CHAP faliled authenticate from users file

Alan DeKok aland at deployingradius.com
Wed Feb 14 17:24:56 CET 2018 

On Feb 14, 2018, at 11:17 AM, Marcin <marcin at nicram.net> wrote:
> 
> Hello,
> I'm trying to make redundant authentication if database fails to get users
> from files.

  OK...

> if (Framed-Protocol == PPP){
> redundant {
> lms
> files
> }

  That should work.

> With this, when I try to connect and database is well everything goes well
> and user is authentificated.
> But when I simulate problems with database (shutdown db) user cannot
> connect.

  Because it's not matching the entry in the "users" file.

> in users file:
> serwis Cleartext-Password := "password"
> Framed-IP-Address = 1.1.1.1,
> Framed-IP-Netmask = 255.255.255.255,
> MS-Primary-DNS-Server = 8.8.4.4,
> MS-Secondary-DNS-Server = 8.8.8.8,
> Port-Limit = 1,
> Acct-Interim-Interval = 300,
> Filter-ID = "105192k/11196k",
> Mikrotik-Rate-Limit = "11196k/105192k"
> 
> now the log:
...
> (0) Received Access-Request Id 11 from 10.5.5.10:40267 to 10.5.5.1:1812
> length 153
> (0)   Service-Type = Framed-User
> (0)   Framed-Protocol = PPP
> (0)   NAS-Port = 15728920
> (0)   NAS-Port-Type = Ethernet
> (0)   User-Name = "serwis"

  Which should be fine.

> ...
> (0) lms: EXPAND %{User-Name}
> (0) lms:    --> serwis
> (0) lms: SQL-User-Name set to 'serwis'
> rlm_sql (lms): 0 of 0 connections in use.  You  may need to increase "spare"
> rlm_sql (lms): Opening additional connection (0), 1 of 32 pending slots used
> rlm_sql_mysql: Starting connect to MySQL server
> rlm_sql_mysql: Couldn't connect to MySQL server radius at localhost:lms
> rlm_sql_mysql: MySQL error: Can't connect to local MySQL server through
> socket '/var/run/mysqld/mysqld.sock' (2 "No such file or directory")
> rlm_sql_mysql: Socket destructor called, closing socket
> rlm_sql (lms): Opening connection failed (0)
> *(0)         [lms] = fail*
> *(0) files: users: Matched entry DEFAULT at line 186*

  Which means it didn't match the entry you added.

  So... where did you add the entry?  At the top of the file?  Or at the bottom?  What's on line 186?

  Did you edit the correct "users" file?

  Alan DeKok.

More information about the Freeradius-Users mailing list