "/usr/local/etc/raddb/acct_users"
 preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
 compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
 filename = "/var/log/radutmp"
 username = "%{User-Name}"
 case_sensitive = yes
 check_with_nas = yes
 perm = 384
 callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
 attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
 key = "%{User-Name}"
  }
 }
}
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
 huntgroups = "/usr/local/etc/raddb/huntgroups"
 hints = "/usr/local/etc/raddb/hints"
 with_ascend_hack = no
 ascend_channels_per_line = 23
 with_ntdomain_hack = no
 with_specialix_jetstream_hack = no
 with_cisco_vsa_hack = no
 with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
 key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
 detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 header = "%t"
 detailperm = 384
 dirperm = 493
 locking = no
 log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
 attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
 key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 }
}
radiusd: #### Opening IP addresses and Ports ####
listen {
 type = "auth"
 ipaddr = *
 port = 0
}
listen {
 type = "acct"
 ipaddr = *
 port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
 User-Name = "joy"
 User-Password = "happy"
 NAS-IP-Address = 123.242.231.112
 NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "joy", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [joy/happy] (from client localhost port 1812)
  Found Post-Auth-Type Reject
+- entering group REJECT
 expand: %{User-Name} -> joy
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Waking up in 4.9 seconds.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080514/76b723e4/attachment.html>


More information about the Freeradius-Users mailing list