radiusd -X SQL suggests "not found" however user attributes are in the radcheck table?
Kaya Saman
kayasaman at gmail.com
Tue Jul 31 18:31:19 CEST 2012
Hi,
I have configured FR to connect to a backend MySQL DB which
authenticates the NAS fine....
I removed the /etc/raddb/clients.conf file from the relevant places
within the FR configuration.
The setup I am trying to get working will use the DaloRADIUS web-ui
frontend to setup users for MAB. Currently I have DaloRADIUS installed
and setup to what I believe is properly as I can connect to the MySQL
DB and create users in DR which appear in the MySQL DB. Additionally I
have configured the NAS within DR which also works fine as radiusd -X
doesn't suggest any type of NAS authentication error.
My issue is that I am getting a "user not found" error with regards to
the SQL DB backend.
I have followed ever step of this guide:
http://wiki.freeradius.org/SQL-HOWTO
and configured appropriately to the instructions.
This is the output of the MySQL radcheck table:
mysql> select * from radcheck;
+----+--------------+-------------------------+----+----------+
| id | username | attribute | op | value |
+----+--------------+-------------------------+----+----------+
| 1 | 0015c5537baa | Auth-Type | := | Accept |
| 2 | 0015c5537baa | Tunnel-Type | = | VLAN |
| 3 | 0015c5537baa | Tunnel-Medium-Type | = | IEEE-802 |
| 4 | 0015c5537baa | Tunnel-Private-Group-Id | = | 20 |
| 5 | 0015c5537baa | Tunnel-Preference | = | 0x000000 |
+----+--------------+-------------------------+----+----------+
5 rows in set (0.00 sec)
The only difference between this and the wiki guide I can see is that
examples on the wiki use capital lettering for the table headers....
(this might be my issue)??
Wiki example output:
mysql> select * from radcheck;
+----+----------------+--------------------+------------------+------+
| id | UserName | Attribute | Value | Op |
+----+----------------+--------------------+------------------+------+
Using radiusd -X I am getting this response:
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=120, length=159
User-Name = "0015c5537baa"
User-Password = "0015c5537baa"
Service-Type = Call-Check
Framed-MTU = 1500
Called-Station-Id = "00-1B-8F-60-AB-8D"
Calling-Station-Id = "00-15-C5-53-7B-AA"
Message-Authenticator = 0x367e5a0d693f65b22391b00913162cc7
NAS-Port-Type = Ethernet
NAS-Port = 50013
NAS-Port-Id = "GigabitEthernet0/13"
NAS-IP-Address = 10.0.0.1
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
[sql] expand: %{User-Name} -> 0015c5537baa
[sql] sql_set_user escaped user --> '0015c5537baa'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '0015c5537baa'
ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= '0015c5537baa' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User 0015c5537baa not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
I have attached the full file as an extra:
>From the information above, the User-Name attribute is being passed to
FR and being checked on the MySQL backend, however "Not Found" meaning
that from the MySQL radcheck output - that either it isn't connecting
to the DB in regards to the User-Name portion or that somehow there is
malformed information in there.
As per the attached file the FreeRADIUS version is 2.1.10 running on
CentOS 6.2 x64 build.
The rlm_sql driver seems to be connecting to the DB (as stated the NAS
is recognized after it has been provisioned within DaloRADIUS):
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root at localhost:3306/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
shortname, type, secret, server FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Read entry nasname=10.0.0.1,shortname=Switch,secret=pass
rlm_sql (sql): Adding client 10.0.0.1 (Switch, server=<none>) to clients list
rlm_sql (sql): Released sql socket id: 4
Would anybody be able to help me understand where the issue lies and
perhaps how to correct it?
Many thanks!
Regards,
Kaya
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radx_dump
Type: application/octet-stream
Size: 24578 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120731/3194c406/attachment-0001.obj>
More information about the Freeradius-Users
mailing list