Config FreeRadius (3.0.16) to work with SQL: The Guide is outdated - please helps
Uchenna Nebedum
nebeduch at gmail.com
Sat Sep 29 00:35:26 CEST 2018
Send the debug output when you send an access request, freeradius -X
Uchenna Nebedum
On Fri, Sep 28, 2018, 23:32 <james.ngobui at gmail.com> wrote:
> Hello there,
> Thank you for your helps.
> As for the mistype, negative. I have all of them configured as
> Cleartext-Password
> As for the usergroup, since we do not use any group, I do not need to add
> usergroup so I don't have it in my config. It is optional and only
> necessary if you decide to use group though
> To share what I have done:
> 1/ create a new (admin) user for the database
> 2/ add new user by command line --> check and see it populate in the
> radius server
> 3/ restart the SQL server
> 4/ restart the freeradius server
> I still have the same thing: access reject and server has no response...
> Any helps would be really appreciated.
> Thanks
>
> -----Original Message-----
> From: Freeradius-Users <freeradius-users-bounces+james.ngobui=
> gmail.com at lists.freeradius.org> On Behalf Of Rafael Labiak Olivastro
> Sent: September 28, 2018 1:16 PM
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: RES: Config FreeRadius (3.0.16) to work with SQL: The Guide is
> outdated - please helps
>
> Example:
>
> MariaDB [mikrotik_erp]> select * from radcheck;
>
> +----+----------+--------------------+----+----------------------------------+------+------------+------------+
> | id | UserName | Attribute | op | Value
> | obs | id_cliente | id_empresa |
>
> +----+----------+--------------------+----+----------------------------------+------+------------+------------+
> | 1 | rafael | MD5-Password | := |
> 81dc9bdb52d04dc20036dbd8313ed055 | | 743 | 1 |
> | 2 | rafael | ClearText-Password | := | 1234
> | | 743 | 1 |
>
> +----+----------+--------------------+----+----------------------------------+------+------------+------------+
> 2 rows in set (0.00 sec)
>
> MariaDB [mikrotik_erp]> select * from usergorup; ERROR 1146 (42S02): Table
> 'mikrotik_erp.usergorup' doesn't exist MariaDB [mikrotik_erp]> select *
> from radcheck;
>
> +----+----------+--------------------+----+----------------------------------+------+------------+------------+
> | id | UserName | Attribute | op | Value
> | obs | id_cliente | id_empresa |
>
> +----+----------+--------------------+----+----------------------------------+------+------------+------------+
> | 1 | rafael | MD5-Password | := |
> 81dc9bdb52d04dc20036dbd8313ed055 | | 743 | 1 |
> | 2 | rafael | ClearText-Password | := | 1234
> | | 743 | 1 |
>
> +----+----------+--------------------+----+----------------------------------+------+------------+------------+
> 2 rows in set (0.00 sec)
>
> MariaDB [mikrotik_erp]> select * from radusergroup;
> +----------+------------------------------------+----------+
> | UserName | GroupName | priority |
> +----------+------------------------------------+----------+
> | rafael | (Huawei)Acesso Residencial 2 MEGAS | 1 |
> +----------+------------------------------------+----------+
> 1 row in set (0.00 sec)
>
> MariaDB [mikrotik_erp]> select * from radgroupreply;
>
> +----+------------------------------------+------------------------------+----+-------------+-----------+----------+
> | id | GroupName | Attribute |
> op | Value | idempresa | tipo |
>
> +----+------------------------------------+------------------------------+----+-------------+-----------+----------+
> | 1 | Acesso Residencial 2 MEGAS | Mikrotik-Rate-Limit |
> := | 1024k/2048k | 9999 | MIKROTIK |
> | 4 | (Huawei)Acesso Residencial 2 MEGAS | Huawei-Qos-Profile-Name |
> := | out-1M | 9999 | HUAWEI |
> | 5 | (Huawei)Acesso Residencial 2 MEGAS | Huawei-Down-QOS-Profile-Name |
> := | in-2M | 9999 | HUAWEI |
> | 6 | (Huawei)Acesso Residencial 2 MEGAS | Huawei-Policy-Route |
> := | 192.168.0.1 | 9999 | HUAWEI |
>
> +----+------------------------------------+------------------------------+----+-------------+-----------+----------+
> 4 rows in set (0.00 sec)
>
> MariaDB [mikrotik_erp]>
>
> Enviado do Email<https://go.microsoft.com/fwlink/?LinkId=550986> para
> Windows 10
>
> ________________________________
> De: Rafael Labiak Olivastro <rolivastro at hotmail.com>
> Enviado: Friday, September 28, 2018 4:03:27 PM
> Para: FreeRadius users mailing list
> Assunto: RES: Config FreeRadius (3.0.16) to work with SQL: The Guide is
> outdated - please helps
>
>
> Other thing is that RADUSERGROUP is not the same than RADCHECK, you need a
> row with username in both tables, not just in RADCHECK.
