Problem with using MySQL for radius clients

Mik J mikydevel at yahoo.fr
Sun Nov 10 23:44:42 CET 2013 

Hello Alan,

Test1

Where I do the command
$ radtest testuser passsecret 127.0.0.1 1812 testing1234
It works and testing1234 is what is configured in the clients.conf file. If I change the secret to testing12345 and restart the radiusd server it works with the command
$ radtest testuser passsecret 127.0.0.1 1812 testing12345

Also the radtest command output says
$ radtest testuser passsecret 127.0.0.1 1812 testing12345
Sending Access-Request of id 18 to 127.0.0.1 port 1812
        User-Name = "testuser"
        User-Password = "passsecret"
        NAS-IP-Address = x.x.x.x
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
With x.x.x.x a public IP address (mine), that's why I supposed I didn't need an entry for 127.0.0.1

Test 2

When I start the radiusd server after adding an entry for 127.0.0.1 it says
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): Failed to add client 127.0.0.1 (myNAS3x) to clients list.  Maybe there's a duplicate?
Failed to load clients from SQL.
/etc/raddb/sql.conf[22]: Instantiation failed for module "sql"
/etc/raddb/sites-enabled/default[177]: Failed to find "sql" in the "modules" section.
/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.


As a conclusion I think clients.conf is still used because of test 1) when I change the secret. And that's why it finds a duplicate for 127.0.0.1 in Test 2. If I delete the entry in the mysql table it starts normally.

I think commenting the files doesn't work
authorize {
sql
#files
}
and radiusd still reads clients.conf, that should explain test 1 & 2

....

As I was writting this email I found the solution.
I've put a comment on
#$INCLUDE ${confdir}/clients.conf
in radiusd.conf

And normalised the section
authorize {
sql
files
}

Now it behaves as expected.

Thank you for your answers





Le Samedi 9 novembre 2013 15h23, "A.L.M.Buxey at lboro.ac.uk" <A.L.M.Buxey at lboro.ac.uk> a écrit :
 
Hi,
>
>>    And how to enable MySQL only without clients.conf ?
>
>you've already done it.
>
>>    rlm_sql (sql): Read entry
>>    nasname=192.168.0.1,shortname=myNAS,secret=mysecret
>>    rlm_sql (sql): Adding client 192.168.0.1 (myNAS, server=<none>) to clients
>>    list
>
>read the above. 192.168.0.1 is a valid client.
>
>
>the trouble is, you seem to be running radtest with 127.0.0.1 - and THAT isnt
>in your tables...so isnt a valid client - its there by default in clients.conf
>- so add it to your NAS table!  beware, you cannot have duplicates.
>
>
>alan
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131110/ec748c61/attachment.html>

More information about the Freeradius-Users mailing list