Getting clients from a mysql table
Olivier Beytrison
olivier at heliosnet.org
Tue Mar 26 12:30:09 CET 2013
On 26 mars 2013, at 11:48, Peter Kaagman <P.Kaagman at atlascollege.nl> wrote:
> Hi there list,
>
> I’ve been trying to get my client list from a MySql table. For this I’ve edited radius.conf to include sql.conf and edited sql.conf to reflect my database configuration and set readclients = yes.
> There is a table “nas” which has several records for the NAPs I have.
>
> When I restart radiusd I see no traffic on the mysql server coming from the freeradius server. And client are not loaded. Just the ones in clients.conf are loaded. I’ve excluded clients.conf from the configuration, which results in no clients at all.
>
> I would verry much like to have my clients in a database, which would simplify management a lot. But am at a loss what to do
Try adding the SQL module to the jnstantiate section of radiusd.conf
>
> I’m using:
> FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 3 2012 at 01:22:51
>
> On a CentOS release 6.3 (Final)
>
> Packages installed:
> [root at hades raddb]# yum list installed|grep radius
> freeradius.x86_64 2.1.12-4.el6_3 @updates
> freeradius-mysql.x86_64 2.1.12-4.el6_3 @updates
> freeradius-perl.x86_64 2.1.12-4.el6_3 @updates
> freeradius-utils.x86_64 2.1.12-4.el6_3 @updates
>
> The radiusd –X output included has clients.conf included
>
>
> Met vriendelijke groet,
>
> Peter Kaagman / Atlas College / Systeembeheer
>
> FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 3 2012 at 01:22:51
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /etc/raddb/radiusd.conf
> including configuration file /etc/raddb/proxy.conf
> including configuration file /etc/raddb/clients.conf
> including files in directory /etc/raddb/modules-enabled/
> including configuration file /etc/raddb/modules-enabled/attr_filter
> including configuration file /etc/raddb/modules-enabled/perl
> including configuration file /etc/raddb/modules-enabled/files
> including configuration file /etc/raddb/modules-enabled/chap
> including configuration file /etc/raddb/modules-enabled/pap
> including configuration file /etc/raddb/modules-enabled/digest
> including configuration file /etc/raddb/modules-enabled/preprocess
> including configuration file /etc/raddb/modules-enabled/detail
> including configuration file /etc/raddb/modules-enabled/unix
> including configuration file /etc/raddb/modules-enabled/exec
> including configuration file /etc/raddb/modules-enabled/expiration
> including configuration file /etc/raddb/modules-enabled/radutmp
> including configuration file /etc/raddb/modules-enabled/acct_unique
> including configuration file /etc/raddb/modules-enabled/expr
> including configuration file /etc/raddb/modules-enabled/mschap
> including configuration file /etc/raddb/modules-enabled/logintime
> including configuration file /etc/raddb/eap.conf
> including configuration file /etc/raddb/sql.conf
> including configuration file /etc/raddb/sql/mysql/dialup.conf
> including configuration file /etc/raddb/policy.conf
> including files in directory /etc/raddb/sites-enabled/
> including configuration file /etc/raddb/sites-enabled/inner-tunnel
> including configuration file /etc/raddb/sites-enabled/control-socket
> including configuration file /etc/raddb/sites-enabled/default
> main {
> user = "radiusd"
> group = "radiusd"
> allow_core_dumps = no
> }
> including dictionary file /etc/raddb/dictionary
> main {
> name = "radiusd"
> prefix = "/usr"
> localstatedir = "/var"
> sbindir = "/usr/sbin"
> logdir = "/var/log/radius"
> run_dir = "/var/run/radiusd"
> libdir = "/usr/lib64/freeradius"
> radacctdir = "/var/log/radius/radacct"
> hostname_lookups = no
> max_request_time = 30
> cleanup_delay = 5
> max_requests = 1024
> pidfile = "/var/run/radiusd/radiusd.pid"
> checkrad = "/usr/sbin/checkrad"
> debug_level = 0
> proxy_requests = yes
> log {
> stripped_names = no
> auth = no
> auth_badpass = no
> auth_goodpass = no
> }
> security {
> max_attributes = 200
> reject_delay = 1
> status_server = yes
> }
> }
> radiusd: #### Loading Realms and Home Servers ####
> proxy server {
> retry_delay = 5
> retry_count = 3
> default_fallback = no
> dead_time = 120
> wake_all_if_all_dead = no
> }
> home_server localhost {
> ipaddr = 127.0.0.1
> port = 1812
> type = "auth"
> secret = "testing123"
> response_window = 20
> max_outstanding = 65536
> require_message_authenticator = yes
> zombie_period = 40
> status_check = "status-server"
> ping_interval = 30
> check_interval = 30
