Yes. Post the whole debug including startup. Something is not right here. authorize is not in radiusd.conf in 2.x.
Ivan Kalik Kalik Informatika ISP Dana 16/1/2009, "Leigh Martell" <leigh.mart...@gmail.com> piše: >Post the entire debug from start to finish and as well as some tests. The >first whack of debug tells you how freeradius is parsing your config. > >Once you have that done we should be able to figure where the issue lie. > >Take Care, >Leigh > >On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi <ona...@gmail.com> wrote: > >> hi, first of all, i thank all people who are giving thier time to help. >> >> before i subscribe here and post my email, i am searching around in >> internet since a week >> and trying my best to solve it, i have learned many things,but there is one >> problem i cannot get it solved. >> i am trying to make hotspot for some building, i choosed: >> Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend >> server >> and CoovaAP on WRT54GL sending user credentials to backend server for >> authentication >> my configs (default settings not showed, lines i changed showed) >> >> freeradius radiusd.conf >> ================================================ >> . >> . all default >> . >> log { >> . >> . >> #at the end of log{ >> auth = yes >> auth_badpass = yes >> auth_goodpass = yes >> } >> >> modules { >> . >> . >> . >> $INCLUDE sql.conf #already there >> $INCLUDE sql/mysql/counter.conf #already there >> . >> . >> . >> } >> >> authorize{ >> preprocess >> chap >> mschap >> suffix >> eap >> sql #if i comment out sql and use file, it works, i recive >> Packet-Accept, with SQL see the pap warning in debug text >> pap >> } >> >> accounting{ >> detail >> sql >> } >> >> session{ >> sql >> } >> ================================================== >> clients.conf >> >> client localhost { >> ipaddr = 127.0.0.1 >> secret = clientradsec36365 >> require_message_authenticator = no >> nastype = other >> >> } >> ================================================== >> sql.conf >> sql { >> database = "mysql" >> driver = "rlm_sql_${database}" >> server = "localhost" >> login = "radius" >> password = "frsqldblogin36365" >> radius_db = "radius" >> . >> . >> . >> sqltrace = yes >> sqltracefile = ${logdir}/sqltrace.sql >> . >> . >> } >> >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >> >> /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into >> mysql "radius" database, rad...@localhost user granted all on radius.* >> >> dummy data in tables: >> >> mysql> SELECT * FROM radcheck; >> +----+----------+--------------------+----+-------+ >> | id | username | attribute | op | value | >> +----+----------+--------------------+----+-------+ >> | 1 | obaid | Cleartext-Password | := | 36365 | >> +----+----------+--------------------+----+-------+ >> 1 row in set (0.00 sec) >> >> mysql> SELECT * FROM radusergroup; >> +----------+-----------+----------+ >> | username | groupname | priority | >> +----------+-----------+----------+ >> | obaid | hotspot | 0 | >> +----------+-----------+----------+ >> 1 row in set (0.01 sec) >> >> mysql> SELECT * FROM radgroupcheck; >> +----+-----------+-----------+----+-------+ >> | id | groupname | attribute | op | value | >> +----+-----------+-----------+----+-------+ >> | 2 | hotspot | Auth-Type | := | Local | >> +----+-----------+-----------+----+-------+ >> 1 row in set (0.00 sec) >> >> >> mysql> SELECT * FROM radreply; >> +----+----------+---------------+----+-------+ >> | id | username | attribute | op | value | >> +----+----------+---------------+----+-------+ >> | 1 | obaid | Reply-Message | := | Hello | >> +----+----------+---------------+----+-------+ >> 1 row in set (0.00 sec) >> >> mysql> SELECT * FROM radgroupreply; >> +----+-----------+-----------------+----+-------------+ >> | id | groupname | attribute | op | value | >> +----+-----------+-----------------+----+-------------+ >> | 1 | hotspot | Framed-Protocol | := | PPP | >> | 2 | hotspot | Service-Type | := | Framed-User | >> +----+-----------+-----------------+----+-------------+ >> 2 rows in set (0.00 sec) >> >> @#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#$ >> >> now when running /usr/sbin/freeradius -X and send auth request with radtest >> i get >> radtest obaid 36365 localhost 1812 clientradsec36365 >> >> Sending Access-Request of id 96 to 127.0.0.1 port 1812 >> User-Name = "obaid" >> User-Password = "36365" >> NAS-IP-Address = 192.168.1.100 >> NAS-Port = 1812 >> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96, >> length=20 >> >> freeradius -X: >> >> Listening on authentication address * port 1812 >> Listening on accounting address * port 1813 >> Listening on proxy address * port 1814 >> Ready to process requests. >> rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96, >> length=57 >> User-Name = "obaid" >> User-Password = "36365" >> NAS-IP-Address = 192.168.1.100 >> NAS-Port = 1812 >> +- entering group authorize {...} >> ++[preprocess] returns ok >> ++[chap] returns noop >> ++[mschap] returns noop >> [suffix] No '@' in User-Name = "obaid", looking up realm NULL >> [suffix] No such realm "NULL" >> ++[suffix] returns noop >> [eap] No EAP-Message, not doing EAP >> ++[eap] returns noop >> ++[unix] returns notfound >> ++[files] returns noop >> ++[expiration] returns noop >> ++[logintime] returns noop >> [pap] WARNING! No "known good" password found for the user. Authentication >> may fail because of this. >> ++[pap] returns noop >> No authenticate method (Auth-Type) configuration found for the request: >> Rejecting the user >> Failed to authenticate the user. >> Login incorrect: [obaid/36365] (from client server port 1812) >> Using Post-Auth-Type Reject >> +- entering group REJECT {...} >> expand: %{User-Name} -> obaid >> attr_filter: Matched entry DEFAULT at line 11 >> ++[attr_filter.access_reject] returns updated >> Delaying reject of request 0 for 1 seconds >> Going to the next request >> Waking up in 0.9 seconds. >> Sending delayed reject for request 0 >> Sending Access-Reject of id 96 to 127.0.0.1 port 40386 >> Waking up in 4.9 seconds. >> Cleaning up request 0 ID 96 with timestamp +17 >> Ready to process requests. >> >> -========================================================= >> have you noticed that debug output doesnt talk about sql queries ???, and >> nothing about sql queries in log files. >> >> i have used ntradping to send authentication request with CHAP ticked/not >> ticked, and i get the same rad+recv:Access-Reject. >> >> but with all same config (except commenting sql and uncomment file in >> radius.conf) and radtesting it works fine. >> >> it is probably radius cant query mysql, but i used mtop (mysql monitoring >> tool) and it showes that radius queried mysql >> >> or it might be wrong dummy data... >> ----- >> >> i will appreciate it very much if some one will guide me through this. >> >> thanks for reading. >> >> Obaid Ghaznawi >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html