ignoring request from unknown client 127.0.0.1, although it is correctly defined in SQL and loaded on startup
Radim ROŠKA
Radim.ROSKA at huatech.cz
Fri May 11 14:01:37 CEST 2018
Hello everybody,
My goal is to use SQL as backend for FREERADIUS. That includes definition of NAS. I'm fighting with it for several hours. All was working ok with using clients.conf configuration file. I believe I have read all posts in the forums slightly related to this...yet not sure why its still not working. I need to have more detailed debugging that would show, based on what RADIUS decides that those clients are unknown, even though its actually correctly added during startup (as it seems). Virtual server is configured correctly also I would say...
I'm using:
* OS : Ubuntu 17.10
* FreeRADIUS Version 3.0.15
* Mysql - 5.7.21-0ubuntu0.17.10.1
What I did:
* I doublechecked that I followed guide here to the letter:
* https://wiki.freeradius.org/guide/sql-howto
* Commented out clients.conf => I want to use ONLY SQL
* Add "sql" into configuration of virtual server "default" in section authorize
* In mods-enable/sql set read_clients to yes, client_table= "nas"
* Etc...
But from some reason, althougth the NAS is added as it seems correctly - freeradius is still ignoring the requests...Please see below relevant details
portal at portal:/var/log/freeradius$ sudo freeradius -X
FreeRADIUS Version 3.0.15
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
. . . . .
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.21-0ubuntu0.17.10.1, protocol version 10
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sql): Adding client 10.0.0.16 (test) to default clients list
rlm_sql (10.0.0.16): Client "test" (sql) added
rlm_sql (sql): Adding client 127.0.0.1 (test123) to default clients list
rlm_sql (127.0.0.1): Client "test123" (sql) added
rlm_sql (sql): Released connection (0)
. . . .
Listening on command file /var/run/freeradius/freeradius.sock
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 37485
Listening on proxy address :: port 36997
Ready to process requests
mysql> select * from nas;
+----+-----------+-----------+-------+-------+-----------+---------+-----------+---------------+---------+
| id | nasname | shortname | type | ports | secret | server | community | description | version |
+----+-----------+-----------+-------+-------+-----------+---------+-----------+---------------+---------+
| 2 | 10.0.0.16 | test | 1 | 62470 | radius-pw | default | community | 1 | 4 |
| 3 | 127.0.0.1 | test123 | other | NULL | test | default | NULL | RADIUS Client | NULL |
+----+-----------+-----------+-------+-------+-----------+---------+-----------+---------------+---------+
radmin> show client list
10.0.0.16
127.0.0.1
root at portal:/etc/freeradius/3.0/sites-enabled# radtest test test 127.0.0.1 1812 test
Sent Access-Request Id 176 from 0.0.0.0:46822 to 127.0.0.1:1812 length 74
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 10.0.1.16
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "test"
Freeradius -X
...
Ready to process requests
Ignoring request to auth address * port 1812 bound to server default from unknown client 127.0.0.1 port 46822 proto udp
Ready to process requests
Same happens when I send radius auth from network device 10.0.0.16
Ignoring request to auth address * port 1812 bound to server default from unknown client 10.0.0.16 port 62470 proto udp
Ready to process requests
radmin> show module config sql
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = 3306
login = "radius"
password = "xxx"
radius_db = "radius"
read_groups = yes
read_profiles = yes
readclients = yes
read_clients = yes
deletestalesessions = yes
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
logfile =
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
open_query =
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct
WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
query_timeout = 0
accounting = ?
post-auth = ?
}
More information about the Freeradius-Users
mailing list