using (finding) mysql

Rakotomandimby Mihamina mihamina at gulfsat.mg
Thu Jul 23 10:05:47 CEST 2009


Hi,
I would like my freeradius to use PG SQL
(no UNIX /etc/passwd nor users flat file)


in /etc/freeradius/sites-enabled/default
[...]
	#  Pull crypt'd passwords from /etc/passwd or /etc/shadow,
	#  using the system API's to get the password.  If you want
	#  to read /etc/passwd or /etc/shadow directly, see the
	#  passwd module in radiusd.conf.
	#
# 	unix
	#  Read the 'users' file
	files
	#  Look in an SQL database.  The schema of the database
	#  is meant to mirror the "users" file.
	#
	#  See "Authorization Queries" in sql.conf
	sql
	#  If you are using /etc/smbpasswd, and are also doing
	#  mschap authentication, the un-comment this line, and
	#  configure the 'etc_smbpasswd' module, above.
#	etc_smbpasswd
[...]

The file containing the 'sql' module: /etc/freeradius/sql.conf

When I launch "freeradius -X" I got about finding the 'sql' module...:

radius20:/etc/freeradius# freeradius -X
FreeRADIUS Version 2.0.4, for host x86_64-pc-linux-gnu, built on Sep  7 2008 at 17:42:33
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql/postgresql/counter.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including dictionary file /etc/freeradius/dictionary
main {
	prefix = "/usr"
	localstatedir = "/var"
	logdir = "/var/log/freeradius"
	libdir = "/usr/lib/freeradius"
	radacctdir = "/var/log/freeradius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	allow_core_dumps = no
	pidfile = "/var/run/freeradius/freeradius.pid"
	user = "freerad"
	group = "freerad"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
  security {
	max_attributes = 200
	reject_delay = 4
	status_server = yes
  }
}
  client localhost {
	ipaddr = 127.0.0.1
	require_message_authenticator = no
	secret = "testing123"
	nastype = "other"
  }
  client 41.204.0.0/16 {
	require_message_authenticator = no
	secret = "testing123"
	shortname = "quarante_un_deux_cent_quatre"
	nastype = "livingston"
	login = "!root"
	password = "someadminpas"
  }
radiusd: #### Loading Realms and Home Servers ####
  proxy server {
	retry_delay = 5
	retry_count = 3
	default_fallback = no
	dead_time = 120
	wake_all_if_all_dead = no
  }
  home_server localhost {
	ipaddr = 127.0.0.1
	port = 1812
	type = "auth"
	secret = "testing123"
	response_window = 20
	max_outstanding = 65536
	zombie_period = 40
	status_check = "status-server"
	ping_check = "none"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
  }
  home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
  }
  realm example.com {
	auth_pool = my_auth_failover
  }
  realm LOCAL {
  }
radiusd: #### Instantiating modules ####
  instantiate {
  Module: Linked to module rlm_exec
  Module: Instantiating exec
   exec {
	wait = yes
	input_pairs = "request"
	shell_escape = yes
   }
  Module: Linked to module rlm_expr
  Module: Instantiating expr
  Module: Linked to module rlm_expiration
  Module: Instantiating expiration
   expiration {
	reply-message = "Password Has Expired  "
   }
  Module: Linked to module rlm_logintime
  Module: Instantiating logintime
   logintime {
	reply-message = "You are calling outside your allowed timespan  "
	minimum-timeout = 60
   }
  }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
  modules {
  Module: Checking authenticate {...} for more modules to load
  Module: Linked to module rlm_pap
  Module: Instantiating pap
   pap {
	encryption_scheme = "auto"
	auto_header = yes
   }
  Module: Linked to module rlm_chap
  Module: Instantiating chap
  Module: Linked to module rlm_mschap
  Module: Instantiating mschap
   mschap {
	use_mppe = yes
	require_encryption = no
	require_strong = no
	with_ntdomain_hack = no
   }
  Module: Linked to module rlm_unix
  Module: Instantiating unix
   unix {
	radwtmp = "/var/log/freeradius/radwtmp"
   }
  Module: Linked to module rlm_eap
  Module: Instantiating eap
   eap {
	default_eap_type = "md5"
	timer_expire = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
   }
  Module: Linked to sub-module rlm_eap_md5
  Module: Instantiating eap-md5
  Module: Linked to sub-module rlm_eap_leap
  Module: Instantiating eap-leap
  Module: Linked to sub-module rlm_eap_gtc
  Module: Instantiating eap-gtc
    gtc {
	challenge = "Password: "
	auth_type = "PAP"
    }
rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
  Module: Linked to sub-module rlm_eap_mschapv2
  Module: Instantiating eap-mschapv2
    mschapv2 {
	with_ntdomain_hack = no
    }
  Module: Checking authorize {...} for more modules to load
  Module: Linked to module rlm_realm
  Module: Instantiating suffix
   realm suffix {
	format = "suffix"
	delimiter = "@"
	ignore_default = no
	ignore_null = no
   }
  Module: Linked to module rlm_files
  Module: Instantiating files
   files {
	usersfile = "/etc/freeradius/users"
	acctusersfile = "/etc/freeradius/acct_users"
	preproxy_usersfile = "/etc/freeradius/preproxy_users"
	compat = "no"
   }
  Module: Checking session {...} for more modules to load
  Module: Linked to module rlm_radutmp
  Module: Instantiating radutmp
   radutmp {
	filename = "/var/log/freeradius/radutmp"
	username = "%{User-Name}"
	case_sensitive = yes
	check_with_nas = yes
	perm = 384
	callerid = yes
   }
  Module: Checking post-proxy {...} for more modules to load
  Module: Checking post-auth {...} for more modules to load
  Module: Linked to module rlm_attr_filter
  Module: Instantiating attr_filter.access_reject
   attr_filter attr_filter.access_reject {
	attrsfile = "/etc/freeradius/attrs.access_reject"
	key = "%{User-Name}"
   }
  }
}
server {
  modules {
  Module: Checking authenticate {...} for more modules to load
  Module: Checking authorize {...} for more modules to load
  Module: Linked to module rlm_preprocess
  Module: Instantiating preprocess
   preprocess {
	huntgroups = "/etc/freeradius/huntgroups"
	hints = "/etc/freeradius/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
   }
/etc/freeradius/sites-enabled/default[153]: Failed to find module "sql".
/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
  }
}
Errors initializing modules



-- 
                             Architecte Informatique:
    Administration Systeme, Recherche & Developpement
                                   + 261 32 11 401 65
Pensez a l'environnement avant d'imprimer ce message



More information about the Freeradius-Users mailing list