On Wednesday 12 March 2003 14:53, Nils Rønhovde wrote: > Hi, > > Is this a rlm_my_sql problem, something else in the radius-server or a > problem with my database: > > Module: Loaded SQL > sql: driver = "rlm_sql_mysql" > sql: server = "10.122.95.163" > sql: port = "15022" > sql: login = "radius" > sql: password = "radius" > sql: radius_db = "radius" > sql: acct_table = "radacct" > sql: acct_table2 = "radacct" > sql: authcheck_table = "radcheck" > sql: authreply_table = "radreply" > sql: groupcheck_table = "radgroupcheck" > sql: groupreply_table = "radgroupreply" > sql: usergroup_table = "usergroup" > sql: nas_table = "nas" > sql: dict_table = "dictionary" > sql: sqltrace = no > sql: sqltracefile = > "/local/net/experimental/radius-sql/var/log/radius/sqltrace.sql" > sql: deletestalesessions = yes > sql: num_sql_socks = 5 > sql: sql_user_name = "%{User-Name}" > ... > rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and > linked > rlm_sql (sql): Attempting to connect to > [EMAIL PROTECTED]:15022/radius > rlm_sql (sql): starting 0 > rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 > rlm_sql_mysql: Starting connect to MySQL server for #0 > rlm_sql_mysql: Couldn't connect socket to MySQL server > [EMAIL PROTECTED]:radius > rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on > '10.122.95.163' (145)' > rlm_sql (sql): Failed to connect DB handle #0 > > I haven't done anything special in radiusd.conf and mysql.conf except > enabling mysql and setting the host:port and connection parameters. The > connection works fine when i use the mysql program itself. > > best regards > Nils Rønhovde > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html
Perhaps someone else answered this. When the radius server and the mysql server are on different boxes, check the general and host permissions of that user in mysql. If scale of operation permits, I run the mysql server on the same box, only permit localhost access with no password. My theory is that a decent user password is preferable to publishing it in plain text. If it is in plain text, fancy footwork with group and user permissions is in order. If they are on separate boxes, it pays to tighten up ip access (radius does that by default and prevent spoofing at the gateway. Jim Tarvid - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html