User authentication - users config file and MySQL databases

Alexandre Oliveira acvoliveira at icloud.com
Wed Sep 9 17:09:02 CEST 2015


Hello all,

I would like to transfer all the configured users in the users in the users con file to MySQL database, it is possible?

I’ve configured Radius to work with MySQL and created a test user, teste, in radcheck database with a test password, teste. Follow the entry:

username - teste
attribute - cleartext-password
op - :=
value - teste

I also created an entry in radreply database. Follow the entry:

username - teste
attribute - fall-through
op - =
value - yes

For this test all other databases are empty.

I’ve stated free radius in debug mode to see if there were any erros, but there weren’t. Follow the log output:

root at Ubuntu-Radius-Server:~# tail /var/log/freeradius/radius.log 
Tue Sep  8 23:53:00 2015 : Info: rlm_sql (sql): Connected new DB handle, #2
Tue Sep  8 23:53:00 2015 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
Tue Sep  8 23:53:00 2015 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3
Tue Sep  8 23:53:00 2015 : Info: rlm_sql (sql): Connected new DB handle, #3
Tue Sep  8 23:53:00 2015 : Info: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
Tue Sep  8 23:53:00 2015 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4
Tue Sep  8 23:53:00 2015 : Info: rlm_sql (sql): Connected new DB handle, #4
Tue Sep  8 23:53:00 2015 : Info: Loaded virtual server inner-tunnel
Tue Sep  8 23:53:00 2015 : Info:  ... adding new socket proxy address * port 52669
Tue Sep  8 23:53:00 2015 : Info: Ready to process requests.

After Freeradius server was running I testes if the user from radcheck database was going to be authenticated, and it wasn’t. I received a Rejected Message, as follow.

Sending Access-Request of id 47 to 127.0.0.1 port 1812
User-Name = "teste"
User-Password = "teste"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=47, length=20


Neither the debug or log shown if Freeradius was searching for his user in the users config file or in radcheck database. Since in Freeradius documentation states that if the user is not found it is rejected, I’m presuming that the user was not found. Although it is not clear if Freeradius is searching only in the users config or if it is searching also in radcheck database.

Is is possible to add to the debug or in the log file where is Freeradius searching for he user?

when I tested the authentication with an user, teste1, configured in the users config file, the authentication was accepted.

root at Ubuntu-Radius-Server:~# radtest teste1 teste localhost 1812 testing123
Sending Access-Request of id 2 to 127.0.0.1 port 1812
User-Name = "teste1"
User-Password = "teste"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=2, length=20

I didn’t found in radiusd.conf o in sql.conf files a way to configure Freeradius to search it to use the radcheck database to authenticate the users. Is it possible to configure it?

Thanks for the help.

Regards

Alex




More information about the Freeradius-Users mailing list