Freeradius+mysql+chillispot
jorge88
j.fresneda at ibersontel.com
Tue Jul 13 17:49:07 CEST 2010
Good morning,
I have a serious problem, see if you can help. It just can not authenticate
any user. The throwing error is:
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request does NOT match "known good" password.
Failed to authenticate the user.
WARNING: unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
Working with a database mysql + freeradius + chillispot.
I show the output of freeradius-X
Module: Linked to rlm_files module
Module: instantiating files
(files
usersfile = "/ etc / freeradius / users"
acctusersfile = "/ etc / freeradius / acct_users"
preproxy_usersfile = "/ etc / freeradius / preproxy_users"
compat = "no"
)
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: instantiating radutmp
(radutmp
filename = "/ var / log / freeradius / radutmp"
username = "% (User-Name)"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
)
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: instantiating attr_filter.access_reject
(attr_filter.access_reject attr_filter
attrsfile = "/ etc / freeradius / attrs.access_reject"
key = "% (User-Name)"
)
) # Modules
# Server)
server (
(modules
Module: Checking authenticate {...} for more modules to load
Module: Checking Authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: instantiating Preprocess
(Preprocess
huntgroups = "/ etc / freeradius / huntgroups"
hints = "/ etc / freeradius / hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
)
Module: Linked to module rlm_sql
Module: sql instantiating
(sql
driver = "rlm_sql_mysql"
server = "localhost"
port = ""
login = "radius"
password = "radpass"
radius_db = "radius"
read_groups = yes
sqltrace = no
sqltracefile = "/ var / log / freeradius / sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "% (User-Name)"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '% (SQL-User-Name)' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op
FROM radreply WHERE username = '% (SQL-User-Name)' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname = '% (Sql-Group)' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname = '% (Sql-Group)' ORDER BY id"
accounting_onoff_query = "UPDATE SET radacct acctstoptime = '% S',
acctsessiontime = UNIX_TIMESTAMP ('% S') - UNIX_TIMESTAMP (acctstarttime)
acctterminatecause = '% (Acct-Terminate-Cause)', acctstopdelay =% (%
(Acct-Delay -Time): -0) WHERE IS NULL AND acctstoptime nasipaddress = '%
(NAS-IP-Address)' AND acctstarttime <= '% S' "
accounting_update_query = "UPDATE SET radacct framedipaddress = '%
(Framed-IP-Address)', acctsessiontime = '% (Acct-Session-Time)',
acctinputoctets ='%{%{ Acct-Input-Gigawords): -0) ' <<32 |'%{%{
Acct-Input-Octets): -0) ', acctoutputoctets ='%{%{ Acct-Output-Gigawords):
-0)' <<32 | Acct-'%{%{ Output-Octets): -0) 'WHERE acctsessionid ='%
(Acct-Session-Id) 'AND username = "% (SQL-User-Name)' AND nasipaddress = '%
(NAS-IP-address)'"
accounting_update_query_alt = "INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctsessiontime, acctauthentic, connectinfo_start,
acctinputoctets, acctoutputoctets, calledstationid, callingstationid,
ServiceType, framedprotocol, framedipaddress, acctstartdelay,
xascendsessionsvrkey) VALUES (' % (Acct-Session-Id) ','%
(Acct-Unique-Session-Id) ','% (SQL-User-Name) ','% (Realm) ','%
(NAS-IP-Address) ','% (NAS-Port) ','% (NAS-Port-Type) ', DATE_SUB ('% S ',
INTERVAL (%{%{ Acct-Session-Time): -0) +% (% ( Acct-Delay-Time): -0))
SECOND), '% (Acct-Session-Time)', '% (Acct-Authentic)','','%{%{
Acct-Input-Gigawords): - 0) '<<32 |'%{%{ Acct-Input-Octets): -0)',
Acct-Output-'%{%{ Gigawords): -0) '<<32 |'%{%{ Acct -Output-Octets): -0)
','% (Called-Station-Id) ','% (Calling-Station-Id) ','% (Service-Type) ','%
(Framed-Protocol) ' , '% (Framed-IP-Address)', '0 ','%
(X-Ascend-Session-Svr-Key) ') "
accounting_start_query = "INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause, ServiceType,
framedprotocol, framedipaddress, acctstartdelay , acctstopdelay,
xascendsessionsvrkey) VALUES ('% (Acct-Session-Id)', '%
(Acct-Unique-Session-Id)', '% (SQL-User-Name)', '% (Realm)', ' % (the
NAS-IP-Address) ', the NAS-Port% ()', (% Nas-Port-Type) ', "% S', NULL, '0
'for'% (Acct-Authentic) ', '% (Connect-Info) ",'', '0', '0 ','%
