How to Authenticate Mysql Users whit freeradiuseditingtheusersfile

Juan Pablo Botero juanpabloboterolopez at gmail.com
Fri Feb 20 23:26:45 CET 2009


Ok.
I made that wiht Cleartex-Password and it serves too:

rad_recv: Access-Request packet from host 127.0.0.1 port 32793, id=55,
length=212
        Vendor-14559-Attr-8 = 0x312e302e3132
        User-Name = "juanpal"
        User-Password = "juanpal"
        NAS-IP-Address = 192.168.181.1
        Service-Type = Login-User
        Framed-IP-Address = 192.168.181.3
        Calling-Station-Id = "08-00-27-D6-27-3B"
        Called-Station-Id = "08-00-27-C0-08-85"
        NAS-Identifier = "nas01"
        Acct-Session-Id = "499ee06c00000001"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        WISPr-Logoff-URL = "http://192.168.181.1:3990/logoff"
        Message-Authenticator = 0x16771e0e536870155a6ea764daae4c34
+- entering group authorize
++[preprocess] returns ok
        expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220
        expand: %t -> Fri Feb 20 11:55:31 2009
++[auth_log] returns ok
        expand: %{Realm} ->
++[attr_filter] returns noop
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
        expand: %{User-Name} -> juanpal
rlm_sql (sql): sql_set_user escaped user --> 'juanpal'
rlm_sql (sql): Reserving sql socket id: 3
        expand: SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, UserName, Attribute, Value, op           FROM
radcheck          WHERE Username = 'juanpal'           ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, UserName, Attribute, Value, op           FROM
radreply          WHERE Username = 'juanpal'           ORDER BY id
        expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='juanpal'
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [juanpal/juanpal] (from client localhost port 1 cli
08-00-27-D6-27-3B)
+- entering group post-auth
        expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/reply-detail-20090220
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/reply-detail-20090220
        expand: %t -> Fri Feb 20 11:55:31 2009
++[reply_log] returns ok
rlm_sql (sql): Processing sql_postauth
        expand: %{User-Name} -> juanpal
rlm_sql (sql): sql_set_user escaped user --> 'juanpal'
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
        expand: INSERT into radpostauth (id, user, pass, reply, date) values
('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW()) -> INSERT into radpostauth (id, user, pass,
reply, date) values ('', 'juanpal', 'juanpal', 'Access-Accept', NOW())
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user,
pass, reply, date) values ('', 'juanpal', 'juanpal', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
Sending Access-Accept of id 55 to 127.0.0.1 port 32793
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 3779, id=4,
length=146
        Vendor-14559-Attr-8 = 0x312e302e3132
        Acct-Status-Type = Start
        User-Name = "juanpal"
        Calling-Station-Id = "08-00-27-D6-27-3B"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        NAS-Port-Id = "00000001"
        Framed-IP-Address = 192.168.181.3
        Acct-Session-Id = "499ee06c00000001"
        NAS-IP-Address = 192.168.181.1
        Called-Station-Id = "08-00-27-C0-08-85"
        NAS-Identifier = "nas01"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 192.168.181.1,Acct-Session-Id =
"499ee06c00000001",User-Name = "juanpal"'
rlm_acct_unique: Acct-Unique-Session-ID = "d2c306121c0bde41".
++[acct_unique] returns ok
    rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
        expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/detail-20090220
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/detail-20090220
        expand: %t -> Fri Feb 20 11:55:31 2009
++[detail] returns ok
        expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
        expand: %{User-Name} -> juanpal
++[radutmp] returns ok
        expand: %{User-Name} -> juanpal
rlm_sql (sql): sql_set_user escaped user --> 'juanpal'
        expand: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName,
Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0',
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') ->
INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay) values('499ee06c00000001',
'd2c306121c0bde41', 'juanpal', '', '192.168.181.1', '1', 'Wireless-802.11',
'2009-02-20 11:55:31', '0', '0', '', '', '', '0', '0', '08-00-27-C0-08-85',
'08-00-27-D6-27-3B', '', '', '', '192.168.181.3', '', '0')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
Sending Accounting-Response of id 4 to 127.0.0.1 port 3779
Finished request 5.
Cleaning up request 5 ID 4 with timestamp +171
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 4 ID 55 with timestamp +171
Ready to process requests.

Thanks a Lot


On Fri, Feb 20, 2009 at 12:49 PM, <tnt at kalik.net> wrote:

> >I change the password user from md5 to User-Password and can login.
> >
> >I don't know if that was the suggestion, but thanks a lot
> >
> >>
> >> Try with Cleartext-Password first. And use := not == as operator.
> >>
>
> No. I ment what I wrote. User-Password shouldn't be used. Use
> Cleartext-Password.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Juan Pablo Botero
Administrador de Sistemas informáticos
http://jpill.wordpress.com
eSSuX: http://slcolombia.org/eSSuX
Linux Registered user #435293
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090220/03d9b4af/attachment.html>


More information about the Freeradius-Users mailing list