Freeradius + MySQL problem
tnt at kalik.net
tnt at kalik.net
Fri Jan 16 15:50:04 CET 2009
Yes. Post the whole debug including startup. Something is not right here.
authorize is not in radiusd.conf in 2.x.
Ivan Kalik
Kalik Informatika ISP
Dana 16/1/2009, "Leigh Martell" <leigh.martell at gmail.com> piše:
>Post the entire debug from start to finish and as well as some tests. The
>first whack of debug tells you how freeradius is parsing your config.
>
>Once you have that done we should be able to figure where the issue lie.
>
>Take Care,
>Leigh
>
>On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi <onaogh at gmail.com> wrote:
>
>> hi, first of all, i thank all people who are giving thier time to help.
>>
>> before i subscribe here and post my email, i am searching around in
>> internet since a week
>> and trying my best to solve it, i have learned many things,but there is one
>> problem i cannot get it solved.
>> i am trying to make hotspot for some building, i choosed:
>> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
>> server
>> and CoovaAP on WRT54GL sending user credentials to backend server for
>> authentication
>> my configs (default settings not showed, lines i changed showed)
>>
>> freeradius radiusd.conf
>> ================================================
>> .
>> . all default
>> .
>> log {
>> .
>> .
>> #at the end of log{
>> auth = yes
>> auth_badpass = yes
>> auth_goodpass = yes
>> }
>>
>> modules {
>> .
>> .
>> .
>> $INCLUDE sql.conf #already there
>> $INCLUDE sql/mysql/counter.conf #already there
>> .
>> .
>> .
>> }
>>
>> authorize{
>> preprocess
>> chap
>> mschap
>> suffix
>> eap
>> sql #if i comment out sql and use file, it works, i recive
>> Packet-Accept, with SQL see the pap warning in debug text
>> pap
>> }
>>
>> accounting{
>> detail
>> sql
>> }
>>
>> session{
>> sql
>> }
>> ==================================================
>> clients.conf
>>
>> client localhost {
>> ipaddr = 127.0.0.1
>> secret = clientradsec36365
>> require_message_authenticator = no
>> nastype = other
>>
>> }
>> ==================================================
>> sql.conf
>> sql {
>> database = "mysql"
>> driver = "rlm_sql_${database}"
>> server = "localhost"
>> login = "radius"
>> password = "frsqldblogin36365"
>> radius_db = "radius"
>> .
>> .
>> .
>> sqltrace = yes
>> sqltracefile = ${logdir}/sqltrace.sql
>> .
>> .
>> }
>>
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>
>> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
>> mysql "radius" database, radius at localhost user granted all on radius.*
>>
>> dummy data in tables:
>>
>> mysql> SELECT * FROM radcheck;
>> +----+----------+--------------------+----+-------+
>> | id | username | attribute | op | value |
>> +----+----------+--------------------+----+-------+
>> | 1 | obaid | Cleartext-Password | := | 36365 |
>> +----+----------+--------------------+----+-------+
>> 1 row in set (0.00 sec)
>>
>> mysql> SELECT * FROM radusergroup;
>> +----------+-----------+----------+
>> | username | groupname | priority |
>> +----------+-----------+----------+
>> | obaid | hotspot | 0 |
>> +----------+-----------+----------+
>> 1 row in set (0.01 sec)
>>
>> mysql> SELECT * FROM radgroupcheck;
>> +----+-----------+-----------+----+-------+
>> | id | groupname | attribute | op | value |
>> +----+-----------+-----------+----+-------+
>> | 2 | hotspot | Auth-Type | := | Local |
>> +----+-----------+-----------+----+-------+
>> 1 row in set (0.00 sec)
>>
>>
>> mysql> SELECT * FROM radreply;
>> +----+----------+---------------+----+-------+
>> | id | username | attribute | op | value |
>> +----+----------+---------------+----+-------+
>> | 1 | obaid | Reply-Message | := | Hello |
>> +----+----------+---------------+----+-------+
>> 1 row in set (0.00 sec)
>>
>> mysql> SELECT * FROM radgroupreply;
>> +----+-----------+-----------------+----+-------------+
>> | id | groupname | attribute | op | value |
>> +----+-----------+-----------------+----+-------------+
>> | 1 | hotspot | Framed-Protocol | := | PPP |
>> | 2 | hotspot | Service-Type | := | Framed-User |
>> +----+-----------+-----------------+----+-------------+
>> 2 rows in set (0.00 sec)
>>
>> @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
>>
>> now when running /usr/sbin/freeradius -X and send auth request with radtest
>> i get
>> radtest obaid 36365 localhost 1812 clientradsec36365
>>
>> Sending Access-Request of id 96 to 127.0.0.1 port 1812
>> User-Name = "obaid"
>> User-Password = "36365"
>> NAS-IP-Address = 192.168.1.100
>> NAS-Port = 1812
>> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
>> length=20
>>
>> freeradius -X:
>>
>> Listening on authentication address * port 1812
>> Listening on accounting address * port 1813
>> Listening on proxy address * port 1814
>> Ready to process requests.
>> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
>> length=57
>> User-Name = "obaid"
>> User-Password = "36365"
>> NAS-IP-Address = 192.168.1.100
>> NAS-Port = 1812
>> +- entering group authorize {...}
>> ++[preprocess] returns ok
>> ++[chap] returns noop
>> ++[mschap] returns noop
>> [suffix] No '@' in User-Name = "obaid", looking up realm NULL
>> [suffix] No such realm "NULL"
>> ++[suffix] returns noop
>> [eap] No EAP-Message, not doing EAP
>> ++[eap] returns noop
>> ++[unix] returns notfound
>> ++[files] returns noop
>> ++[expiration] returns noop
>> ++[logintime] returns noop
>> [pap] WARNING! No "known good" password found for the user. Authentication
>> may fail because of this.
>> ++[pap] returns noop
>> No authenticate method (Auth-Type) configuration found for the request:
>> Rejecting the user
>> Failed to authenticate the user.
>> Login incorrect: [obaid/36365] (from client server port 1812)
>> Using Post-Auth-Type Reject
>> +- entering group REJECT {...}
>> expand: %{User-Name} -> obaid
>> attr_filter: Matched entry DEFAULT at line 11
>> ++[attr_filter.access_reject] returns updated
>> Delaying reject of request 0 for 1 seconds
>> Going to the next request
>> Waking up in 0.9 seconds.
>> Sending delayed reject for request 0
>> Sending Access-Reject of id 96 to 127.0.0.1 port 40386
>> Waking up in 4.9 seconds.
>> Cleaning up request 0 ID 96 with timestamp +17
>> Ready to process requests.
>>
>> -=========================================================
>> have you noticed that debug output doesnt talk about sql queries ???, and
>> nothing about sql queries in log files.
>>
>> i have used ntradping to send authentication request with CHAP ticked/not
>> ticked, and i get the same rad+recv:Access-Reject.
>>
>> but with all same config (except commenting sql and uncomment file in
>> radius.conf) and radtesting it works fine.
>>
>> it is probably radius cant query mysql, but i used mtop (mysql monitoring
>> tool) and it showes that radius queried mysql
>>
>> or it might be wrong dummy data...
>> -----
>>
>> i will appreciate it very much if some one will guide me through this.
>>
>> thanks for reading.
>>
>> Obaid Ghaznawi
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
More information about the Freeradius-Users
mailing list