Freeradius-Users Digest, Vol 45, Issue 60
obaid ghaznawi
onaogh at gmail.com
Sat Jan 17 13:34:08 CET 2009
Hi all,
it is solved now, everything was OK except some configuration mistakes,
during configuration i followed freeradius.org HOWTO here:
http://wiki.freeradius.org/SQL_HOWTO and this HOWTO is for versions before 2
i guess, because it says:
Edit /etc/raddb/radiusd.conf and add a line saying 'sql' to the authorize{}
> section (which is towards the end of the file). The best place to put it is
> just after the 'files' entry. Indeed, if you'll just be using SQL, and not
> falling back to text files, you could comment out or delete the 'files'
> entry altogether.
>
i did this in radiusd.conf, so there were duplicate authrize{}, session{},
one in radiusd.conf and other one in the include file
/etc/freeradius/sql/mysql/sites-enabled/default.
just removing lines of authorize{} and session{} from radiusd.conf and
configuring properly at /etc/freeradiusd/sql/mysql/sites-enabled/default
everything works fine now.
thank you for your support Leigh Martell.
and thanks to freeradius.org team.
update http://wiki.freeradius.org/SQL_HOWTO so new users can follow.
On Fri, Jan 16, 2009 at 5:14 PM, <
freeradius-users-request at lists.freeradius.org> wrote:
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Freeradius + MySQL problem (obaid ghaznawi)
> 2. Re: Freeradius + MySQL problem (Leigh Martell)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 16 Jan 2009 16:49:11 +0300
> From: obaid ghaznawi <onaogh at gmail.com>
> Subject: Freeradius + MySQL problem
> To: freeradius-users at lists.freeradius.org
> Message-ID:
> <b8f8e85f0901160549y545cb350ucbf11e3af785a103 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> hi, first of all, i thank all people who are giving thier time to help.
>
> before i subscribe here and post my email, i am searching around in
> internet since a week
> and trying my best to solve it, i have learned many things,but there is one
> problem i cannot get it solved.
> i am trying to make hotspot for some building, i choosed:
> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
> server
> and CoovaAP on WRT54GL sending user credentials to backend server for
> authentication
> my configs (default settings not showed, lines i changed showed)
>
> freeradius radiusd.conf
> ================================================
> .
> . all default
> .
> log {
> .
> .
> #at the end of log{
> auth = yes
> auth_badpass = yes
> auth_goodpass = yes
> }
>
> modules {
> .
> .
> .
> $INCLUDE sql.conf #already there
> $INCLUDE sql/mysql/counter.conf #already there
> .
> .
> .
> }
>
> authorize{
> preprocess
> chap
> mschap
> suffix
> eap
> sql #if i comment out sql and use file, it works, i recive
> Packet-Accept, with SQL see the pap warning in debug text
> pap
> }
>
> accounting{
> detail
> sql
> }
>
> session{
> sql
> }
> ==================================================
> clients.conf
>
> client localhost {
> ipaddr = 127.0.0.1
> secret = clientradsec36365
> require_message_authenticator = no
> nastype = other
>
> }
> ==================================================
> sql.conf
> sql {
> database = "mysql"
> driver = "rlm_sql_${database}"
> server = "localhost"
> login = "radius"
> password = "frsqldblogin36365"
> radius_db = "radius"
> .
> .
> .
> sqltrace = yes
> sqltracefile = ${logdir}/sqltrace.sql
> .
> .
> }
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>
> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
> mysql "radius" database, radius at localhost user granted all on radius.*
>
> dummy data in tables:
>
> mysql> SELECT * FROM radcheck;
> +----+----------+--------------------+----+-------+
> | id | username | attribute | op | value |
> +----+----------+--------------------+----+-------+
> | 1 | obaid | Cleartext-Password | := | 36365 |
> +----+----------+--------------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radusergroup;
> +----------+-----------+----------+
> | username | groupname | priority |
> +----------+-----------+----------+
> | obaid | hotspot | 0 |
> +----------+-----------+----------+
> 1 row in set (0.01 sec)
>
> mysql> SELECT * FROM radgroupcheck;
> +----+-----------+-----------+----+-------+
> | id | groupname | attribute | op | value |
> +----+-----------+-----------+----+-------+
> | 2 | hotspot | Auth-Type | := | Local |
> +----+-----------+-----------+----+-------+
> 1 row in set (0.00 sec)
>
>
> mysql> SELECT * FROM radreply;
> +----+----------+---------------+----+-------+
> | id | username | attribute | op | value |
> +----+----------+---------------+----+-------+
> | 1 | obaid | Reply-Message | := | Hello |
> +----+----------+---------------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> SELECT * FROM radgroupreply;
> +----+-----------+-----------------+----+-------------+
> | id | groupname | attribute | op | value |
> +----+-----------+-----------------+----+-------------+
> | 1 | hotspot | Framed-Protocol | := | PPP |
> | 2 | hotspot | Service-Type | := | Framed-User |
> +----+-----------+-----------------+----+-------------+
> 2 rows in set (0.00 sec)
>
> @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
>
> now when running /usr/sbin/freeradius -X and send auth request with radtest
> i get
> radtest obaid 36365 localhost 1812 clientradsec36365
>
> Sending Access-Request of id 96 to 127.0.0.1 port 1812
> User-Name = "obaid"
> User-Password = "36365"
> NAS-IP-Address = 192.168.1.100
> NAS-Port = 1812
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
> length=20
>
> freeradius -X:
>
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
> length=57
> User-Name = "obaid"
> User-Password = "36365"
> NAS-IP-Address = 192.168.1.100
> NAS-Port = 1812
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "obaid", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user. Authentication
> may fail because of this.
