wrt54g+freeradius+mysql

Gustavo Marcello pruebas at agro.uba.ar
Tue Jul 28 16:13:44 CEST 2009 

Thank you very much!
With the information that you sent me I could run freeraius + mysql

when I do a radtest, it's working....



radtest pepe caca localhost 1 testing123
Sending Access-Request of id 109 to 127.0.0.1 port 1812
        User-Name = "pepe"
        User-Password = "caca"
        NAS-IP-Address = 10.1.1.100
        NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=109, 
length=20



but I can't make it work with my wrt54g......

when I conect to the router from windows (in my pc, vista) and I put 
user+password (the same used in my previous example), it doesn't 
work..........I try with freeradius -X and a recive the message:

rlm_pap: No clear-text password in the request.  Not performing PAP.
++[pap] returns noop
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [pepe/<no User-Password attribute>] (from client 
routers-agro port 34 cli 001de0249d5b)




this is the full log:



rad_recv: Access-Request packet from host 10.1.100.4 port 2048, id=0, 
length=121
        User-Name = "pepe"
        NAS-IP-Address = 10.1.100.4
        Called-Station-Id = "002369490b7b"
        Calling-Station-Id = "001de0249d5b"
        NAS-Identifier = "002369490b7b"
        NAS-Port = 34
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020000090170657065
        Message-Authenticator = 0xdaad8c80c54890f2750c2bd74e82e164
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "pepe", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound
        expand: %{User-Name} -> pepe
rlm_sql (sql): sql_set_user escaped user --> 'pepe'
rlm_sql (sql): Reserving sql socket id: 4
        expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-

Name}'           ORDER BY id -> SELECT id, username, attribute, value, 
op           FROM radcheck           WHERE username =

'pepe'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radcheck           WHERE username = 'pepe'  

        ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = '%{SQL-User-

Name}'           ORDER BY id -> SELECT id, username, attribute, value, 
op           FROM radreply           WHERE username =

'pepe'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radreply           WHERE username = 'pepe'  

        ORDER BY id
        expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY

priority -> SELECT groupname           FROM usergroup           WHERE 
username = 'pepe'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM 
usergroup           WHERE username = 'pepe'           ORDER BY

priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: No clear-text password in the request.  Not performing PAP.
++[pap] returns noop
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [pepe/<no User-Password attribute>] (from client 
routers-agro port 34 cli 001de0249d5b)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> pepe
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.6 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 10.1.100.4 port 2048
Waking up in 4.9 seconds.





in my eap.conf I set:
default_eap_type = md5


and in my musql database, in radcheck table, I got the user:
id    UserName    Attribute    op    Value
1    pepe    Cleartext-Password    :=    caca


in my wrt54g I use WPA Enterprise with AES



You know that I'm doing wrong?

Thanks a lot !!!!



Ivan Kalik escribió:
>> I need to deploy a wireless network with WRT54G routers. I need to check
>> users and passwords against a freeradius server, and the latter with a
>> mysql database.
>>
>> My idea is then to implement an LDAP, but I decided to try to start mysql.
>>
>> I am a newbie in this topic.
>> Let me know if you can recommend any tutorial.
>>     
>
> http://wiki.freeradius.org/SQL_HOWTO
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list