> num_answers_to_alive = 3
> num_pings_to_alive = 3
> revive_interval = 120
> status_check_timeout = 4
> coa {
> irt = 2
> mrt = 16
> mrc = 5
> mrd = 30
> }
> }
> home_server_pool my_auth_failover {
> type = fail-over
> home_server = localhost
> }
> realm example.com {
> auth_pool = my_auth_failover
> }
> realm LOCAL {
> }
> radiusd: #### Loading Clients ####
> client localhost {
> ipaddr = 127.0.0.1
> require_message_authenticator = no
> secret = "testing123"
> nastype = "other"
> }
> client ap {
> ipaddr = 10.0.9.151
> require_message_authenticator = no
> secret = "secret"
> nastype = "cisco"
> }
> client ap {
> ipaddr = 10.0.9.152
> require_message_authenticator = no
> secret = "secret"
> nastype = "cisco"
> }
> client ap {
> ipaddr = 10.0.9.153
> require_message_authenticator = no
> secret = "secret"
> nastype = "cisco"
> }
> client ap {
> ipaddr = 10.0.9.154
> require_message_authenticator = no
> secret = "secret"
> nastype = "cisco"
> }
> client ap {
> ipaddr = 10.0.9.155
> require_message_authenticator = no
> secret = "secret"
> nastype = "cisco"
> }
> client switch {
> ipaddr = 10.0.9.47
> require_message_authenticator = no
> secret = "testing123"
> nastype = "other"
> }
> client switch {
> ipaddr = 10.0.9.12
> require_message_authenticator = no
> secret = "secret"
> nastype = "other"
> }
> radiusd: #### Instantiating modules ####
> instantiate {
> Module: Linked to module rlm_exec
> Module: Instantiating module "exec" from file /etc/raddb/modules-enabled/exec
> exec {
> wait = no
> input_pairs = "request"
> shell_escape = yes
> }
> Module: Linked to module rlm_expr
> Module: Instantiating module "expr" from file /etc/raddb/modules-enabled/expr
> Module: Linked to module rlm_expiration
> Module: Instantiating module "expiration" from file /etc/raddb/modules-enabled/expiration
> expiration {
> reply-message = "Password Has Expired "
> }
> Module: Linked to module rlm_logintime
> Module: Instantiating module "logintime" from file /etc/raddb/modules-enabled/logintime
> logintime {
> reply-message = "You are calling outside your allowed timespan "
> minimum-timeout = 60
> }
> }
> radiusd: #### Loading Virtual Servers ####
> server { # from file /etc/raddb/radiusd.conf
> modules {
> Module: Creating Auth-Type = digest
> Module: Creating Auth-Type = Perl
> Module: Creating Post-Auth-Type = REJECT
> Module: Checking authenticate {...} for more modules to load
> Module: Linked to module rlm_pap
> Module: Instantiating module "pap" from file /etc/raddb/modules-enabled/pap
> pap {
> encryption_scheme = "auto"
> auto_header = no
> }
> Module: Linked to module rlm_chap
> Module: Instantiating module "chap" from file /etc/raddb/modules-enabled/chap
> Module: Linked to module rlm_mschap
> Module: Instantiating module "mschap" from file /etc/raddb/modules-enabled/mschap
> mschap {
> use_mppe = yes
> require_encryption = no
> require_strong = no
> with_ntdomain_hack = no
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=ATLAS --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
> allow_retry = yes
> }
> Module: Linked to module rlm_digest
> Module: Instantiating module "digest" from file /etc/raddb/modules-enabled/digest
> Module: Linked to module rlm_unix
> Module: Instantiating module "unix" from file /etc/raddb/modules-enabled/unix
> unix {
> radwtmp = "/var/log/radius/radwtmp"
> }
> Module: Linked to module rlm_eap
> Module: Instantiating module "eap" from file /etc/raddb/eap.conf
> eap {
> default_eap_type = "md5"
> timer_expire = 60
> ignore_unknown_eap_types = no
> cisco_accounting_username_bug = no
> max_sessions = 4096
> }
> Module: Linked to sub-module rlm_eap_md5
> Module: Instantiating eap-md5
> Module: Linked to sub-module rlm_eap_leap
> Module: Instantiating eap-leap
> Module: Linked to sub-module rlm_eap_gtc
> Module: Instantiating eap-gtc
> gtc {
> challenge = "Password: "
> auth_type = "PAP"
> }
> Module: Linked to sub-module rlm_eap_tls
> Module: Instantiating eap-tls
> tls {
> rsa_key_exchange = no
> dh_key_exchange = yes
> rsa_key_length = 512
> dh_key_length = 512
> verify_depth = 0
> CA_path = "/etc/raddb/certs"
> pem_file_type = yes
> private_key_file = "/etc/raddb/certs/server.pem"
> certificate_file = "/etc/raddb/certs/server.pem"
> CA_file = "/etc/raddb/certs/ca.pem"
> private_key_password = "whatever"
> dh_file = "/etc/raddb/certs/dh"
> random_file = "/etc/raddb/certs/random"
> fragment_size = 1024
> include_length = yes
> check_crl = no
> cipher_list = "DEFAULT"
> cache {
> enable = no
> lifetime = 24
> max_entries = 255
> }
> verify {