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [obaid/36365] (from client server port 1812)
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> expand: %{User-Name} -> obaid
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 96 to 127.0.0.1 port 40386
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 96 with timestamp +17
> Ready to process requests.
>
> -=========================================================
> have you noticed that debug output doesnt talk about sql queries ???, and
> nothing about sql queries in log files.
>
> i have used ntradping to send authentication request with CHAP ticked/not
> ticked, and i get the same rad+recv:Access-Reject.
>
> but with all same config (except commenting sql and uncomment file in
> radius.conf) and radtesting it works fine.
>
> it is probably radius cant query mysql, but i used mtop (mysql monitoring
> tool) and it showes that radius queried mysql
>
> or it might be wrong dummy data...
> -----
>
> i will appreciate it very much if some one will guide me through this.
>
> thanks for reading.
>
> Obaid Ghaznawi
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/ea93dfa4/attachment.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 16 Jan 2009 09:13:56 -0500
> From: Leigh Martell <leigh.martell at gmail.com>
> Subject: Re: Freeradius + MySQL problem
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID:
> <ab1a43830901160613i7919e76fp1cca31846bd6295c at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Post the entire debug from start to finish and as well as some tests. The
> first whack of debug tells you how freeradius is parsing your config.
>
> Once you have that done we should be able to figure where the issue lie.
>
> Take Care,
> Leigh
>
> On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi <onaogh at gmail.com> wrote:
>
> > hi, first of all, i thank all people who are giving thier time to help.
> >
> > before i subscribe here and post my email, i am searching around in
> > internet since a week
> > and trying my best to solve it, i have learned many things,but there is
> one
> > problem i cannot get it solved.
> > i am trying to make hotspot for some building, i choosed:
> > Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as
> backend
> > server
> > and CoovaAP on WRT54GL sending user credentials to backend server for
> > authentication
> > my configs (default settings not showed, lines i changed showed)
> >
> > freeradius radiusd.conf
> > ================================================
> > .
> > . all default
> > .
> > log {
> > .
> > .
> > #at the end of log{
> > auth = yes
> > auth_badpass = yes
> > auth_goodpass = yes
> > }
> >
> > modules {
> > .
> > .
> > .
> > $INCLUDE sql.conf #already there
> > $INCLUDE sql/mysql/counter.conf #already there
> > .
> > .
> > .
> > }
> >
> > authorize{
> > preprocess
> > chap
> > mschap
> > suffix
> > eap
> > sql #if i comment out sql and use file, it works, i recive
> > Packet-Accept, with SQL see the pap warning in debug text
> > pap
> > }
> >
> > accounting{
> > detail
> > sql
> > }
> >
> > session{
> > sql
> > }
> > ==================================================
> > clients.conf
> >
> > client localhost {
> > ipaddr = 127.0.0.1
> > secret = clientradsec36365
> > require_message_authenticator = no
> > nastype = other
> >
> > }
> > ==================================================
> > sql.conf
> > sql {
> > database = "mysql"
> > driver = "rlm_sql_${database}"
> > server = "localhost"
> > login = "radius"
> > password = "frsqldblogin36365"
> > radius_db = "radius"
> > .
> > .
> > .
> > sqltrace = yes
> > sqltracefile = ${logdir}/sqltrace.sql
> > .
> > .
