Freeradius + MySQL problem
obaid ghaznawi
onaogh at gmail.com
Fri Jan 16 14:49:11 CET 2009
hi, first of all, i thank all people who are giving thier time to help.
before i subscribe here and post my email, i am searching around in
internet since a week
and trying my best to solve it, i have learned many things,but there is one
problem i cannot get it solved.
i am trying to make hotspot for some building, i choosed:
Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
server
and CoovaAP on WRT54GL sending user credentials to backend server for
authentication
my configs (default settings not showed, lines i changed showed)
freeradius radiusd.conf
================================================
.
. all default
.
log {
.
.
#at the end of log{
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
modules {
.
.
.
$INCLUDE sql.conf #already there
$INCLUDE sql/mysql/counter.conf #already there
.
.
.
}
authorize{
preprocess
chap
mschap
suffix
eap
sql #if i comment out sql and use file, it works, i recive
Packet-Accept, with SQL see the pap warning in debug text
pap
}
accounting{
detail
sql
}
session{
sql
}
==================================================
clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = clientradsec36365
require_message_authenticator = no
nastype = other
}
==================================================
sql.conf
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "radius"
password = "frsqldblogin36365"
radius_db = "radius"
.
.
.
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
.
.
}
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
/etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
mysql "radius" database, radius at localhost user granted all on radius.*
dummy data in tables:
mysql> SELECT * FROM radcheck;
+----+----------+--------------------+----+-------+
| id | username | attribute | op | value |
+----+----------+--------------------+----+-------+
| 1 | obaid | Cleartext-Password | := | 36365 |
+----+----------+--------------------+----+-------+
1 row in set (0.00 sec)
mysql> SELECT * FROM radusergroup;
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| obaid | hotspot | 0 |
+----------+-----------+----------+
1 row in set (0.01 sec)
mysql> SELECT * FROM radgroupcheck;
+----+-----------+-----------+----+-------+
| id | groupname | attribute | op | value |
+----+-----------+-----------+----+-------+
| 2 | hotspot | Auth-Type | := | Local |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)
mysql> SELECT * FROM radreply;
+----+----------+---------------+----+-------+
| id | username | attribute | op | value |
+----+----------+---------------+----+-------+
| 1 | obaid | Reply-Message | := | Hello |
+----+----------+---------------+----+-------+
1 row in set (0.00 sec)
mysql> SELECT * FROM radgroupreply;
+----+-----------+-----------------+----+-------------+
| id | groupname | attribute | op | value |
+----+-----------+-----------------+----+-------------+
| 1 | hotspot | Framed-Protocol | := | PPP |
| 2 | hotspot | Service-Type | := | Framed-User |
+----+-----------+-----------------+----+-------------+
2 rows in set (0.00 sec)
@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
now when running /usr/sbin/freeradius -X and send auth request with radtest
i get
radtest obaid 36365 localhost 1812 clientradsec36365
Sending Access-Request of id 96 to 127.0.0.1 port 1812
User-Name = "obaid"
User-Password = "36365"
NAS-IP-Address = 192.168.1.100
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
length=20
freeradius -X:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
length=57
User-Name = "obaid"
User-Password = "36365"
NAS-IP-Address = 192.168.1.100
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "obaid", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [obaid/36365] (from client server port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} -> obaid
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 96 to 127.0.0.1 port 40386
Waking up in 4.9 seconds.
Cleaning up request 0 ID 96 with timestamp +17
Ready to process requests.
-=========================================================
have you noticed that debug output doesnt talk about sql queries ???, and
nothing about sql queries in log files.
i have used ntradping to send authentication request with CHAP ticked/not
ticked, and i get the same rad+recv:Access-Reject.
but with all same config (except commenting sql and uncomment file in
radius.conf) and radtesting it works fine.
it is probably radius cant query mysql, but i used mtop (mysql monitoring
tool) and it showes that radius queried mysql
or it might be wrong dummy data...
-----
i will appreciate it very much if some one will guide me through this.
thanks for reading.
Obaid Ghaznawi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/ea93dfa4/attachment.html>
More information about the Freeradius-Users
mailing list