Hi all, it is solved now, everything was OK except some configuration mistakes, during configuration i followed freeradius.org HOWTO here: http://wiki.freeradius.org/SQL_HOWTO and this HOWTO is for versions before 2 i guess, because it says:
Edit /etc/raddb/radiusd.conf and add a line saying 'sql' to the authorize{} > section (which is towards the end of the file). The best place to put it is > just after the 'files' entry. Indeed, if you'll just be using SQL, and not > falling back to text files, you could comment out or delete the 'files' > entry altogether. > i did this in radiusd.conf, so there were duplicate authrize{}, session{}, one in radiusd.conf and other one in the include file /etc/freeradius/sql/mysql/sites-enabled/default. just removing lines of authorize{} and session{} from radiusd.conf and configuring properly at /etc/freeradiusd/sql/mysql/sites-enabled/default everything works fine now. thank you for your support Leigh Martell. and thanks to freeradius.org team. update http://wiki.freeradius.org/SQL_HOWTO so new users can follow. On Fri, Jan 16, 2009 at 5:14 PM, < freeradius-users-requ...@lists.freeradius.org> wrote: > Send Freeradius-Users mailing list submissions to > freeradius-users@lists.freeradius.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > freeradius-users-requ...@lists.freeradius.org > > You can reach the person managing the list at > freeradius-users-ow...@lists.freeradius.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. Freeradius + MySQL problem (obaid ghaznawi) > 2. Re: Freeradius + MySQL problem (Leigh Martell) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 16 Jan 2009 16:49:11 +0300 > From: obaid ghaznawi <ona...@gmail.com> > Subject: Freeradius + MySQL problem > To: freeradius-users@lists.freeradius.org > Message-ID: > <b8f8e85f0901160549y545cb350ucbf11e3af785a...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > hi, first of all, i thank all people who are giving thier time to help. > > before i subscribe here and post my email, i am searching around in > internet since a week > and trying my best to solve it, i have learned many things,but there is one > problem i cannot get it solved. > i am trying to make hotspot for some building, i choosed: > Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend > server > and CoovaAP on WRT54GL sending user credentials to backend server for > authentication > my configs (default settings not showed, lines i changed showed) > > freeradius radiusd.conf > ================================================ > . > . all default > . > log { > . > . > #at the end of log{ > auth = yes > auth_badpass = yes > auth_goodpass = yes > } > > modules { > . > . > . > $INCLUDE sql.conf #already there > $INCLUDE sql/mysql/counter.conf #already there > . > . > . > } > > authorize{ > preprocess > chap > mschap > suffix > eap > sql #if i comment out sql and use file, it works, i recive > Packet-Accept, with SQL see the pap warning in debug text > pap > } > > accounting{ > detail > sql > } > > session{ > sql > } > ================================================== > clients.conf > > client localhost { > ipaddr = 127.0.0.1 > secret = clientradsec36365 > require_message_authenticator = no > nastype = other > > } > ================================================== > sql.conf > sql { > database = "mysql" > driver = "rlm_sql_${database}" > server = "localhost" > login = "radius" > password = "frsqldblogin36365" > radius_db = "radius" > . > . > . > sqltrace = yes > sqltracefile = ${logdir}/sqltrace.sql > . > . > } > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into > mysql "radius" database, rad...@localhost user granted all on radius.* > > dummy data in tables: > > mysql> SELECT * FROM radcheck; > +----+----------+--------------------+----+-------+ > | id | username | attribute | op | value | > +----+----------+--------------------+----+-------+ > | 1 | obaid | Cleartext-Password | := | 36365 | > +----+----------+--------------------+----+-------+ > 1 row in set (0.00 sec) > > mysql> SELECT * FROM radusergroup; > +----------+-----------+----------+ > | username | groupname | priority | > +----------+-----------+----------+ > | obaid | hotspot | 0 | > +----------+-----------+----------+ > 1 row in set (0.01 sec) > > mysql> SELECT * FROM radgroupcheck; > +----+-----------+-----------+----+-------+ > | id | groupname | attribute | op | value | > +----+-----------+-----------+----+-------+ > | 2 | hotspot | Auth-Type | := | Local | > +----+-----------+-----------+----+-------+ > 1 row in set (0.00 sec) > > > mysql> SELECT * FROM radreply; > +----+----------+---------------+----+-------+ > | id | username | attribute | op | value | > +----+----------+---------------+----+-------+ > | 1 | obaid | Reply-Message | := | Hello | > +----+----------+---------------+----+-------+ > 1 row in set (0.00 sec) > > mysql> SELECT * FROM radgroupreply; > +----+-----------+-----------------+----+-------------+ > | id | groupname | attribute | op | value | > +----+-----------+-----------------+----+-------------+ > | 1 | hotspot | Framed-Protocol | := | PPP | > | 2 | hotspot | Service-Type | := | Framed-User | > +----+-----------+-----------------+----+-------------+ > 2 rows in set (0.00 sec) > > @#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#$ > > now when running /usr/sbin/freeradius -X and send auth request with radtest > i get > radtest obaid 36365 localhost 1812 clientradsec36365 > > Sending Access-Request of id 96 to 127.0.0.1 port 1812 > User-Name = "obaid" > User-Password = "36365" > NAS-IP-Address = 192.168.1.100 > NAS-Port = 1812 > rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96, > length=20 > > freeradius -X: > > Listening on authentication address * port 1812 > Listening on accounting address * port 1813 > Listening on proxy address * port 1814 > Ready to process requests. > rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96, > length=57 > User-Name = "obaid" > User-Password = "36365" > NAS-IP-Address = 192.168.1.100 > NAS-Port = 1812 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "obaid", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > ++[unix] returns notfound > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. Authentication > may fail because of this. > ++[pap] returns noop > No authenticate method (Auth-Type) configuration found for the request: > Rejecting the user > Failed to authenticate the user. > Login incorrect: [obaid/36365] (from client server port 1812) > Using Post-Auth-Type Reject > +- entering group REJECT {...} > expand: %{User-Name} -> obaid > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 0 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > Sending delayed reject for request 0 > Sending Access-Reject of id 96 to 127.0.0.1 port 40386 > Waking up in 4.9 seconds. > Cleaning up request 0 ID 96 with timestamp +17 > Ready to process requests. > > -========================================================= > have you noticed that debug output doesnt talk about sql queries ???, and > nothing about sql queries in log files. > > i have used ntradping to send authentication request with CHAP ticked/not > ticked, and i get the same rad+recv:Access-Reject. > > but with all same config (except commenting sql and uncomment file in > radius.conf) and radtesting it works fine. > > it is probably radius cant query mysql, but i used mtop (mysql monitoring > tool) and it showes that radius queried mysql > > or it might be wrong dummy data... > ----- > > i will appreciate it very much if some one will guide me through this. > > thanks for reading. > > Obaid Ghaznawi > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/ea93dfa4/attachment.html > > > > ------------------------------ > > Message: 2 > Date: Fri, 16 Jan 2009 09:13:56 -0500 > From: Leigh Martell <leigh.mart...@gmail.com> > Subject: Re: Freeradius + MySQL problem > To: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> > Message-ID: > <ab1a43830901160613i7919e76fp1cca31846bd62...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Post the entire debug from start to finish and as well as some tests. The > first whack of debug tells you how freeradius is parsing your config. > > Once you have that done we should be able to figure where the issue lie. > > Take Care, > Leigh > > On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi <ona...@gmail.com> wrote: > > > hi, first of all, i thank all people who are giving thier time to help. > > > > before i subscribe here and post my email, i am searching around in > > internet since a week > > and trying my best to solve it, i have learned many things,but there is > one > > problem i cannot get it solved. > > i am trying to make hotspot for some building, i choosed: > > Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as > backend > > server > > and CoovaAP on WRT54GL sending user credentials to backend server for > > authentication > > my configs (default settings not showed, lines i changed showed) > > > > freeradius radiusd.conf > > ================================================ > > . > > . all default > > . > > log { > > . > > . > > #at the end of log{ > > auth = yes > > auth_badpass = yes > > auth_goodpass = yes > > } > > > > modules { > > . > > . > > . > > $INCLUDE sql.conf #already there > > $INCLUDE sql/mysql/counter.conf #already there > > . > > . > > . > > } > > > > authorize{ > > preprocess > > chap > > mschap > > suffix > > eap > > sql #if i comment out sql and use file, it works, i recive > > Packet-Accept, with SQL see the pap warning in debug text > > pap > > } > > > > accounting{ > > detail > > sql > > } > > > > session{ > > sql > > } > > ================================================== > > clients.conf > > > > client localhost { > > ipaddr = 127.0.0.1 > > secret = clientradsec36365 > > require_message_authenticator = no > > nastype = other > > > > } > > ================================================== > > sql.conf > > sql { > > database = "mysql" > > driver = "rlm_sql_${database}" > > server = "localhost" > > login = "radius" > > password = "frsqldblogin36365" > > radius_db = "radius" > > . > > . > > . > > sqltrace = yes > > sqltracefile = ${logdir}/sqltrace.sql > > . > > . > > } > > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > > /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into > > mysql "radius" database, rad...