(Called-Station-Id) ','% (Calling" Station-Id) ','','% (Service- Type) ','%
(Framed-Protocol) ','% (Framed-IP-Address) ','%{%{ Acct-Delay-Time): -0)',
'0 ','% (X- Ascend-Session-Svr-Key) ') "
accounting_start_query_alt = "UPDATE SET radacct acctstarttime = '%
S', acctstartdelay ='%{%{ Acct-Delay-Time): -0) ', connectinfo_start ='%
(Connect-Info) 'WHERE acctsessionid ='% (Acct- Session-Id) 'AND username ='%
(SQL-User-Name) 'AND nasipaddress ='% (NAS-IP-Address) '"
accounting_stop_query = "UPDATE SET radacct acctstoptime = '% S',
acctsessiontime = '% (Acct-Session-Time)', acctinputoctets ='%{%{
Acct-Input-Gigawords): -0) '<<32 |'% (% (Acct-Input-Octets): -0) ',
acctoutputoctets ='%{%{ Acct-Output-Gigawords): -0)' <<32 |'%{%{
Acct-Output-Octets): - 0) ', acctterminatecause ='% (Acct-Terminate-Cause)
', acctstopdelay ='%{%{ Acct-Delay-Time): -0)', connectinfo_stop = '%
(Connect-Info)' WHERE acctsessionid = ' % (Acct-Session-Id) 'AND username
='% (SQL-User-Name) 'AND nasipaddress ='% (NAS-IP-Address) '"
accounting_stop_query_alt = "INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause, ServiceType,
framedprotocol, framedipaddress, acctstartdelay , acctstopdelay) VALUES ('%
(Acct-Session-Id)', '% (Acct-Unique-Session-Id)', '% (SQL-User-Name)', '%
(Realm)', '% ( NAS-IP-Address) ','% (NAS-Port) ','% (NAS-Port-Type) ',
DATE_SUB ('% S ', INTERVAL (%{%{ Acct-Session-Time): -0 (%) +%
(Acct-Delay-Time): -0)) SECOND), '% S', '% (Acct-Session-Time)', '%
(Acct-Authentic)','', '% (Connect-Info) ','%{%{ Acct-Input-Gigawords): -0)'
<<32 |'%{%{ Acct-Input-Octets): -0) ', Acct'%{%{ -Output-Gigawords): -0)
'<<32 |'%{%{ Acct-Output-Octets): -0)', '% (Called-Station-Id)', '%
(Calling-Station-Id ) ','% (Acct-Terminate-Cause) ','% (Service-Type) ','%
(Framed-Protocol) ','% (Framed-IP-Address) ', '0', '% ( % (Acct-Delay-Time):
-0) ') "
group_membership_query = "SELECT groupname FROM radusergroup WHERE
username = '% (SQL-User-Name)' ORDER BY priority"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol
radacct FROM WHERE username = '% (SQL-User-Name)' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ('% (User-Name)', User-Password'%{%{ }:-%{ Chap-Password))
','% (reply :) Packet-Type ','% S ') "
safe-characters = "@
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
)
rlm_sql (sql): Driver rlm_sql_mysql (rlm_sql_mysql module) loaded and linked
rlm_sql (sql): Attempting to connect to radius @ localhost: / radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql # 0
rlm_sql_mysql: Starting connect to MySQL server for # 0
rlm_sql (sql): Connected new DB handle, # 0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql # 1
rlm_sql_mysql: Starting connect to MySQL server for # 1
rlm_sql (sql): Connected new DB handle, # 1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql # 2
rlm_sql_mysql: Starting connect to MySQL server for # 2
rlm_sql (sql): Connected new DB handle, # 2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql # 3
rlm_sql_mysql: Starting connect to MySQL server for # 3
rlm_sql (sql): Connected new DB handle, # 3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql # 4
rlm_sql_mysql: Starting connect to MySQL server for # 4
rlm_sql (sql): Connected new DB handle, # 4
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: instantiating acct_unique
(acct_unique
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
)
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: instantiating detail
(detail
detailfile = "/ var / log / freeradius / radacct /%
(Client-IP-Address) / detail-% Y% m% d"
header = "% t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
)
Module: instantiating attr_filter.accounting_response
(attr_filter.accounting_response attr_filter
attrsfile = "/ etc / freeradius / attrs.accounting_response"
key = "% (User-Name)"
)
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules file to load
Module: Checking post-auth {...} for more modules to load
) # Modules
# Server)
radiusd: # # # # Opening IP addresses and Ports # # # #
list (
type = "auth"
ipaddr = *
port = 0
)
listen (
type = "acct"
ipaddr = *
port = 0
)
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 81.39.156.140 port 56 066, id = 0,
length = 193
User-Name = "george"
User-Password = "L] \ 357DK \ 027 \ 304 \ 033 \ 376Hx. \ 342Ö \ 336"
