Cannot get MySQL backend to work in Ubuntu 17.04
Martin Rys
spleefer90 at gmail.com
Mon Apr 24 12:47:56 CEST 2017
Hiya, I've been trying for a while to get MySQL radius backend to work
but only had success with the basic auth mode.
select * from radpostauth;
^ Shows nothing, for some reason freeRADIUS doesn't even write there
even though the log claims it does so successfully.
Here is everything I tried, step by step.
You can either open this link and read it somehow formatted on my
PrivateBin instance, or you can read it in plain text posted below the
link.
https://paste.c0rn3j.com/?44f340705be383c4#6nPNN39P98jGng38weWx0223pyGU7UQOY9Wev1tgDpU=
Create new LXC container running Ubuntu 17.04(I doubt this has any
effect on my problems, but noting it anyways) and login as root.
apt update
apt install freeradius-mysql
Package: freeradius
Version: 3.0.12+dfsg-4ubuntu1
Go by https://wiki.freeradius.org/guide/Basic-configuration-HOWTO
add >>> c0rn3jj Cleartext-Password := "123" <<<
to the first line of /etc/freeradius/3.0/users
systemctl restart freeradius
radtest c0rn3jj 123 localhost 0 testing123
^ Access-Accept.
go by https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu#configuring-freeradius-to-use-sql
apt install mariadb-server
Package: mariadb-server
Version: 10.1.22-3
mysql -uroot -p
^default install leaves root with empty password
CREATE DATABASE radius;
exit
mysql -uroot -p radius <
/etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
/etc/freeradius/3.0/mods-config/sql/main/mysql/setup.sql
^ change password from radpass to V9WcNpFEfY69MhuL
mysql -uroot -p radius <
/etc/freeradius/3.0/mods-config/sql/main/mysql/setup.sql
/etc/freeradius/3.0/mods-available/sql
^ uncomment server/port/login/password and change password to
V9WcNpFEfY69MhuL, change dialect to mysql
ln -s /etc/freeradius/3.0/mods-available/sql
/etc/freeradius/3.0/mods-enabled/sql
/etc/freeradius/3.0/sites-available/default
^ guide says to uncomment sql in the authorize block, however it is
already uncommented but there's a - sign before it? -sql? I did
nothing here. Same story with the accounting block. Same stuff with
inner-tunnel.
"Your radiusd.conf should then look something like this"
"then"? I did nothing with the radiusd.conf, moreover there's no
authoriSe or authorize block either. Do nothing with the file.
Now I get to the Populating SQL section
insert into radcheck (username,attribute,op,value) values("c0rn3j",
"Cleartext-Password", ":=", "123");
select * from radcheck;
radtest c0rn3j 123 localhost 0 testing123
^ fail
insert into radreply (username,attribute,op,value) values("c0rn3j",
"Framed-IP-Address", ":=", "1.2.3.4");
radtest c0rn3j 123 localhost 0 testing123
^fail
Client output -
https://paste.c0rn3j.com/?0af6cf0b0aa86d67#Lo53mu+IQ2RQPQOvMl/B0nxH+0/Fal4cqu6YfdgIkKk=
systemctl stop freeradius
/usr/sbin/freeradius -X > /tmp/radlog
-X log either on
https://paste.c0rn3j.com/?f6dc7f8decd19541#QheezTe5NftT6qj1furUsZRL4TL90QSmCwRWP+yuXjQ=
or https://ptpb.pw/n7Re
More information about the Freeradius-Users
mailing list