Login Mysql

Marcelo Corradini compras at corradini.com.br
Tue Feb 1 19:46:41 CET 2011


?Freeradius version 2.1.1
Ubuntu Server 10.04 LTS - 32bits
Mysql 5.0

Dear friends, 
I'm struggling, I hope you can help me. 
The problem is the following:
I did the installation Freeradius normally created an account and login. 
When I changed the authentication system for Mysql, unsuccessfully. 
Below is the debug.
Thanks.

Marcelo Corradini


root at cpro1292:/etc/freeradius/modules# freeradius -X
FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan  5 2010 at 02:49:11
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
main {
        user = "freerad"
        group = "freerad"
        allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
        prefix = "/usr"
        localstatedir = "/var"
        logdir = "/var/log/freeradius"
        libdir = "/usr/lib/freeradius"
        radacctdir = "/var/log/freeradius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        pidfile = "/var/run/freeradius/freeradius.pid"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
log {
        stripped_names = no
        auth = no
        auth_badpass = no
        auth_goodpass = no
}
security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "testing123"
        nastype = "other"
}
client 189.112.176.20 {
        require_message_authenticator = no
        secret = "manaus"
        shortname = "Mikrotik"
}
client 189.112.176.9 {
        require_message_authenticator = no
        secret = "manaus"
        shortname = "marcelo"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
  exec {
        wait = no
        input_pairs = "request"
        shell_escape = yes
  }
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
Module: Linked to module rlm_logintime
Module: Instantiating logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
  }
Module: Linked to module rlm_unix
Module: Instantiating unix
  unix {
        radwtmp = "/var/log/freeradius/radwtmp"
  }
Module: Linked to module rlm_eap
Module: Instantiating eap
  eap {
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = 4096
  }
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        pem_file_type = yes
        private_key_file = "/etc/freeradius/certs/server.key"
        certificate_file = "/etc/freeradius/certs/server.pem"
        CA_file = "/etc/freeradius/certs/ca.pem"
        private_key_password = "whatever"
        dh_file = "/etc/freeradius/certs/dh"
        random_file = "/etc/freeradius/certs/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
        make_cert_command = "/etc/freeradius/certs/bootstrap"
    cache {
        enable = no
        lifetime = 24
        max_entries = 255
    }
   }
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
   ttls {
        default_eap_type = "md5"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        virtual_server = "inner-tunnel"
        include_length = yes
   }
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
   peap {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        proxy_tunneled_request_as_eap = yes
        virtual_server = "inner-tunnel"
   }
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
   }
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
Module: Linked to module rlm_files
Module: Instantiating files
  files {
        usersfile = "/etc/freeradius/users"
        acctusersfile = "/etc/freeradius/acct_users"
        preproxy_usersfile = "/etc/freeradius/preproxy_users"
        compat = "no"
  }
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
  radutmp {
        filename = "/var/log/freeradius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
        attrsfile = "/etc/freeradius/attrs.access_reject"
        key = "%{User-Name}"
  }
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
  preprocess {
        huntgroups = "/etc/freeradius/huntgroups"
        hints = "/etc/freeradius/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
Module: Linked to module rlm_sql
Module: Instantiating sql
  sql {
        driver = "rlm_sql_mysql"
        server = "localhost"
        port = ""
        login = "root"
        password = "manaus"
        radius_db = "radius"
        read_groups = yes
        sqltrace = no
        sqltracefile = "/var/log/freeradius/sqltrace.sql"
        readclients = no
        deletestalesessions = yes
        num_sql_socks = 5
        lifetime = 0
        max_queries = 0
        sql_user_name = ""
        default_user_profile = ""
        nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"
        authorize_check_query = ""
        authorize_group_check_query = ""
        authorize_group_reply_query = ""
        accounting_onoff_query = ""
        accounting_update_query = ""
        accounting_update_query_alt = ""
        accounting_start_query = ""
        accounting_start_query_alt = ""
        accounting_stop_query = ""
        accounting_stop_query_alt = ""
        connect_failure_retry_delay = 60
        simul_count_query = "yes"
        simul_verify_query = "yes"
        postauth_query = ""
        safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root at localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
  detail {
        detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/etc/freeradius/attrs.accounting_response"
        key = "%{User-Name}"
  }
Module: Checking session {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.


rad_recv: Access-Request packet from host 189.112.176.9 port 58959, id=9, length=48
        User-Name = "marcelo"
        CHAP-Password = 0x457cad006eb77fd7fbc45367dc81c8e033
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "marcelo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
rlm_sql (sql): Reserving sql socket id: 4
[sql]   expand:  -> 
[sql] Error generating query; rejecting user
rlm_sql (sql): Released sql socket id: 4
++[sql] returns fail
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]   expand: %{User-Name} -> marcelo
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 9 to 189.112.176.9 port 58959
Waking up in 4.9 seconds.
Cleaning up request 0 ID 9 with timestamp +72
Ready to process requests.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110201/7128405f/attachment.html>


More information about the Freeradius-Users mailing list