@localhost user granted all on radius.* > > > > dummy data in tables: > > > > mysql> SELECT * FROM radcheck; > > +----+----------+--------------------+----+-------+ > > | id | username | attribute | op | value | > > +----+----------+--------------------+----+-------+ > > | 1 | obaid | Cleartext-Password | := | 36365 | > > +----+----------+--------------------+----+-------+ > > 1 row in set (0.00 sec) > > > > mysql> SELECT * FROM radusergroup; > > +----------+-----------+----------+ > > | username | groupname | priority | > > +----------+-----------+----------+ > > | obaid | hotspot | 0 | > > +----------+-----------+----------+ > > 1 row in set (0.01 sec) > > > > mysql> SELECT * FROM radgroupcheck; > > +----+-----------+-----------+----+-------+ > > | id | groupname | attribute | op | value | > > +----+-----------+-----------+----+-------+ > > | 2 | hotspot | Auth-Type | := | Local | > > +----+-----------+-----------+----+-------+ > > 1 row in set (0.00 sec) > > > > > > mysql> SELECT * FROM radreply; > > +----+----------+---------------+----+-------+ > > | id | username | attribute | op | value | > > +----+----------+---------------+----+-------+ > > | 1 | obaid | Reply-Message | := | Hello | > > +----+----------+---------------+----+-------+ > > 1 row in set (0.00 sec) > > > > mysql> SELECT * FROM radgroupreply; > > +----+-----------+-----------------+----+-------------+ > > | id | groupname | attribute | op | value | > > +----+-----------+-----------------+----+-------------+ > > | 1 | hotspot | Framed-Protocol | := | PPP | > > | 2 | hotspot | Service-Type | := | Framed-User | > > +----+-----------+-----------------+----+-------------+ > > 2 rows in set (0.00 sec) > > > > @#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#$ > > > > now when running /usr/sbin/freeradius -X and send auth request with > radtest > > i get > > radtest obaid 36365 localhost 1812 clientradsec36365 > > > > Sending Access-Request of id 96 to 127.0.0.1 port 1812 > > User-Name = "obaid" > > User-Password = "36365" > > NAS-IP-Address = 192.168.1.100 > > NAS-Port = 1812 > > rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96, > > length=20 > > > > freeradius -X: > > > > Listening on authentication address * port 1812 > > Listening on accounting address * port 1813 > > Listening on proxy address * port 1814 > > Ready to process requests. > > rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96, > > length=57 > > User-Name = "obaid" > > User-Password = "36365" > > NAS-IP-Address = 192.168.1.100 > > NAS-Port = 1812 > > +- entering group authorize {...} > > ++[preprocess] returns ok > > ++[chap] returns noop > > ++[mschap] returns noop > > [suffix] No '@' in User-Name = "obaid", looking up realm NULL > > [suffix] No such realm "NULL" > > ++[suffix] returns noop > > [eap] No EAP-Message, not doing EAP > > ++[eap] returns noop > > ++[unix] returns notfound > > ++[files] returns noop > > ++[expiration] returns noop > > ++[logintime] returns noop > > [pap] WARNING! No "known good" password found for the user. > Authentication > > may fail because of this. > > ++[pap] returns noop > > No authenticate method (Auth-Type) configuration found for the request: > > Rejecting the user > > Failed to authenticate the user. > > Login incorrect: [obaid/36365] (from client server port 1812) > > Using Post-Auth-Type Reject > > +- entering group REJECT {...} > > expand: %{User-Name} -> obaid > > attr_filter: Matched entry DEFAULT at line 11 > > ++[attr_filter.access_reject] returns updated > > Delaying reject of request 0 for 1 seconds > > Going to the next request > > Waking up in 0.9 seconds. > > Sending delayed reject for request 0 > > Sending Access-Reject of id 96 to 127.0.0.1 port 40386 > > Waking up in 4.9 seconds. > > Cleaning up request 0 ID 96 with timestamp +17 > > Ready to process requests. > > > > -========================================================= > > have you noticed that debug output doesnt talk about sql queries ???, and > > nothing about sql queries in log files. > > > > i have used ntradping to send authentication request with CHAP ticked/not > > ticked, and i get the same rad+recv:Access-Reject. > > > > but with all same config (except commenting sql and uncomment file in > > radius.conf) and radtesting it works fine. > > > > it is probably radius cant query mysql, but i used mtop (mysql monitoring > > tool) and it showes that radius queried mysql > > > > or it might be wrong dummy data... > > ----- > > > > i will appreciate it very much if some one will guide me through this. > > > > thanks for reading. > > > > Obaid Ghaznawi > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090116/2c9cfa4e/attachment.html > > > > ------------------------------ > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest, Vol 45, Issue 60 > ************************************************ >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html