> > }
> >
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> >
> > /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
> > mysql "radius" database, radius at localhost user granted all on radius.*
> >
> > dummy data in tables:
> >
> > mysql> SELECT * FROM radcheck;
> > +----+----------+--------------------+----+-------+
> > | id | username | attribute | op | value |
> > +----+----------+--------------------+----+-------+
> > | 1 | obaid | Cleartext-Password | := | 36365 |
> > +----+----------+--------------------+----+-------+
> > 1 row in set (0.00 sec)
> >
> > mysql> SELECT * FROM radusergroup;
> > +----------+-----------+----------+
> > | username | groupname | priority |
> > +----------+-----------+----------+
> > | obaid | hotspot | 0 |
> > +----------+-----------+----------+
> > 1 row in set (0.01 sec)
> >
> > mysql> SELECT * FROM radgroupcheck;
> > +----+-----------+-----------+----+-------+
> > | id | groupname | attribute | op | value |
> > +----+-----------+-----------+----+-------+
> > | 2 | hotspot | Auth-Type | := | Local |
> > +----+-----------+-----------+----+-------+
> > 1 row in set (0.00 sec)
> >
> >
> > mysql> SELECT * FROM radreply;
> > +----+----------+---------------+----+-------+
> > | id | username | attribute | op | value |
> > +----+----------+---------------+----+-------+
> > | 1 | obaid | Reply-Message | := | Hello |
> > +----+----------+---------------+----+-------+
> > 1 row in set (0.00 sec)
> >
> > mysql> SELECT * FROM radgroupreply;
> > +----+-----------+-----------------+----+-------------+
> > | id | groupname | attribute | op | value |
> > +----+-----------+-----------------+----+-------------+
> > | 1 | hotspot | Framed-Protocol | := | PPP |
> > | 2 | hotspot | Service-Type | := | Framed-User |
> > +----+-----------+-----------------+----+-------------+
> > 2 rows in set (0.00 sec)
> >
> > @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$
> >
> > now when running /usr/sbin/freeradius -X and send auth request with
> radtest
> > i get
> > radtest obaid 36365 localhost 1812 clientradsec36365
> >
> > Sending Access-Request of id 96 to 127.0.0.1 port 1812
> > User-Name = "obaid"
> > User-Password = "36365"
> > NAS-IP-Address = 192.168.1.100
> > NAS-Port = 1812
> > rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
> > length=20
> >
> > freeradius -X:
> >
> > Listening on authentication address * port 1812
> > Listening on accounting address * port 1813
> > Listening on proxy address * port 1814
> > Ready to process requests.
> > rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
> > length=57
> > User-Name = "obaid"
> > User-Password = "36365"
> > NAS-IP-Address = 192.168.1.100
> > NAS-Port = 1812
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > ++[chap] returns noop
> > ++[mschap] returns noop
> > [suffix] No '@' in User-Name = "obaid", looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix] returns noop
> > [eap] No EAP-Message, not doing EAP
> > ++[eap] returns noop
> > ++[unix] returns notfound
> > ++[files] returns noop
> > ++[expiration] returns noop
> > ++[logintime] returns noop
> > [pap] WARNING! No "known good" password found for the user.
> Authentication
> > may fail because of this.
> > ++[pap] returns noop
> > No authenticate method (Auth-Type) configuration found for the request:
> > Rejecting the user
> > Failed to authenticate the user.
> > Login incorrect: [obaid/36365] (from client server port 1812)
> > Using Post-Auth-Type Reject
> > +- entering group REJECT {...}
> > expand: %{User-Name} -> obaid
> > attr_filter: Matched entry DEFAULT at line 11
> > ++[attr_filter.access_reject] returns updated
> > Delaying reject of request 0 for 1 seconds
> > Going to the next request
> > Waking up in 0.9 seconds.
> > Sending delayed reject for request 0
> > Sending Access-Reject of id 96 to 127.0.0.1 port 40386
> > Waking up in 4.9 seconds.
> > Cleaning up request 0 ID 96 with timestamp +17
> > Ready to process requests.
> >
> > -=========================================================
> > have you noticed that debug output doesnt talk about sql queries ???, and
> > nothing about sql queries in log files.
> >
> > i have used ntradping to send authentication request with CHAP ticked/not
> > ticked, and i get the same rad+recv:Access-Reject.
> >
> > but with all same config (except commenting sql and uncomment file in
> > radius.conf) and radtesting it works fine.
> >
> > it is probably radius cant query mysql, but i used mtop (mysql monitoring
> > tool) and it showes that radius queried mysql
> >
> > or it might be wrong dummy data...
> > -----
> >
> > i will appreciate it very much if some one will guide me through this.
> >
> > thanks for reading.
> >
> > Obaid Ghaznawi
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/2c9cfa4e/attachment.html
> >
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 45, Issue 60
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090117/4a2b60e9/attachment.html>
More information about the Freeradius-Users
mailing list