Tough time getting FreeRADIUS 3.0.9 to work with mysql

Song Zou a13519 at me.com
Mon Nov 19 13:18:55 CET 2018


please don’t send email

On Nov 19, 2018, at 20:17, Song Zou via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:

> please don’t send email
> 
> On Nov 19, 2018, at 20:15, Song Zou via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> please don’t send email
> 
> On Nov 19, 2018, at 20:14, Song Zou via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> please don’t send email
> 
> On Jul 13, 2015, at 07:27, Kwesi Yankson via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Hello,I am a freeRADIUS 2.x user and want to start using freeRADIUS 3.x.xI have installed freeRADIUS 3.0.9 and done a lot of reading since I want to avoid being told to "RTFM"I can't seem to get an Access-Accept when I do a radtest for MySQL users. I'm sure I'm missing something (still adjusting to the difference between the two version).  Can someone help or point me in the right direction?  Below is my debug:(1) Received Access-Request Id 121 from 127.0.0.1:35861 to 127.0.0.1:1812 length 72
> (1)   User-Name = "me"
> (1)   User-Password = "pass"
> (1)   NAS-IP-Address = 127.0.1.1
> (1)   NAS-Port = 0
> (1)   Message-Authenticator = 0xd9c706bfd54e51cd4eab51d9e19e4da2
> (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> (1)   authorize {
> (1)     policy filter_username {
> (1)       if (!&User-Name) {
> (1)       if (!&User-Name)  -> FALSE
> (1)       if (&User-Name =~ / /) {
> (1)       if (&User-Name =~ / /)  -> FALSE
> (1)       if (&User-Name =~ /@.*@/ ) {
> (1)       if (&User-Name =~ /@.*@/ )  -> FALSE
> (1)       if (&User-Name =~ /\.\./ ) {
> (1)       if (&User-Name =~ /\.\./ )  -> FALSE
> (1)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
> (1)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
> (1)       if (&User-Name =~ /\.$/)  {
> (1)       if (&User-Name =~ /\.$/)   -> FALSE
> (1)       if (&User-Name =~ /@\./)  {
> (1)       if (&User-Name =~ /@\./)   -> FALSE
> (1)     } # policy filter_username = notfound
> (1)     [preprocess] = ok
> (1)     [chap] = noop
> (1) suffix: Checking for suffix after "@"
> (1) suffix: No '@' in User-Name = "me", looking up realm NULL
> (1) suffix: No such realm "NULL"
> (1)     [suffix] = noop
> (1)     [files] = noop
> (1) sql: EXPAND %{User-Name}
> (1) sql:    --> me
> (1) sql: SQL-User-Name set to 'me'
> rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 252 seconds
> rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 252 seconds
> rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 252 seconds
> rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 252 seconds
> rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 244 seconds
> rlm_sql (sql): You probably need to lower "min"
> rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 244 seconds
> rlm_sql (sql): You probably need to lower "min"
> rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 244 seconds
> rlm_sql (sql): You probably need to lower "min"
> rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"
> rlm_sql (sql): Opening additional connection (7), 1 of 32 pending slots used
> rlm_sql (sql): Reserved connection (7)
> (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
> (1) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'me' ORDER BY id
> (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'me' ORDER BY id
> rlm_sql (sql): Released connection (7)
> rlm_sql (sql): 0 of 1 connections in use.  Need more spares
> rlm_sql (sql): Opening additional connection (8), 1 of 31 pending slots used
> (1)     [sql] = notfound
> (1)     [expiration] = noop
> (1)     [logintime] = noop
> (1)   } # authorize = ok
> (1) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
> (1) Failed to authenticate the user
> (1) Using Post-Auth-Type Reject
> (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (1)   Post-Auth-Type REJECT {
> (1) sql: EXPAND .query
> (1) sql:    --> .query
> (1) sql: Using query template 'query'
> rlm_sql (sql): Reserved connection (7)
> (1) sql: EXPAND %{User-Name}
> (1) sql:    --> me
> (1) sql: SQL-User-Name set to 'me'
> (1) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
> (1) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'me', 'pass', 'Access-Reject', '2015-07-12 23:21:17')
> (1) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'me', 'pass', 'Access-Reject', '2015-07-12 23:21:17')
> (1) sql: SQL query returned: success
> (1) sql: 1 record(s) updated
> rlm_sql (sql): Released connection (7)
> (1)     [sql] = ok
> (1) attr_filter.access_reject: EXPAND %{User-Name}
> (1) attr_filter.access_reject:    --> me
> (1) attr_filter.access_reject: Matched entry DEFAULT at line 18
> (1)     [attr_filter.access_reject] = updated
> (1) eap: Request didn't contain an EAP-Message, not inserting EAP-Failure
> (1)     [eap] = noop
> (1)     policy remove_reply_message_if_eap {
> (1)       if (&reply:EAP-Message && &reply:Reply-Message) {
> (1)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
> (1)       else {
> (1)         [noop] = noop
> (1)       } # else = noop
> (1)     } # policy remove_reply_message_if_eap = noop
> (1)   } # Post-Auth-Type REJECT = updated
> (1) Delaying response for 1.000000 seconds
> Waking up in 0.3 seconds.
> Waking up in 0.6 seconds.
> (1) <delay>: Sending delayed response
> (1) <delay>: Sent Access-Reject Id 121 from 127.0.0.1:1812 to 127.0.0.1:35861 length 20
> Waking up in 3.9 seconds.
> (1) <delay>: Cleaning up request packet ID 121 with timestamp +252
> 
> Thanks in advance
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list