> }
> ocsp {
> enable = no
> override_cert_url = yes
> url = "http://127.0.0.1/ocsp/"
> }
> }
> Module: Linked to sub-module rlm_eap_ttls
> Module: Instantiating eap-ttls
> ttls {
> default_eap_type = "md5"
> copy_request_to_tunnel = no
> use_tunneled_reply = no
> virtual_server = "inner-tunnel"
> include_length = yes
> }
> Module: Linked to sub-module rlm_eap_peap
> Module: Instantiating eap-peap
> peap {
> default_eap_type = "mschapv2"
> copy_request_to_tunnel = no
> use_tunneled_reply = no
> proxy_tunneled_request_as_eap = yes
> virtual_server = "inner-tunnel"
> soh = no
> }
> Module: Linked to sub-module rlm_eap_mschapv2
> Module: Instantiating eap-mschapv2
> mschapv2 {
> with_ntdomain_hack = no
> send_error = no
> }
> Module: Linked to module rlm_perl
> Module: Instantiating module "perl" from file /etc/raddb/modules-enabled/perl
> perl {
> module = "/home/pkn/perl/radius/radius.pl"
> func_authorize = "authorize"
> func_authenticate = "authenticate"
> func_accounting = "accounting"
> func_preacct = "preacct"
> func_checksimul = "checksimul"
> func_detach = "detach"
> func_xlat = "xlat"
> func_pre_proxy = "pre_proxy"
> func_post_proxy = "post_proxy"
> func_post_auth = "post_auth"
> func_recv_coa = "recv_coa"
> func_send_coa = "send_coa"
> }
> Module: Checking authorize {...} for more modules to load
> Module: Linked to module rlm_preprocess
> Module: Instantiating module "preprocess" from file /etc/raddb/modules-enabled/preprocess
> preprocess {
> huntgroups = "/etc/raddb/huntgroups"
> hints = "/etc/raddb/hints"
> with_ascend_hack = no
> ascend_channels_per_line = 23
> with_ntdomain_hack = no
> with_specialix_jetstream_hack = no
> with_cisco_vsa_hack = no
> with_alvarion_vsa_hack = no
> }
> Module: Linked to module rlm_files
> Module: Instantiating module "files" from file /etc/raddb/modules-enabled/files
> files {
> usersfile = "/etc/raddb/users"
> acctusersfile = "/etc/raddb/acct_users"
> preproxy_usersfile = "/etc/raddb/preproxy_users"
> compat = "no"
> }
> Module: Checking preacct {...} for more modules to load
> Module: Linked to module rlm_acct_unique
> Module: Instantiating module "acct_unique" from file /etc/raddb/modules-enabled/acct_unique
> acct_unique {
> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
> }
> Module: Checking accounting {...} for more modules to load
> Module: Linked to module rlm_detail
> Module: Instantiating module "detail" from file /etc/raddb/modules-enabled/detail
> detail {
> detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
> header = "%t"
> detailperm = 384
> dirperm = 493
> locking = no
> log_packet_header = no
> }
> Module: Linked to module rlm_radutmp
> Module: Instantiating module "radutmp" from file /etc/raddb/modules-enabled/radutmp
> radutmp {
> filename = "/var/log/radius/radutmp"
> username = "%{User-Name}"
> case_sensitive = yes
> check_with_nas = yes
> perm = 384
> callerid = yes
> }
> Module: Linked to module rlm_attr_filter
> Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules-enabled/attr_filter
> attr_filter attr_filter.accounting_response {
> attrsfile = "/etc/raddb/attrs.accounting_response"
> key = "%{User-Name}"
> relaxed = no
> }
> Module: Checking session {...} for more modules to load
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules-enabled/attr_filter
> attr_filter attr_filter.access_reject {
> attrsfile = "/etc/raddb/attrs.access_reject"
> key = "%{User-Name}"
> relaxed = no
> }
> } # modules
> } # server
> server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
> modules {
> Module: Checking authenticate {...} for more modules to load
> Module: Checking authorize {...} for more modules to load
> Module: Checking session {...} for more modules to load
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> } # modules
> } # server
> radiusd: #### Opening IP addresses and Ports ####
> listen {
> type = "auth"
> ipaddr = *
> port = 0
> }
> listen {
> type = "acct"
> ipaddr = *
> port = 0
> }
> listen {
> type = "control"
> listen {
> socket = "/var/run/radiusd/radiusd.sock"
> }
> }
> listen {
> type = "auth"
> ipaddr = 127.0.0.1
> port = 18120
> }
> ... adding new socket proxy address * port 47230
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on command file /var/run/radiusd/radiusd.sock
> Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
> Listening on proxy address * port 1814
> Ready to process requests.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130326/0269ee35/attachment-0001.html>
More information about the Freeradius-Users
mailing list