Greetings;
I've been trying to make FR auth using its SQL module (through MySQL to be
specific) and am having no luck whatsoever.
I've thoroughly consulted the frontios.com/freeradius.html
documentation and just can't seem to make this work.
I swear, if someone helps me work this out, I'll write the freakin'
FreeRADIUS SQL auth documentation myself, 'cos this is bugging me.
The relevant parts of the radiusd.conf:
authorize {
preprocess
suffix
sql
files
}
authentication {
}
preacct {
preprocess
suffix
files
}
accounting {
acct_unique
detail
unix # wtmp file
sql
radutmp
}
My SQL data:
mysql> select * from usergroup;
+----+----------+-----------+
| id | UserName | GroupName |
+----+----------+-----------+
| 2 | testuser | dynamic |
+----+----------+-----------+
mysql> select * from radcheck;
+----+----------+-----------+----+----------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+----------+
| 2 | testuser | Password | == | testpass |
+----+----------+-----------+----+----------+
mysql> select * from radgroupreply;
+----+-----------+--------------------+----+---------------------+------+
| id | GroupName | Attribute | op | Value | prio |
+----+-----------+--------------------+----+---------------------+------+
| 1 | dynamic | Auth-Type | := | Local | 0 |
| 2 | dynamic | Service-Type | = | Framed-User | 0 |
| 3 | dynamic | Framed-Protocol | = | PPP | 0 |
| 4 | dynamic | Framed-Compression | = | Van-Jacobsen-TCP-IP | 0 |
| 5 | dynamic | Framed-MTU | = | 1500 | 0 |
+----+-----------+--------------------+----+---------------------+------+
The command I'm using to test:
[jphindin@server bin]$ ./radtest testuser testpass localhost 66 *password*
Sending Access-Request of id 251 to 127.0.0.1:1812
User-Name = "testuser"
User-Password = "\017j\264\354\345\300\311\311\014\317j\215a\310cM"
NAS-IP-Address = server
NAS-Port = 66
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=251, length=20
The relevant 'radiusd -X' output:
rad_recv: Access-Request packet from host 127.0.0.1:33643, id=102, length=60
User-Name = "testuser"
User-Password = "testpass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 66
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
radius_xlat: 'testuser'
rlm_sql (sql): sql_set_user escaped user --> 'testuser'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'testuser' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'testuser' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'testuser' ORDER BY id'
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'testuser' ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupreply. GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
auth: Failed to validate the user.
Login incorrect: [testuser/testpass] (from client localhost port 66)
JP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
