Cannot get MySQL backend to work in Ubuntu 17.04

Martin Rys spleefer90 at gmail.com
Mon Apr 24 12:47:56 CEST 2017


Hiya, I've been trying for a while to get MySQL radius backend to work
but only had success with the basic auth mode.

select * from radpostauth;
^ Shows nothing, for some reason freeRADIUS doesn't even write there
even though the log claims it does so successfully.


Here is everything I tried, step by step.

You can either open this link and read it somehow formatted on my
PrivateBin instance, or you can read it in plain text posted below the
link.

https://paste.c0rn3j.com/?44f340705be383c4#6nPNN39P98jGng38weWx0223pyGU7UQOY9Wev1tgDpU=


Create new LXC container running Ubuntu 17.04(I doubt this has any
effect on my problems, but noting it anyways) and login as root.

apt update

apt install freeradius-mysql

Package: freeradius
Version: 3.0.12+dfsg-4ubuntu1

Go by https://wiki.freeradius.org/guide/Basic-configuration-HOWTO

add >>> c0rn3jj Cleartext-Password := "123" <<<

to the first line of /etc/freeradius/3.0/users

systemctl restart freeradius

radtest c0rn3jj 123 localhost 0 testing123
^ Access-Accept.


go by https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu#configuring-freeradius-to-use-sql

apt install  mariadb-server

Package: mariadb-server
Version: 10.1.22-3

mysql -uroot -p
^default install leaves root with empty password

  CREATE DATABASE radius;
  exit

mysql -uroot -p radius <
/etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

/etc/freeradius/3.0/mods-config/sql/main/mysql/setup.sql
^ change password from radpass to V9WcNpFEfY69MhuL

mysql -uroot -p radius <
/etc/freeradius/3.0/mods-config/sql/main/mysql/setup.sql

/etc/freeradius/3.0/mods-available/sql
^ uncomment server/port/login/password and change password to
V9WcNpFEfY69MhuL, change dialect to mysql

ln -s /etc/freeradius/3.0/mods-available/sql
/etc/freeradius/3.0/mods-enabled/sql

/etc/freeradius/3.0/sites-available/default
^ guide says to uncomment sql in the authorize block, however it is
already uncommented but there's a - sign before it? -sql? I did
nothing here. Same story with the accounting block. Same stuff with
inner-tunnel.


"Your radiusd.conf should then look something like this"

"then"? I did nothing with the radiusd.conf, moreover there's no
authoriSe or authorize block either. Do nothing with the file.


Now I get to the Populating SQL section

insert into radcheck (username,attribute,op,value) values("c0rn3j",
"Cleartext-Password", ":=", "123");

select * from radcheck;

radtest c0rn3j 123 localhost 0 testing123
^ fail

insert into radreply (username,attribute,op,value) values("c0rn3j",
"Framed-IP-Address", ":=", "1.2.3.4");

radtest c0rn3j 123 localhost 0 testing123
^fail


Client output -
https://paste.c0rn3j.com/?0af6cf0b0aa86d67#Lo53mu+IQ2RQPQOvMl/B0nxH+0/Fal4cqu6YfdgIkKk=

 systemctl stop freeradius
 /usr/sbin/freeradius -X > /tmp/radlog


-X log either on
https://paste.c0rn3j.com/?f6dc7f8decd19541#QheezTe5NftT6qj1furUsZRL4TL90QSmCwRWP+yuXjQ=
or https://ptpb.pw/n7Re


More information about the Freeradius-Users mailing list