Freeradius + MySQL problem
Leigh Martell
leigh.martell at gmail.com
Fri Jan 16 15:13:56 CET 2009
Post the entire debug from start to finish and as well as some tests. The
first whack of debug tells you how freeradius is parsing your config.
Once you have that done we should be able to figure where the issue lie.
Take Care,
Leigh
On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi <onaogh at gmail.com> wrote:
> hi, first of all, i thank all people who are giving thier time to help.
>
> before i subscribe here and post my email, i am searching around in
> internet since a week
> and trying my best to solve it, i have learned many things,but there is one
> problem i cannot get it solved.
> i am trying to make hotspot for some building, i choosed:
> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
> server
> and CoovaAP on WRT54GL sending user credentials to backend server for
> authentication
> my configs (default settings not showed, lines i changed showed)
>
> freeradius radiusd.conf
> ================================================
> .
> . all default
> .
> log {
> .
> .
> #at the end of log{
> auth = yes
> auth_badpass = yes
> auth_goodpass = yes
> }
>
> modules {
> .
> .
> .
> $INCLUDE sql.conf #already there
> $INCLUDE sql/mysql/counter.conf #already there
> .
> .
> .
> }
>
> authorize{
> preprocess
> chap
> mschap
> suffix
> eap
> sql #if i comment out sql and use file, it works, i recive
> Packet-Accept, with SQL see the pap warning in debug text
> pap
> }
>
> accounting{
> detail
> sql
> }
>
> session{
> sql
> }
> ==================================================
> clients.conf
>
> client localhost {
> ipaddr = 127.0.0.1
> secret = clientradsec36365
> require_message_authenticator = no
> nastype = other
>
> }
> ==================================================
> sql.conf
> sql {
> database = "mysql"
> driver = "rlm_sql_${database}"
> server = "localhost"
> login = "radius"
> password = "frsqldblogin36365"
> radius_db = "radius"
> .
> .
> .
> sqltrace = yes
> sqltracefile = ${logdir}/sqltrace.sql
> .
> .
> }
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>
> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
> mysql "radius" database, radius at localhost user granted all on radius.*
>
> dummy data in tables:
>
> mysql> SELECT * FROM radcheck;
> +----+----------+--------------------+----+-------+
> | id | username | attribute | op | value |
> +----+----------+--------------------+----+-------+
> | 1 | obaid | Cleartext-Password | := | 36365 |
> +----+----------+--------------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radusergroup;
> +----------+-----------+----------+
> | username | groupname | priority |
> +----------+-----------+----------+
> | obaid | hotspot | 0 |
> +----------+-----------+----------+
> 1 row in set (0.01 sec)
>
> mysql> SELECT * FROM radgroupcheck;
> +----+-----------+-----------+----+-------+
> | id | groupname | attribute | op | value |
> +----+-----------+-----------+----+-------+
> | 2 | hotspot | Auth-Type | := | Local |
> +----+-----------+-----------+----+-------+
> 1 row in set (0.00 sec)
>
>
> mysql> SELECT * FROM radreply;
> +----+----------+---------------+----+-------+
> | id | username | attribute | op | value |
> +----+----------+---------------+----+-------+
> | 1 | obaid | Reply-Message | := | Hello |
> +----+----------+---------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radgroupreply;
> +----+-----------+-----------------+----+-------------+
> | id | groupname | attribute | op | value |
> +----+-----------+-----------------+----+-------------+
> | 1 | hotspot | Framed-Protocol | := | PPP |
> | 2 | hotspot | Service-Type | := | Framed-User |
> +----+-----------+-----------------+----+-------------+
> 2 rows in set (0.00 sec)
>
> @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
>
> now when running /usr/sbin/freeradius -X and send auth request with radtest
> i get
> radtest obaid 36365 localhost 1812 clientradsec36365
>
> Sending Access-Request of id 96 to 127.0.0.1 port 1812
> User-Name = "obaid"
> User-Password = "36365"
> NAS-IP-Address = 192.168.1.100
> NAS-Port = 1812
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
> length=20
>
> freeradius -X:
>
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
> length=57
> User-Name = "obaid"
> User-Password = "36365"
> NAS-IP-Address = 192.168.1.100
> NAS-Port = 1812
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "obaid", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user. Authentication
> may fail because of this.
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [obaid/36365] (from client server port 1812)
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> expand: %{User-Name} -> obaid
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 96 to 127.0.0.1 port 40386
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 96 with timestamp +17
> Ready to process requests.
>
> -=========================================================
> have you noticed that debug output doesnt talk about sql queries ???, and
> nothing about sql queries in log files.
>
> i have used ntradping to send authentication request with CHAP ticked/not
> ticked, and i get the same rad+recv:Access-Reject.
>
> but with all same config (except commenting sql and uncomment file in
> radius.conf) and radtesting it works fine.
>
> it is probably radius cant query mysql, but i used mtop (mysql monitoring
> tool) and it showes that radius queried mysql
>
> or it might be wrong dummy data...
> -----
>
> i will appreciate it very much if some one will guide me through this.
>
> thanks for reading.
>
> Obaid Ghaznawi
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/2c9cfa4e/attachment.html>
More information about the Freeradius-Users
mailing list