>
> The message is explaining that the user do not exist em RADUSERGROUP. (and
> you show the user in radcheck)
>
>
>
> Enviado do Email<https://go.microsoft.com/fwlink/?LinkId=550986> para
> Windows 10
>
>
>
> ________________________________
> De: Freeradius-Users <freeradius-users-bounces+rolivastro=
> hotmail.com at lists.freeradius.org> em nome de Rafael Labiak Olivastro <
> rolivastro at hotmail.com>
> Enviado: Friday, September 28, 2018 3:58:07 PM
> Para: FreeRadius users mailing list
> Assunto: RES: Config FreeRadius (3.0.16) to work with SQL: The Guide is
> outdated - please helps
>
> Hello,
>
>
>
> Maybe if the MySQL is configured to be case sensitive the correct atribute
> is ClearText-Password unstead Cleartext-Password.
>
>
>
> It is just a guess. (note CT in ClearText)
>
>
>
> Rafael
>
>
>
> Enviado do Email<
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986&data=02%7C01%7C%7C3b7f9e7137f84c285e5408d6257cc667%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636737615161542787&sdata=f56eWLAAr9nJm%2FdLSSZ44rDh6vBIjhmHkzmr9TCCRlA%3D&reserved=0>
> para Windows 10
>
>
>
> ________________________________
> De: Freeradius-Users <freeradius-users-bounces+rolivastro=
> hotmail.com at lists.freeradius.org> em nome de James Ngo <
> james.ngobui at gmail.com>
> Enviado: Friday, September 28, 2018 2:54:48 PM
> Para: freeradius-users at lists.freeradius.org
> Assunto: Re: Config FreeRadius (3.0.16) to work with SQL: The Guide is
> outdated - please helps
>
> This is very strange then...
> when I query manually using mysql, it shows per below What could have gone
> wrong?
>
> mysql> select * from radcheck;
> +----+-----------+--------------------+----+-----------+
> | id | username | attribute | op | value |
> +----+-----------+--------------------+----+-----------+
> | 2 | testuser1 | Cleartext-Password | := | testuser1 |
> +----+-----------+--------------------+----+-----------+
> 1 row in set (0.01 sec)
>
> mysql>
>
>
> On Fri, Sep 28, 2018 at 11:27 AM Alan DeKok <aland at deployingradius.com>
> wrote:
>
> > On Sep 28, 2018, at 2:12 PM, James Ngo <james.ngobui at gmail.com> wrote:
> > >
> > > Hi Alan,
> > > You are absolutely right about the log file and I am sorry to be
> > bothering
> > > you again. I copy the content of my system log file of the issue
> > > below
> > for
> > > your reference (My other test user which use the "user" file works OK).
> >
> >
> > ...
> >
> > > (7) eap_peap: Got tunneled request
> > > (7) eap_peap: EAP-Message =
> > >
> > 0x022300411a0223003c31cc0432c71245051a187bd13655a9e34a0000000000000000
> > 721615e15d5ae620467f9822441958a6f7be55128b39b716006a616d65736e
> > > (7) eap_peap: Setting User-Name to jamesn
> > > (7) eap_peap: Sending tunneled request to inner-tunnel
> >
> > That's the MS-CHAP stuff from PEAP, inside of the TLS tunnel.
> >
> > > (7) sql: EXPAND %{User-Name}
> > > (7) sql: --> testuser1
> > > (7) sql: SQL-User-Name set to 'testuser1'
> > > rlm_sql (sql): Reserved connection (1)
> > > (7) sql: EXPAND SELECT id, username, attribute, value, op FROM
> > > radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
> > > (7) sql: --> SELECT id, username, attribute, value, op FROM radcheck
> > > WHERE username = 'testuser1' ORDER BY id
> > > (7) sql: Executing select query: SELECT id, username, attribute,
> > > value,
> > op
> > > FROM radcheck WHERE username = 'testuser1' ORDER BY id
> > > (7) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
> > > '%{SQL-User-Name}' ORDER BY priority
> > > (7) sql: --> SELECT groupname FROM radusergroup WHERE username =
> > > 'testuser1' ORDER BY priority
> > > (7) sql: Executing select query: SELECT groupname FROM radusergroup
> > > WHERE username = 'testuser1' ORDER BY priority
> > > (7) sql: User not found in any groups rlm_sql (sql): Released
> > > connection (1) Need 4 more connections to reach 10 spares rlm_sql
> > > (sql): Opening additional connection (6), 1 of 26 pending slots
> > used
> > > (7) [sql] = notfound
> >
> > That's definitive.
> >
> > The "testuser1" isn't in SQL.
> >
> > Run the queries manually to see what they return.
> >
> > Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.f
> > reeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C3b7f9e7137f84c
> > 285e5408d6257cc667%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636737
> > 615161542787&sdata=vhXLdNI79MiBC7DmtofLRgx3Rc6kcRvmE%2BiS2O8zm3c%3
> > D&reserved=0
> -
> List info/subscribe/unsubscribe? See
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C3b7f9e7137f84c285e5408d6257cc667%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636737615161542787&sdata=vhXLdNI79MiBC7DmtofLRgx3Rc6kcRvmE%2BiS2O8zm3c%3D&reserved=0
> -
> List info/subscribe/unsubscribe? See
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C3b7f9e7137f84c285e5408d6257cc667%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636737615161542787&sdata=vhXLdNI79MiBC7DmtofLRgx3Rc6kcRvmE%2BiS2O8zm3c%3D&reserved=0
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ---
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list