Imminent release of 2.2.5 and 3.0.3
Maja Wolniewicz
mgw at umk.pl
Tue Apr 22 10:15:08 CEST 2014
W dniu 20.04.2014 23:27, Alan DeKok pisze:
> Maja Wolniewicz wrote:
>> The cui module is enabled (I have the link in mods-enabled), sql module
>> isn't
>> cui module instantiates the sql module with name cuisql.
>> When starting radiusd I can see:
>> # Instantiating module "cuisql" from file
>> /opt/FR3.0/etc/raddb/mods-enabled/cui
>> sql cuisql {
>> driver = "rlm_sql_mysql"
>> server = "localhost"
>> port = ""
>> login = ""
>> password = <<< secret >>>
>> radius_db = "radius"
>> ...
>> }
>>
>> while my mods-enabled/cui settings are different and the shown settings
>> come from mods-available/sql
> I don't see that at all. Are you sure you're using the right files?
The default file raddb/mods-available/cui has:
dialect = "sqlite"
driver = "rlm_sql_${dialect}"
sqlite {
filename = ${radacctdir}/cui.sqlite
bootstrap = ${modconfdir}/${..:name}/cui/sqlite/schema.sql
}
I want to use the mysql driver, so I have there:
dialect = "mysql"
driver = "rlm_sql_${dialect}"
mysql{
server = "localhost"
login = "cuiuser"
password = "....."
radius_db = "eduroam"
}
and this file is linked in mod-enabled directory.
This configuration does not work for me - the cuisql module is
configured with a default 'radius' database.
I used this configuration in my tests of the CUI some time ago and then
it worked (it was FR3.0 git version).
Is such a configuration good now? Is the sub-module model still working?
Another thing that worries me is that when I'm trying to authenticate
the server returns Access-Reject, in spite of PEAP success:
(10) eap_peap : Success
(10) eap_peap : Using saved attributes from the original Access-Accept
Stripped-User-Name = 'mgw'
Chargeable-User-Identity :=
'0e4114dc9ad1ac345c09e54c5e0fa4a1d04eb9da'
(10) eap_peap : Saving session
4b43ce6e71f5ad08815e7a467eaa5e382e615376601e74388686c0748838c91c vps
0x1131ea0 in the cache
(10) eap : Freeing handler
(10) [eap] = ok
(10) } # authenticate = ok
(10) # Executing section post-auth from file
/opt/FR3.0/etc/raddb/sites-enabled/default
(10) post-auth {
(10) cui.post-auth cui.post-auth {
(10) if (!control:Proxy-To-Realm && Chargeable-User-Identity &&
!reply:Chargeable-User-Identity && (Operator-Name || ('no' !=
'yes')) )
(10) if (!control:Proxy-To-Realm && Chargeable-User-Identity &&
!reply:Chargeable-User-Identity && (Operator-Name || ('no' !=
'yes')) ) -> FALSE
(10) update reply {
(10) EXPAND %{reply:User-Name}
(10) -->
(10) User-Name -= '""'
(10) } # update reply = noop
(10) if (reply:Chargeable-User-Identity)
(10) if (reply:Chargeable-User-Identity) -> TRUE
(10) if (reply:Chargeable-User-Identity) {
(10) cuisql : EXPAND .query
(10) cuisql : --> .query
(10) cuisql : Using query template 'query'
rlm_sql (cuisql): Opening additional connection (0)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Couldn't connect socket to MySQL server @localhost:radius
rlm_sql_mysql: Mysql error 'Access denied for user 'root'@'localhost'
(using password: NO)'
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (cuisql): Opening connection failed (0)
(10) [cuisql] = fail
(10) } # if (reply:Chargeable-User-Identity) = fail
(10) } # cui.post-auth cui.post-auth = fail
(10) } # post-auth = fail
(10) Using Post-Auth-Type Reject
(10) # Executing group from file /opt/FR3.0/etc/raddb/sites-enabled/default
(10) Post-Auth-Type REJECT {
..
}
Sending Access-Reject of id 10 from 158.75.1.116 port 1812 to
158.75.1.40 port 41997
When the cuisql module is commented out authentication goes smoothly.
Maja
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Maja Gorecka-Wolniewicz mgw at umk.pl
Uczelniane Centrum Information & Communication
Informatyczne Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3395 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140422/99ee80ae/attachment.bin>
More information about the Freeradius-Users
mailing list