FW: upgraded from freeradius 1.1.3 to 2.0.4

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Feb 19 12:44:16 CET 2009


> Well, I didn't expect this kind of reactions. I tried to give as much information as I had. First of all I upgraded to the newest packages of debian etch before I did a dist-upgrade to lenny. With the latest version of etch it still worked. The latest version in debian lenny is the 2.0.4 which I am running now. I do use the groupreply option (but no groupcheck option because the check has been done already in the usercheck option) so the mail of Alan doesn't solve the problem. The complete debug text is underneath, hopefully this makes it a bit more clear. Sorry for the inconvenience:

basically, when you migrate from 1.x to 2.x you need to manually update the configuration rather
than cut'n'paste the config over - primarily to ensure correct behaviour, but also,
the config is massively different for various new functions - you should be using the
sites-enabled/* system and if you dont see/edit the new configs, you wont see the
new features and capabilities.

this is very similar to apache 1.x to 2.x upgrades

> WARNING: Found User-Password == "...".
> WARNING: Are you sure you don't mean Cleartext-Password?
> WARNING: See "man rlm_pap" for more information.
> rlm_sql (sql): User found in radcheck table

change your oper and attribute

Cleartext-Password :=

instead of

User-Password ==

if you dont use groups, then change  read_groups = yes  to   read_groups = no
(and then, as per the inline docs, If set to 'no' the user MUST have Fall-Through = Yes in the radreply table)

another reason to look at the default config files is they ahve lots and lots of 
details/help and descriptions - all too often I see config files that have been stripped
bare and rejigged eg

sql radius-sql {
        database = "mysql"
        driver = "rlm_sql_${database}"
        server = "localhost"
        login = "database-user"
        password = "password-we-use"
        radius_db = "radius-database"
        acct_table1 = "radacct"
        acct_table2 = "radacct"
        postauth_table = "radpostauth"
        authcheck_table = "radcheck"
        authreply_table = "radreply"
        groupcheck_table = "radgroupcheck"
        groupreply_table = "radgroupreply"
        usergroup_table = "radusergroup"
        deletestalesessions = yes
        sqltrace = yes
        sqltracefile = ${logdir}/sqltrace.sql
        num_sql_socks = 50
        connect_failure_retry_delay = 60
        nas_table = "nas"
        readclients = yes
$INCLUDE /opt/freeradius-3.1.4/sql/${database}/dialup.conf

does that help the administrator or operator?   nope. i dont think so.


More information about the Freeradius-Users mailing list