User authentication - users config file and MySQL databases
Alexandre Vilarinho
vilarinhomail-dev at yahoo.com.br
Wed Sep 9 16:26:33 CEST 2015
Hello all
I would like to transfer all the configured users in the user conf file to MySQL database, is it possible?
I've configured Radius to work with MySQL and created a test user in radcheck database with a test password. Folllow the entry.
username - testeattribute - cleartext-passwordop - :=value - teste
I also created an entry in radreply database the following entry.
username - testeattribute - fall-throughop - =value - yes
For this test all others databases are empty.
I've started freeradius in debug mode to see if there where any erros, but there wasn't. The log file output.
Tue Sep 8 23:53:00 2015 : Info: rlm_sql (sql): Connected new DB handle, #2Tue Sep 8 23:53:00 2015 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3Tue Sep 8 23:53:00 2015 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3Tue Sep 8 23:53:00 2015 : Info: rlm_sql (sql): Connected new DB handle, #3Tue Sep 8 23:53:00 2015 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4Tue Sep 8 23:53:00 2015 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4Tue Sep 8 23:53:00 2015 : Info: rlm_sql (sql): Connected new DB handle, #4Tue Sep 8 23:53:00 2015 : Info: Loaded virtual server inner-tunnelTue Sep 8 23:53:00 2015 : Info: ... adding new socket proxy address * port 52669Tue Sep 8 23:53:00 2015 : Info: Ready to process requests.
After radius server was running I tested if the user, teste, was going to be authenticated, and it wasn't. I've received an Reject message.
Sending Access-Request of id 147 to 127.0.0.1 port 1812 User-Name = "teste" User-Password = "teste" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Message-Authenticator = 0x00000000000000000000000000000000rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=147, length=20
Neither the debug or the log show if Freeradius was searching for this user to the user conf file or in MySQL databases. Since in radius documentation states that if the user is not found it is reject, I wonder where is it searching. Is not clear if it is only searching in the user conf file or if it also searching in radckeck database.
Is it possible to add in the debug or in log file where Freeradius is searching for the user?
When I test the authentication with an user, teste1, configured in the user conf file, it was accepted.
root at Ubuntu-Radius-Server:~# radtest teste1 teste localhost 1812 testing123Sending Access-Request of id 210 to 127.0.0.1 port 1812 User-Name = "teste1" User-Password = "teste" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Message-Authenticator = 0x00000000000000000000000000000000rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=210, length=20
I didn't found in the radiusd.conf file or in the sql.conf file a way to configure Radius to force it to use the MySQL databases to authenticate the users. Is it possible to configure it?
Thanks for the help.
Regards
Alex
More information about the Freeradius-Users
mailing list