Re: MySQL connect problem

Wed, 12 Mar 2003 13:23:51 -0800 

On Wednesday 12 March 2003 14:53, Nils Rønhovde wrote:
> Hi,
>
> Is this a rlm_my_sql problem, something else in the radius-server or a
> problem with my database:
>
> Module: Loaded SQL
>  sql: driver = "rlm_sql_mysql"
>  sql: server = "10.122.95.163"
>  sql: port = "15022"
>  sql: login = "radius"
>  sql: password = "radius"
>  sql: radius_db = "radius"
>  sql: acct_table = "radacct"
>  sql: acct_table2 = "radacct"
>  sql: authcheck_table = "radcheck"
>  sql: authreply_table = "radreply"
>  sql: groupcheck_table = "radgroupcheck"
>  sql: groupreply_table = "radgroupreply"
>  sql: usergroup_table = "usergroup"
>  sql: nas_table = "nas"
>  sql: dict_table = "dictionary"
>  sql: sqltrace = no
>  sql: sqltracefile =
> "/local/net/experimental/radius-sql/var/log/radius/sqltrace.sql"
>  sql: deletestalesessions = yes
>  sql: num_sql_socks = 5
>  sql: sql_user_name = "%{User-Name}"
> ...
> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
> linked
> rlm_sql (sql): Attempting to connect to
> [EMAIL PROTECTED]:15022/radius
> rlm_sql (sql): starting 0
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
> rlm_sql_mysql: Starting connect to MySQL server for #0
> rlm_sql_mysql: Couldn't connect socket to MySQL server
> [EMAIL PROTECTED]:radius
> rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on
> '10.122.95.163' (145)'
> rlm_sql (sql): Failed to connect DB handle #0
>
> I haven't done anything special in radiusd.conf and mysql.conf except
> enabling mysql and setting the host:port and connection parameters. The
> connection works fine when i use the mysql program itself.
>
> best regards
> Nils Rønhovde
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

Perhaps someone else answered this.

When the radius server and the mysql server are on different boxes, check the 
general and host permissions of that user in mysql.

If scale of operation permits, I run the mysql server on the same box, only 
permit localhost access with no password.

My theory is that a decent user password is preferable to publishing it in 
plain text. If it is in plain text, fancy footwork with group and user 
permissions is in order.

If they are on separate boxes, it pays to tighten up ip access (radius does 
that by default and prevent spoofing at the gateway.

Jim Tarvid



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to