Radius and MYSQL
Alexandre Vilarinho
vilarinhomail-dev at yahoo.com.br
Tue Sep 8 17:15:59 CEST 2015
Alan thanx for the reply.
I've read the documentation, but is not clear for me.
For example:
in the Radacct database there is no configuration.
in the radchack database i've added the following configuration:
username - rafael
attribute - Cleartext-Password
op - :=
value - teste
I think that is this case, I configuring a user and specifying the password right?
In the radgroupcheck database i've added the following configuration:
1st row groupname - privilegio_15
Attribute - Service-Type
op = Nas-Prompt-User
2nd row
groupname - privilegio_15
Attribute - Cisco_AVPair
op = shell:priv-lvl=15
In the radgroupreply database there is no configuration
in the radpostauth database there is no configuration
in the radrepy database 1st row
username - rafael
attribute - Fall-Through
op - =
Value - Yes
in the radusergrupo database username - rafael
groupname - privilegio_15
priority - 1
in the radusergroup database there is no option to delete, edit or any thing. Is this correct?
with this configuration added I tried to authenticate the radius user:
Follow the command and the reply
root at Radius-LDAP-Server:~# /etc/init.d/freeradius stop * Stopping FreeRADIUS daemon freeradius * /var/run/freeradius/freeradius.pid not found... [ OK ] root at Radius-LDAP-Server:~# /etc/init.d/freeradius start * Starting FreeRADIUS daemon freeradius [ OK ]
root at Radius-LDAP-Server:~# radtest rafael teste localhost 1812 testing123
Sending Access-Request of id 190 to 127.0.0.1 port 1812 User-Name = "rafael" User-Password = "teste" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Message-Authenticator = 0x00000000000000000000000000000000rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=190, length=20
root at Radius-LDAP-Server:~#
There authentication failed. I presume there is something wrong this my configuration.
Can you help me and explain what i'm doing wrong?
Regards
Alex
Em Terça-feira, 8 de Setembro de 2015 11:46, Alan DeKok <aland at deployingradius.com> escreveu:
On Sep 8, 2015, at 10:25 AM, Alexandre Vilarinho <vilarinhomail-dev at yahoo.com.br> wrote:
> I'm new at Radius and I'm trying do configure Radius do authenticate the user from MYSQL databank.
> I configured the user in the user configuration file and it is working correctly, follow the configuration of the user.
> teste1 Cleartext-Password := "teste" Service-Type = NAS-Prompt-User, Cisco-AVPair = "shell:priv-lvl=1", Cisco-AVPair = "shell:cmd=show", Cisco-AVPair = "shell:cmd=show privilege"
> For this user I would like to configure a group in MYSQL called Privilege Level 1 and add it to that group.
> The Privilege Level 1 group should have the following configuration:
> Service-Type = NAS-Prompt-User, Cisco-AVPair = "shell:priv-lvl=1", Cisco-AVPair = "shell:cmd=show", Cisco-AVPair = "shell:cmd=show privilege"
> The user should have have the following configuration:
> teste1 Cleartext-Password := "teste"
See:
http://wiki.freeradius.org/modules/Rlm_sql
for instructions on how the SQL module works.
> I've already installed MYSQL database and it is also integrated with Radius. I've followed the following explanation webpage tutorial - guide/SQL HOWTO
> I think that mysql databank and databases are correct and integrated with Radius.
> I didn't find any tutorial for beginners that explain step-by-step what should be done to configure the user group and the user.
> Can anyone explain to me how I can configure the user and the group?
This is all documented in the wiki.
Just put data into the correct fields in SQL, and it will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list