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 172.30.0.2
Calling-Station-Id = "00-26-B6-21-00-B6"
Called-Station-Id = "00-15-6D-EA-2A-64"
NAS-Identifier = "nas01"
Acct-Session-Id = "4a22752700000000"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Message-Authenticator = 0xcb69aaaeb72f21b84a10ffcda684fc8d
WISPr-Logoff-URL = "http://172.30.0.1:3990/logoff"
+ - Authorize Entering group {...}
+ + [Preprocess] returns ok
+ + [Chap] returns noop
+ + [MSCHAP] returns noop
[Suffix] No '@' in User-Name = "george", looking up realm NULL
[Suffix] No such realm "NULL"
+ + [Suffix] returns noop
[Eap] No EAP-Message, Not doing EAP
+ + [Eap] returns noop
+ + [Unix] returns notfound
[Sql] expand:% (User-Name) -> jorge
[Sql] sql_set_user escaped user -> 'jorge'
rlm_sql (sql): Reserving sql socket id: 4
[Sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
username = '% (SQL-User-Name)' ORDER BY id -> SELECT id, username,
attribute, value, op FROM WHERE username = radcheck 'jorge' ORDER BY id
[Sql] User radcheck found in table
[Sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE
username = '% (SQL-User-Name)' ORDER BY id -> SELECT id, username,
attribute, value, op FROM WHERE username = radreply 'jorge' ORDER BY id
[Sql] expand: SELECT groupname FROM radusergroup WHERE username = '%
(SQL-User-Name)' ORDER BY priority -> SELECT groupname FROM radusergroup
WHERE username = 'jorge' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
+ + [Sql] returns ok
+ + [Expiration] returns noop
+ + [Logintime] returns noop
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request does NOT match "known good" password.
Failed to authenticate the user.
WARNING: unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
Using Post-Auth-Type Reject
+ - Entering group REJECT {...}
[Attr_filter.access_reject] expand:% (User-Name) -> jorge
attr_filter: Matched entry DEFAULT at line 11
+ + [Attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 81.39.156.140 port 56 066
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +10
Ready to process requests.
When I try to authenticate displays the following output:
rad_recv: Access-Request packet from host 81.39.156.140 port 56 607, id = 0,
length = 193
User-Name = "steve"
User-Password = "\ 227 \ 260 \ 342 \ 242R $, \ 274 \ 204 \ 270 \ 265
\ 035 <\ 217X \ 313"
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 172.30.0.2
Calling-Station-Id = "00-26-B6-21-00-B6"
Called-Station-Id = "00-15-6D-EA-2A-64"
NAS-Identifier = "nas01"
Acct-Session-Id = "4a22752700000000"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Message-Authenticator = 0x5024856015aed1488bc5a5ab81f96a7e
WISPr-Logoff-URL = "http://172.30.0.1:3990/logoff"
+ - Authorize Entering group {...}
& + [Preprocess] returns ok
+ + [Chap] returns noop
& + [MSCHAP] returns noop
[Suffix] No '@' in User-Name = "steve", looking up realm NULL
[Suffix] No such realm "NULL"
+ + [Suffix] returns noop
[Eap] No EAP-Message, Not doing EAP
+ + [Eap] returns noop
+ + [Unix] returns notfound
[Sql] expand:% (User-Name) -> steve
[Sql] sql_set_user escaped user -> 'steve'
rlm_sql (sql): Reserving sql socket id: 3
[Sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
username = '% (SQL-User-Name)' ORDER BY id -> SELECT id, username,
attribute, value, op FROM WHERE username = radcheck 'steve' ORDER BY id
[Sql] expand: SELECT groupname FROM radusergroup WHERE username = '%
(SQL-User-Name)' ORDER BY priority -> SELECT groupname FROM radusergroup
WHERE username = 'steve' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[Sql] User not found steve
+ + [Sql] returns notfound
+ + [Expiration] returns noop
+ + [Logintime] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
WARNING: unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
Using Post-Auth-Type Reject
+ - Entering group REJECT {...}
[Attr_filter.access_reject] expand:% (User-Name) - steve
attr_filter: Matched entry DEFAULT at line 11
& & [Attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 0 to 81.39.156.140 port 56 607
Waking up in 4.9 seconds.
Cleaning up request 1 ID 0 with timestamp +515
Ready to process requests.
Thank you very much ;)
--
View this message in context: http://old.nabble.com/Freeradius%2Bmysql%2Bchillispot-tp29149021p29149021.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list