Freeradius + MySQL problem

obaid ghaznawi onaogh at gmail.com
Fri Jan 16 14:49:11 CET 2009


hi, first of all, i thank all people who are giving thier time to help.

before i subscribe here and post my email,  i am searching around in
internet since a week
and trying my best to solve it, i have learned many things,but there is one
problem i cannot get it solved.
i am trying to make hotspot for some building, i choosed:
Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
server
and CoovaAP on WRT54GL sending user credentials to backend server for
authentication
my configs (default settings not showed, lines i changed showed)

freeradius radiusd.conf
================================================
    .
    .     all default
    .
log {
    .
    .
        #at the end of log{
        auth = yes
        auth_badpass = yes
        auth_goodpass = yes
}

modules {
    .
    .
    .
    $INCLUDE sql.conf #already there
    $INCLUDE sql/mysql/counter.conf #already there
    .
    .
    .
}

authorize{
        preprocess
        chap
        mschap
        suffix
        eap
        sql #if i comment out sql and use file, it works, i recive
Packet-Accept, with SQL see the pap warning in debug text
        pap
}

accounting{
        detail
        sql
}

session{
        sql
}
==================================================
clients.conf

client localhost {
        ipaddr = 127.0.0.1
        secret          = clientradsec36365
        require_message_authenticator = no
        nastype     = other

}
==================================================
sql.conf
sql {
        database = "mysql"
        driver = "rlm_sql_${database}"
        server = "localhost"
        login = "radius"
        password = "frsqldblogin36365"
        radius_db = "radius"
               .
               .
               .
        sqltrace = yes
        sqltracefile = ${logdir}/sqltrace.sql
.
.
}

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

/etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
mysql "radius" database, radius at localhost user granted all on radius.*

dummy data in tables:

mysql> SELECT * FROM radcheck;
+----+----------+--------------------+----+-------+
| id | username | attribute          | op | value |
+----+----------+--------------------+----+-------+
|  1 | obaid    | Cleartext-Password | := | 36365 |
+----+----------+--------------------+----+-------+
1 row in set (0.00 sec)

mysql> SELECT * FROM radusergroup;
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| obaid    | hotspot   |        0 |
+----------+-----------+----------+
1 row in set (0.01 sec)

mysql> SELECT * FROM radgroupcheck;
+----+-----------+-----------+----+-------+
| id | groupname | attribute | op | value |
+----+-----------+-----------+----+-------+
|  2 | hotspot   | Auth-Type | := | Local |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)


mysql> SELECT * FROM radreply;
+----+----------+---------------+----+-------+
| id | username | attribute     | op | value |
+----+----------+---------------+----+-------+
|  1 | obaid    | Reply-Message | := | Hello |
+----+----------+---------------+----+-------+
1 row in set (0.00 sec)

mysql> SELECT * FROM radgroupreply;
+----+-----------+-----------------+----+-------------+
| id | groupname | attribute       | op | value       |
+----+-----------+-----------------+----+-------------+
|  1 | hotspot   | Framed-Protocol | := | PPP         |
|  2 | hotspot   | Service-Type    | := | Framed-User |
+----+-----------+-----------------+----+-------------+
2 rows in set (0.00 sec)

@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$

now when running /usr/sbin/freeradius -X and send auth request with radtest
i get
radtest obaid 36365 localhost 1812 clientradsec36365

Sending Access-Request of id 96 to 127.0.0.1 port 1812
        User-Name = "obaid"
        User-Password = "36365"
        NAS-IP-Address = 192.168.1.100
        NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
length=20

freeradius -X:

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
length=57
        User-Name = "obaid"
        User-Password = "36365"
        NAS-IP-Address = 192.168.1.100
        NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "obaid", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [obaid/36365] (from client server port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
        expand: %{User-Name} -> obaid
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 96 to 127.0.0.1 port 40386
Waking up in 4.9 seconds.
Cleaning up request 0 ID 96 with timestamp +17
Ready to process requests.

-=========================================================
have you noticed that debug output doesnt talk about sql queries ???, and
nothing about sql queries in log files.

i have used ntradping to send authentication request with CHAP ticked/not
ticked, and i get the same rad+recv:Access-Reject.

but with all same config (except commenting sql and uncomment file in
radius.conf) and radtesting it works fine.

it is probably radius cant query mysql, but i used mtop (mysql monitoring
tool) and it showes that radius queried mysql

or it might be wrong dummy data...
-----

i will appreciate it very much if some one will guide me through this.

thanks for reading.

Obaid Ghaznawi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/ea93dfa4/attachment.html>


More information about the Freeradius-Users mailing list