Cannot get MySQL backend to work in Ubuntu 17.04

Martin Rys spleefer90 at
Mon Apr 24 12:47:56 CEST 2017

Hiya, I've been trying for a while to get MySQL radius backend to work
but only had success with the basic auth mode.

select * from radpostauth;
^ Shows nothing, for some reason freeRADIUS doesn't even write there
even though the log claims it does so successfully.

Here is everything I tried, step by step.

You can either open this link and read it somehow formatted on my
PrivateBin instance, or you can read it in plain text posted below the

Create new LXC container running Ubuntu 17.04(I doubt this has any
effect on my problems, but noting it anyways) and login as root.

apt update

apt install freeradius-mysql

Package: freeradius
Version: 3.0.12+dfsg-4ubuntu1

Go by

add >>> c0rn3jj Cleartext-Password := "123" <<<

to the first line of /etc/freeradius/3.0/users

systemctl restart freeradius

radtest c0rn3jj 123 localhost 0 testing123
^ Access-Accept.

go by

apt install  mariadb-server

Package: mariadb-server
Version: 10.1.22-3

mysql -uroot -p
^default install leaves root with empty password


mysql -uroot -p radius <

^ change password from radpass to V9WcNpFEfY69MhuL

mysql -uroot -p radius <

^ uncomment server/port/login/password and change password to
V9WcNpFEfY69MhuL, change dialect to mysql

ln -s /etc/freeradius/3.0/mods-available/sql

^ guide says to uncomment sql in the authorize block, however it is
already uncommented but there's a - sign before it? -sql? I did
nothing here. Same story with the accounting block. Same stuff with

"Your radiusd.conf should then look something like this"

"then"? I did nothing with the radiusd.conf, moreover there's no
authoriSe or authorize block either. Do nothing with the file.

Now I get to the Populating SQL section

insert into radcheck (username,attribute,op,value) values("c0rn3j",
"Cleartext-Password", ":=", "123");

select * from radcheck;

radtest c0rn3j 123 localhost 0 testing123
^ fail

insert into radreply (username,attribute,op,value) values("c0rn3j",
"Framed-IP-Address", ":=", "");

radtest c0rn3j 123 localhost 0 testing123

Client output -

 systemctl stop freeradius
 /usr/sbin/freeradius -X > /tmp/radlog

-X log either on

More information about the Freeradius-Users mailing list